29 matches found
EUVD-2025-22540
Malicious code in bioql PyPI...
EUVD-2025-24496
Malicious code in bioql PyPI...
EUVD-2025-22546
Malicious code in bioql PyPI...
CVE-2025-55165
Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...
CVE-2025-55165
Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...
CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`
Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...
CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`
Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...
CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`
Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...
CVE-2025-55165
CVE-2025-55165 affects Autocaliweb prior to v0.8.3. The issue arises from the debug pack serialization (to_dict()) not filtering sensitive fields, potentially exposing API keys. Patch released in v0.8.3; mitigation is upgrade to 0.8.3+ or apply vendor workaround if available. Other connected sour...
Autocaliweb 信息泄露漏洞
Autocaliweb is a web management platform by Phoenix Paulina Schmid Individual Developer. An information disclosure vulnerability exists in Autocaliweb versions prior to 0.8.3, which stems from a debug package that exposes sensitive configuration data, potentially leading to API key disclosure...
PT-2025-32945 · Unknown · Autocaliweb
Name of the Vulnerable Software and Affected Versions: Autocaliweb versions prior to 0.8.3 Description: Autocaliweb is a web application that provides an interface for browsing, reading, and downloading eBooks using a Calibre database. The debug pack generated by Autocaliweb can expose sensitive...
CVE-2025-7404
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...
CVE-2025-6998
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
GHSA-2G7M-PH9X-7Q7M Calibre Web and Autocaliweb have a ReDoS vulnerability
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
GHSA-QC4J-V7H6-XR5H Calibre Web and Autocaliweb have OS Command Injection vulnerability
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection. This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...
Calibre Web and Autocaliweb have a ReDoS vulnerability
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
Calibre Web and Autocaliweb have OS Command Injection vulnerability
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection. This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...
CVE-2025-7404
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...
CVE-2025-7404
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...
CVE-2025-7404 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - Blind C
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...