29 matches found
CVE-2025-7404
CVE-2025-7404 concerns Calibre Web (and Autocaliweb) with a blind OS command injection due to improper neutralization of input in OS commands. Affected: Calibre Web 0.6.24; Autocaliweb 0.7.0–before 0.7.1. Root cause: insufficient sanitization of user input enabling remote command execution via th...
CVE-2025-7404 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - Blind C
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...
CVE-2025-6998
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
CVE-2025-6998 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - ReDoS
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
CVE-2025-6998 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - ReDoS
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
CVE-2025-6998 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - ReDoS
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
CVE-2025-6998
CVE-2025-6998 describes a Regular Expression Denial of Service (ReDoS) in the strip_whitespaces() function of cps/string_helper.py used by Calibre Web and Autocaliweb. The vulnerability is triggered by a specially crafted username during login, causing catastrophic backtracking and potential deni...
PT-2025-30699
Name of the Vulnerable Software and Affected Versions Calibre Web versions 0.6.24 Autocaliweb versions 0.7.0 through 0.7.0 Description Calibre Web and Autocaliweb are susceptible to a blind OS command injection issue due to improper neutralization of special elements used in OS commands. This...
PT-2025-30695
Name of the Vulnerable Software and Affected Versions Calibre Web version 0.6.24 Nicolette Autocaliweb version 0.7.0 Description A Regular Expression Denial of Service ReDoS issue exists in the strip whitespaces function within cps/string helper.py. Unauthenticated remote attackers can exploit th...