CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

CVE-2025-55165

CVE-2025-55165 affects Autocaliweb prior to v0.8.3. The issue arises from the debug pack serialization (to_dict()) not filtering sensitive fields, potentially exposing API keys. Patch released in v0.8.3; mitigation is upgrade to 0.8.3+ or apply vendor workaround if available. Other connected sour...

PT-2025-32945 · Unknown · Autocaliweb

Name of the Vulnerable Software and Affected Versions: Autocaliweb versions prior to 0.8.3 Description: Autocaliweb is a web application that provides an interface for browsing, reading, and downloading eBooks using a Calibre database. The debug pack generated by Autocaliweb can expose sensitive...

BIT-LIBPYTHON-2024-6923 Email header injection due to unquoted newlines

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...

CVE-2025-54638

Issue of inconsistent read/write serialization in the ad module. Impact: Successful exploitation of this vulnerability may affect the availability of the ad service...

CVE-2025-55136

ERC aka Emotion Recognition in Conversation through 0.3 has insecure deserialization via a serialized object because jsonpickle is used...

Linux Distros Unpatched Vulnerability : CVE-2018-5344

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lorelease serialization, which allows attackers to cause a denial of service lockacquire...

CVE-2025-54638

Issue of inconsistent read/write serialization in the ad module. Impact: Successful exploitation of this vulnerability may affect the availability of the ad service...

CVE-2025-54638

Issue of inconsistent read/write serialization in the ad module. Impact: Successful exploitation of this vulnerability may affect the availability of the ad service...

CVE-2025-54638

CVE-2025-54638 involves an inconsistent read/write serialization issue in the ad module. Connected sources indicate potential impact on availability of the ad service; CVSS details point to a local attack with low privileges required and no user interaction. No concrete fix/version is stated in t...

PT-2025-32080 · Unknown · Aod Module

Name of the Vulnerable Software and Affected Versions: ad module affected versions not specified Description: An inconsistent read/write serialization issue exists in the ad module. Successful exploitation of this issue may affect the availability of the ad service. Recommendations: At the moment...

CLSA-2025-1753799434 java-1.8.0-openjdk: Fix of 19 CVEs

Security fixes from OpenJDK 8u452-b09: - CVE-2025-21587: JSSE issue allowing remote access or modification of sensitive data - CVE-2025-30698: allows limited data access and partial DoS via untrusted Java code - CVE-2025-30691: allows limited data access via untrusted code using compiler APIs -...

Exploit for Cross-site Scripting in Atmail

AWAE/OSWE Preparation for coming AWAE Training. Work in progress... Atmail Mail Server Appliance: from XSS to RCE 6.4 CVE-2012-2593 - https://www.exploit-db.com/exploits/20009 - https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py ATutor Authentication Bypass and RCE 2.2.1 CVE-2016-25...

AZL-65157 CVE-2025-7067 affecting package hdf5 for versions less than 1.14.6-1

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...

HDF5 安全漏洞

HDF5 is a library of HDF open source . HDF5 1.14.6 version of the existence of a buffer overflow vulnerability , the vulnerability stems from the file src/H5FScache.c function H5FSsinfoserializenodecb fails to correctly validate the length of the input data size , a remote attacker can be used to...

Insecure Deserialization

com.typesafe.akka, akka-cluster-metrics is vulnerable to insecure deserialization. The vulnerability is due to the use of Java serialization without proper validation or safeguards in the akka-cluster-metrics module, which allows an attacker to exploit the deserialization process to execute...

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

GHSA-358M-FQ53-HP87 akka-cluster-metrics uses Java serialization for cluster metrics

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

akka-cluster-metrics uses Java serialization for cluster metrics

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...