CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

CVE-2025-55165

CVE-2025-55165 affects Autocaliweb prior to v0.8.3. The issue arises from the debug pack serialization (to_dict()) not filtering sensitive fields, potentially exposing API keys. Patch released in v0.8.3; mitigation is upgrade to 0.8.3+ or apply vendor workaround if available. Other connected sour...

CVE-2024-48892

A relative path traversal vulnerability CWE-23 in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack...

CVE-2024-48892

A relative path traversal vulnerability CWE-23 in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack...

CVE-2024-48892

FortiSOAR (Fortinet) is affected by a relative path traversal (CWE-23) that can allow an authenticated attacker to read arbitrary files by uploading a malicious solution pack. Affected versions include 7.3 all versions, 7.4 all versions, 7.5.0–7.5.1, and 7.6.0. The underlying issue is exposed via...

CVE-2024-48892

A relative path traversal vulnerability CWE-23 in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack...

CVE-2024-48892

A relative path traversal vulnerability CWE-23 in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack...

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a stored cross-site scripting vulnerability (CVE-2025-36000)

Summary IBM WebSphere Application Server Liberty is affected by a stored cross-site scripting vulnerability with the adminCenter-1.0 feature enabled. Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerable to stored cross-site scripting. This...

Description of the security update for SharePoint Server 2016: August 12, 2025 (KB5002771)

Description of the security update for SharePoint Server 2016: August 12, 2025 KB5002771 Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, Microsoft SharePoint elevation of privilege vulnerability, Microsoft Word remote code execution vulnerability,...

Description of the security update for SharePoint Server 2019 Language Pack: August 12, 2025 (KB5002770)

Description of the security update for SharePoint Server 2019 Language Pack: August 12, 2025 KB5002770 Summary This security update resolves a Microsoft Word remote code execution vulnerability and Microsoft Word information disclosure vulnerability. To learn more about the vulnerabilities, see t...

KB5063761 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: August 12, 2025

KB5063761 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: August 12, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...

Description of the security update for SharePoint Server 2016 Language Pack: August 12, 2025 (KB5002772)

Description of the security update for SharePoint Server 2016 Language Pack: August 12, 2025 KB5002772 Summary This security update resolves a Microsoft Word remote code execution vulnerability and Microsoft Word information disclosure vulnerability. To learn more about the vulnerabilities, see t...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2025:0292-1 Rating: important References: 1247661 1247664 Cross-References: CVE-2025-54874 CVE-2025-8576 CVE-2025-8577 CVE-2025-8578 CVE-2025-8579 CVE-2025-8580 CVE-2025-8581 CVE-2025-8582 CVE-2025-8583 CVSS score...

PT-2025-32872 · Fortinet · Fortisoar

Name of the Vulnerable Software and Affected Versions: FortiSOAR versions 7.3 all versions FortiSOAR versions 7.4 all versions FortiSOAR versions 7.5.0 through 7.5.1 FortiSOAR version 7.6.0 Description: A relative path traversal vulnerability may allow an authenticated attacker to read arbitrary...

Microsoft SQL Server 访问控制错误漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is used under the Microsoft Windows system. An access control error vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products...

Linux Distros Unpatched Vulnerability : CVE-2019-9811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that...

PT-2025-32945 · Unknown · Autocaliweb

Name of the Vulnerable Software and Affected Versions: Autocaliweb versions prior to 0.8.3 Description: Autocaliweb is a web application that provides an interface for browsing, reading, and downloading eBooks using a Calibre database. The debug pack generated by Autocaliweb can expose sensitive...

WordPress Element Pack Elementor Addons and Templates Cross-Site Scripting Vulnerability

WordPress Element Pack Elementor Addons and Templates is a powerful plugin for Elementor designed to simplify website design. A cross-site scripting vulnerability exists in WordPress Element Pack Elementor Addons and Templates, which stems from insufficient input cleanup and output escaping of th...

Huawei EulerOS: Security Advisory for iputils (EulerOS-SA-2025-1930)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2022-50168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf, x86: fix freeing of not-finalized bpfprogpack syzbot reported a few issues with...