Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 2025/08/12 9:15 p.m.18 views

CVE-2025-55165

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

8.2CVSS0.00177EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/08/12 8:52 p.m.23 views

CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

8.2CVSS0.00177EPSS
Exploits0References3
CVE
CVEadded 2025/08/12 8:52 p.m.25 views

CVE-2025-55165

CVE-2025-55165 affects Autocaliweb prior to v0.8.3. The issue arises from the debug pack serialization (to_dict()) not filtering sensitive fields, potentially exposing API keys. Patch released in v0.8.3; mitigation is upgrade to 0.8.3+ or apply vendor workaround if available. Other connected sour...

8.2CVSS7AI score0.00177EPSS
Exploits0References3
OSV
OSVadded 2025/08/12 8:52 p.m.6 views

CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

8.2CVSS6.7AI score0.00177EPSS
Exploits0References5
Snyk
Snykadded 2025/07/24 9:42 p.m.3 views

Command Injection

Overview calibreweb is a Web app for browsing, reading and downloading eBooks stored in a Calibre database. Affected versions of this package are vulnerable to Command Injection via the /admin/ajaxconfig endpoint that fails to properly neutralise special elements used in operating system commands...

9.8CVSS7AI score0.02729EPSS
Exploits1References2
CNVD
CNVDadded 2022/01/17 12:0 a.m.14 views

Calibre-Web Cross-Site Scripting Vulnerability (CNVD-2022-21489)

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database.A vulnerability exists in Calibre-Web cross-site scripting that is vulnerable to incorrect neutralization of input during web page generation. No details of the vulnerability are currently...

7.3CVSS1.9AI score0.00802EPSS
Exploits1References1
Rows per page
Query Builder