Lucene search
K

29 matches found

CVE
CVE
added 2025/07/24 8:45 p.m.24 views

CVE-2025-7404

CVE-2025-7404 concerns Calibre Web (and Autocaliweb) with a blind OS command injection due to improper neutralization of input in OS commands. Affected: Calibre Web 0.6.24; Autocaliweb 0.7.0–before 0.7.1. Root cause: insufficient sanitization of user input enabling remote command execution via th...

9.8CVSS6.4AI score0.02729EPSS
Exploits1References3Affected Software2
Vulnrichment
Vulnrichment
added 2025/07/24 8:45 p.m.4 views

CVE-2025-7404 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - Blind C

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...

5.9CVSS6.7AI score0.02729EPSS
Exploits1References3
NVD
NVD
added 2025/07/24 8:15 p.m.8 views

CVE-2025-6998

ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...

8.7CVSS0.00828EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/24 7:39 p.m.13 views

CVE-2025-6998 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - ReDoS

ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...

8.7CVSS0.00828EPSS
Exploits0References3
OSV
OSV
added 2025/07/24 7:39 p.m.5 views

CVE-2025-6998 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - ReDoS

ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...

8.7CVSS6AI score0.00828EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/24 7:39 p.m.4 views

CVE-2025-6998 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - ReDoS

ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...

8.7CVSS6.7AI score0.00828EPSS
Exploits0References3
CVE
CVE
added 2025/07/24 7:39 p.m.32 views

CVE-2025-6998

CVE-2025-6998 describes a Regular Expression Denial of Service (ReDoS) in the strip_whitespaces() function of cps/string_helper.py used by Calibre Web and Autocaliweb. The vulnerability is triggered by a specially crafted username during login, causing catastrophic backtracking and potential deni...

8.7CVSS6.3AI score0.00828EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/24 12:0 a.m.11 views

PT-2025-30699

Name of the Vulnerable Software and Affected Versions Calibre Web versions 0.6.24 Autocaliweb versions 0.7.0 through 0.7.0 Description Calibre Web and Autocaliweb are susceptible to a blind OS command injection issue due to improper neutralization of special elements used in OS commands. This...

9.8CVSS6.1AI score0.02729EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/07/24 12:0 a.m.7 views

PT-2025-30695

Name of the Vulnerable Software and Affected Versions Calibre Web version 0.6.24 Nicolette Autocaliweb version 0.7.0 Description A Regular Expression Denial of Service ReDoS issue exists in the strip whitespaces function within cps/string helper.py. Unauthenticated remote attackers can exploit th...

8.7CVSS6AI score0.00828EPSS
Exploits0References12
Rows per page
Query Builder