CVE-2026-27963 Audiobookshelf has Stored XSS in Tooltip.vue via Audiobook Metadata

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification...

CVE-2026-27973 Audiobookshelf has Stored XSS in ItemSearchCard.vue via Audiobook Metadata (Search Results on Mobile App)

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library...

EUVD-2023-51732

Malicious code in bioql PyPI...

MAL-2024-8090 Malicious code in sweet-ruin-immortals-after-dark-16-by-kresley-cole-on-audiobook-full-volumes- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6ddd212ce30f7b7db65579b6f4be56f10137c104c7ab63553566ccd90a1ff3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-51697

Audiobookshelf (self-hosted audiobook/podcast server) is affected by an unauthenticated blind server-side request (SSRF) vulnerability in podcastUtils.js for versions prior to 2.7.0. The issue allows an attacker to trigger server-side requests without authentication; the vulnerability is addresse...

CVE-2023-47624 Audiobookshelf Arbitrary File Read Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user regardless of their permissions may be able to read files from the local file system due to a path traversal in the /hls endpoint. This issue may lead to Information Disclosure. As of time of...

MAL-2023-709 Malicious code in pucked-off-pucked-5-by-helena-hunting-on-audiobook-new-chapters- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71b979714a561c451bcc357192abbc2aee479ab7c13fc449c8e9364bd1c70aeb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-543 Malicious code in jumping-jude-made-marian-3-by-lucy-lennox-on-audiobook-full-chapters- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdd52c0bd4e2b63be3c81d5153e45ee41cb11916d25a1bce529214a8d10b923a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-746 Malicious code in river-of-love-audiobook-the-bradens-at-peaceful-harbor-3-the-bradens-15-love-in-bloom-34-by-melissa- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f52860f6d056fb8f0e643076dd2ac0cd59a481d3d6b32eb033453f716f1e4eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-872 Malicious code in the-idea-of-you-by-robinne-lee-on-audiobook-full-volumes- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d91700b0da8e1a53e1564ef80ca21fc0058d6bb18cfea0245dbd1bcf42c6062f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-282 Malicious code in dow-load-the-idea-of-you-by-robinne-lee-on-audiobook-full-volumes- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4655dddb557aca9471834ace6307c0d91fb43b7a462099e53022715193df82f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in the-gentlemans-guide-to-vice-and-virtue-montague-siblings-1-by-mackenzi-lee-on-audiobook-full-editio (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a04567c96218d4fa30b96578309722b990fb9cba9cb51403c90ef82657d02dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-871 Malicious code in the-hate-u-give-the-hate-u-give-1-by-angie-thomas-on-audiobook-full-chapters- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 840f4d2c1d1c454d2d92eaf384d1f627a4d7955a6d44fcb817eee1f14cce35fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-210 Malicious code in coyote-america-a-natural-and-supernatural-history-by-dan-flores-on-audiobook-new-version- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea10dc5f5d9a551fd232299c8b9a024a12aa3ffe0dfde7bf48530ec0851bde51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Schneier on Security Audiobook Sale

Im not sure why, but Audiobooks.com is offering the audiobook version of Schneier on Security at 50% off until January 17. EDITED TO ADD: The audiobook of We Have Root is 50% off until January 27 if you use this link...

File upload vulnerability in gxlcms audiobook builder system

Gxlcms audiobook system is an audiobook system developed by thinkPHP, with an integrated collection center in the background. Gxlcms audiobook building system has a file upload vulnerability that can be exploited by attackers to gain server privileges...

Click Here to Kill Everybody Available as an Audiobook

Click Here to Kill Everybody is finally available on Audible.com. I have ten download codes. Not having anything better to do with them, here they are: 1. HADQSSFC98WCQ 2. LDLMC6AJLBDJY 3. YWSY8CXYMQNJ6 4. JWM7SGNUXX7DB 5. UPKAJ6MHB2LEF 6. M85YN36UR926H 7. 9ULE4NFAH2SLF 8. GU7A79GSDCXAT 9...

Gxlcms Audiobook System v1.0 SQL Injection Vulnerability in Frontend getrecomm Function

Gxlcms audiobook system is a simple to use, provide listening to the network resource station to provide free collection nodes. A SQL injection vulnerability exists in the frontend getrecomm function in Gxlcms Audiobook System v1.0 bulid 20170714, due to the system failing to strictly filter...

Gxlcms audiobook system v1.0 frontend CommAction.class.php has SQL injection vulnerability

Gxlcms audiobook system is a simple to use, provide listening to the network resource station to provide free collection nodes. Gxlcms Audiobook System v1.0 bulid 20170714 SQL injection vulnerability exists in CommAction.class.php in the foreground due to the system's failure to strictly filter...

Stored Cross-Site Scripting Vulnerability in Click Story App

Clicker Stories is an audiobook app for children. A stored cross-site scripting vulnerability exists in the Clicker Stories app. Allows an attacker to insert malicious scripts into input points where the vulnerability exists, to steal users' cookies or to realize phishing attacks...