| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-56366 | 0.00 | — | — | Jul 11, 2026 | ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion. | |||
| CVE-2026-56373 | 0.00 | — | — | Jul 11, 2026 | ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory. | |||
| CVE-2026-55404 | 0.00 | — | — | Jul 11, 2026 | yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpage_url or filename metadata without sufficient… | |||
| CVE-2026-59831 | 0.00 | — | — | Jul 11, 2026 | GitHub CLI (gh) is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without… | |||
| CVE-2026-58501 | 0.00 | — | — | Jul 11, 2026 | Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS… | |||
| CVE-2026-50810 | 0.00 | — | — | Jul 11, 2026 | A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service | |||
| CVE-2026-54590 | 0.00 | — | — | Jul 11, 2026 | AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig._set_tokens that blocks /, , and .. before… | |||
| CVE-2026-52747 | mod | 0.38 | 5.8 | — | Jul 10, 2026 | ModSecurity: ModSecurity: Security rule bypass due to incorrect handling of line breaks in form data | ||
| CVE-2026-52761 | mod | 0.38 | 5.8 | — | Jul 10, 2026 | ModSecurity: ModSecurity: Web Application Firewall rules bypass due to incorrect UTF-8 to Unicode transformation | ||
| CVE-2026-15146 | mod | 0.38 | 5.9 | — | Jul 10, 2026 | wget: Wget: Server-Side Request Forgery via FTP PASV response IP address validation bypass | ||
| CVE-2026-53450 | imp | 0.41 | 7.4 | — | Jul 10, 2026 | coturn: Coturn: Localhost services exposed via IPv4-mapped IPv6 address bypass | ||
| CVE-2026-53449 | mod | 0.32 | 6.0 | — | Jul 10, 2026 | coturn: Coturn: Arbitrary file overwrite via CLI command | ||
| CVE-2026-53448 | imp | 0.40 | 7.2 | — | Jul 10, 2026 | coturn: Coturn: Arbitrary code execution via SQL injection in HTTPS admin panel | ||
| CVE-2026-59180 | low | 0.13 | 3.1 | — | Jul 10, 2026 | apprise: Apprise: Information disclosure via HTTP redirect following with credential resending | ||
| CVE-2026-56288 | 0.00 | — | 0.00 | Jul 10, 2026 | GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to… | |||
| CVE-2026-56289 | 0.00 | — | 0.00 | Jul 10, 2026 | GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively… | |||
| CVE-2026-59856 | 0.00 | — | 0.00 | Jul 10, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() pattern that is run via win_execute() without… | |||
| CVE-2026-59858 | 0.00 | — | 0.00 | Jul 10, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute.… | |||
| CVE-2026-59857 | 0.00 | — | 0.00 | Jul 10, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen <… | |||
| CVE-2026-59946 | 0.00 | — | 0.00 | Jul 10, 2026 | Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a… | |||
| CVE-2026-59948 | 0.00 | — | 0.00 | Jul 10, 2026 | Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and… | |||
| CVE-2026-59947 | 0.00 | — | 0.00 | Jul 10, 2026 | Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in… | |||
| CVE-2026-15185 | 0.00 | — | 0.00 | Jul 10, 2026 | A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of the file /src/media_tools/vobsub.c of the component MP4Box. Executing a manipulation of the argument num_langs can lead to out-of-bounds read. The attack needs to be launched locally.… | |||
| CVE-2026-59935 | 0.00 | — | 0.00 | Jul 10, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting… | |||
| CVE-2026-15143 | imp | 0.60 | 9.3 | — | Jul 10, 2026 | guardrails-detectors: guardrails-detectors: SSRF and local file read via user-supplied XML Schema (xml-with-schema:) | ||
| CVE-2026-15378 | imp | 0.60 | 9.3 | 0.00 | Jul 10, 2026 | guardrails-detectors: guardrails-detectors: SSRF and local file read via user-supplied XML Schema (xml-with-schema:) | ||
| CVE-2026-53363 | 0.00 | — | — | Jul 10, 2026 | kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() | |||
| CVE-2026-15308 | imp | 0.42 | 7.5 | 0.01 | Jul 9, 2026 | python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations | ||
| CVE-2026-58459 | imp | 0.44 | 7.8 | 0.01 | Jul 9, 2026 | gpsd: gpsd: Command Injection via GPS device subtype allows arbitrary code execution | ||
| CVE-2026-15187 | mod | 0.28 | 4.3 | 0.00 | Jul 9, 2026 | enquirer: Enquirer: Prototype pollution vulnerability allows remote attackers to modify object attributes | ||
| CVE-2026-12590 | mod | 0.31 | 5.9 | 0.00 | Jul 9, 2026 | body-parser: body-parser: Denial of Service via invalid limit option | ||
| CVE-2026-49147 | 0.00 | — | 0.00 | Jul 9, 2026 | App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged.… | |||
| CVE-2026-49146 | 0.00 | — | 0.00 | Jul 9, 2026 | App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any… | |||
| CVE-2026-49145 | 0.00 | — | 0.00 | Jul 9, 2026 | App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does… | |||
| CVE-2026-50811 | 0.00 | — | 0.00 | Jul 9, 2026 | An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates | |||
| CVE-2026-59890 | 0.00 | — | 0.00 | Jul 9, 2026 | setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file… | |||
| CVE-2026-58384 | 0.00 | — | 0.00 | Jul 9, 2026 | A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial… | |||
| CVE-2026-59883 | 0.00 | — | 0.00 | Jul 9, 2026 | Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain() applied ordinary suffix matching to domains such as 192.168.0.1,… | |||
| CVE-2026-53511 | 0.00 | — | 0.00 | Jul 9, 2026 | calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in… | |||
| CVE-2026-56374 | 0.00 | — | 0.00 | Jul 9, 2026 | ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or… | |||
| CVE-2026-56362 | 0.00 | — | 0.00 | Jul 9, 2026 | ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a… | |||
| CVE-2026-59929 | 0.00 | — | 0.00 | Jul 9, 2026 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:,… | |||
| CVE-2026-59922 | 0.00 | — | 0.00 | Jul 9, 2026 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for… | |||
| CVE-2026-59930 | 0.00 | — | 0.00 | Jul 9, 2026 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id="toc_N" content to collide with… | |||
| CVE-2026-59928 | 0.00 | — | 0.00 | Jul 9, 2026 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/block_parser.py and the ref_links environment dictionary handling, allowing… | |||
| CVE-2026-59927 | 0.00 | — | 0.00 | Jul 9, 2026 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded… | |||
| CVE-2026-59926 | 0.00 | — | 0.00 | Jul 9, 2026 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and… | |||
| CVE-2026-59925 | 0.00 | — | 0.00 | Jul 9, 2026 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser scans forward for matching… | |||
| CVE-2026-59924 | 0.00 | — | 0.00 | Jul 9, 2026 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files… | |||
| CVE-2026-59923 | 0.00 | — | 0.00 | Jul 9, 2026 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe_url() does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue… |
- CVE-2026-56366Jul 11, 2026risk 0.00cvss —epss —
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.
- CVE-2026-56373Jul 11, 2026risk 0.00cvss —epss —
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory.
- CVE-2026-55404Jul 11, 2026risk 0.00cvss —epss —
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpage_url or filename metadata without sufficient…
- CVE-2026-59831Jul 11, 2026risk 0.00cvss —epss —
GitHub CLI (gh) is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without…
- CVE-2026-58501Jul 11, 2026risk 0.00cvss —epss —
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS…
- CVE-2026-50810Jul 11, 2026risk 0.00cvss —epss —
A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service
- CVE-2026-54590Jul 11, 2026risk 0.00cvss —epss —
AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig._set_tokens that blocks /, , and .. before…
- risk 0.38cvss 5.8epss —
ModSecurity: ModSecurity: Security rule bypass due to incorrect handling of line breaks in form data
- risk 0.38cvss 5.8epss —
ModSecurity: ModSecurity: Web Application Firewall rules bypass due to incorrect UTF-8 to Unicode transformation
- risk 0.38cvss 5.9epss —
wget: Wget: Server-Side Request Forgery via FTP PASV response IP address validation bypass
- risk 0.41cvss 7.4epss —
coturn: Coturn: Localhost services exposed via IPv4-mapped IPv6 address bypass
- risk 0.32cvss 6.0epss —
coturn: Coturn: Arbitrary file overwrite via CLI command
- risk 0.40cvss 7.2epss —
coturn: Coturn: Arbitrary code execution via SQL injection in HTTPS admin panel
- risk 0.13cvss 3.1epss —
apprise: Apprise: Information disclosure via HTTP redirect following with credential resending
- CVE-2026-56288Jul 10, 2026risk 0.00cvss —epss 0.00
GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to…
- CVE-2026-56289Jul 10, 2026risk 0.00cvss —epss 0.00
GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively…
- CVE-2026-59856Jul 10, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() pattern that is run via win_execute() without…
- CVE-2026-59858Jul 10, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute.…
- CVE-2026-59857Jul 10, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen <…
- CVE-2026-59946Jul 10, 2026risk 0.00cvss —epss 0.00
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a…
- CVE-2026-59948Jul 10, 2026risk 0.00cvss —epss 0.00
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and…
- CVE-2026-59947Jul 10, 2026risk 0.00cvss —epss 0.00
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in…
- CVE-2026-15185Jul 10, 2026risk 0.00cvss —epss 0.00
A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of the file /src/media_tools/vobsub.c of the component MP4Box. Executing a manipulation of the argument num_langs can lead to out-of-bounds read. The attack needs to be launched locally.…
- CVE-2026-59935Jul 10, 2026risk 0.00cvss —epss 0.00
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting…
- risk 0.60cvss 9.3epss —
guardrails-detectors: guardrails-detectors: SSRF and local file read via user-supplied XML Schema (xml-with-schema:)
- risk 0.60cvss 9.3epss 0.00
guardrails-detectors: guardrails-detectors: SSRF and local file read via user-supplied XML Schema (xml-with-schema:)
- CVE-2026-53363Jul 10, 2026risk 0.00cvss —epss —
kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags()
- risk 0.42cvss 7.5epss 0.01
python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations
- risk 0.44cvss 7.8epss 0.01
gpsd: gpsd: Command Injection via GPS device subtype allows arbitrary code execution
- risk 0.28cvss 4.3epss 0.00
enquirer: Enquirer: Prototype pollution vulnerability allows remote attackers to modify object attributes
- risk 0.31cvss 5.9epss 0.00
body-parser: body-parser: Denial of Service via invalid limit option
- CVE-2026-49147Jul 9, 2026risk 0.00cvss —epss 0.00
App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged.…
- CVE-2026-49146Jul 9, 2026risk 0.00cvss —epss 0.00
App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any…
- CVE-2026-49145Jul 9, 2026risk 0.00cvss —epss 0.00
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does…
- CVE-2026-50811Jul 9, 2026risk 0.00cvss —epss 0.00
An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates
- CVE-2026-59890Jul 9, 2026risk 0.00cvss —epss 0.00
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file…
- CVE-2026-58384Jul 9, 2026risk 0.00cvss —epss 0.00
A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial…
- CVE-2026-59883Jul 9, 2026risk 0.00cvss —epss 0.00
Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain() applied ordinary suffix matching to domains such as 192.168.0.1,…
- CVE-2026-53511Jul 9, 2026risk 0.00cvss —epss 0.00
calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in…
- CVE-2026-56374Jul 9, 2026risk 0.00cvss —epss 0.00
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or…
- CVE-2026-56362Jul 9, 2026risk 0.00cvss —epss 0.00
ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a…
- CVE-2026-59929Jul 9, 2026risk 0.00cvss —epss 0.00
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:,…
- CVE-2026-59922Jul 9, 2026risk 0.00cvss —epss 0.00
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for…
- CVE-2026-59930Jul 9, 2026risk 0.00cvss —epss 0.00
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id="toc_N" content to collide with…
- CVE-2026-59928Jul 9, 2026risk 0.00cvss —epss 0.00
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/block_parser.py and the ref_links environment dictionary handling, allowing…
- CVE-2026-59927Jul 9, 2026risk 0.00cvss —epss 0.00
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded…
- CVE-2026-59926Jul 9, 2026risk 0.00cvss —epss 0.00
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and…
- CVE-2026-59925Jul 9, 2026risk 0.00cvss —epss 0.00
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser scans forward for matching…
- CVE-2026-59924Jul 9, 2026risk 0.00cvss —epss 0.00
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files…
- CVE-2026-59923Jul 9, 2026risk 0.00cvss —epss 0.00
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe_url() does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue…