Lucene search

Calibre-web Security Vulnerabilities

cve

CVE-2023-2106

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to...

9.8CVSS

7.6AI Score

0.002EPSS

2023-04-15 02:15 PM

200

cve

CVE-2022-2525

Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to...

9.8CVSS

9.5AI Score

0.002EPSS

2023-04-15 01:15 PM

228

cve

CVE-2022-30765

Calibre-Web before 0.6.18 allows user table SQL...

9.8CVSS

9.6AI Score

0.002EPSS

2022-05-16 02:15 AM

cve

CVE-2022-0990

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to...

9.1CVSS

9.3AI Score

0.002EPSS

2022-04-04 06:15 PM

cve

CVE-2022-0939

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to...

9.9CVSS

9.5AI Score

0.001EPSS

2022-04-04 10:15 AM

cve

CVE-2022-0406

Improper Authorization in GitHub repository janeczku/calibre-web prior to...

4.3CVSS

4.6AI Score

0.001EPSS

2022-04-03 07:15 PM

cve

CVE-2022-0405

Improper Access Control in GitHub repository janeczku/calibre-web prior to...

4.3CVSS

4.6AI Score

0.001EPSS

2022-04-03 07:15 PM

cve

CVE-2022-0766

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to...

9.8CVSS

9.4AI Score

0.002EPSS

2022-03-07 07:15 AM

cve

CVE-2022-0767

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to...

9.9CVSS

9.4AI Score

0.001EPSS

2022-03-07 07:15 AM

105

cve

CVE-2022-0339

Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to...

9.8CVSS

9.3AI Score

0.002EPSS

2022-01-30 02:15 PM

cve

CVE-2022-0273

Improper Access Control in Pypi calibreweb prior to...

6.5CVSS

6.3AI Score

0.001EPSS

2022-01-30 02:15 PM

cve

CVE-2022-0352

Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to...

6.1CVSS

5.9AI Score

0.001EPSS

2022-01-28 10:15 PM

cve

CVE-2021-4164

calibre-web is vulnerable to Cross-Site Request Forgery...

8.8CVSS

8.7AI Score

0.001EPSS

2022-01-17 01:15 PM

cve

CVE-2021-4171

calibre-web is vulnerable to Business Logic...

9.8CVSS

9.4AI Score

0.002EPSS

2022-01-17 10:15 AM

cve

CVE-2021-4170

calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site...

5.4CVSS

5.3AI Score

0.001EPSS

2022-01-16 09:15 PM

cve

CVE-2021-25965

In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the...

8.8CVSS

8.6AI Score

0.001EPSS

2021-11-16 10:15 AM

cve

CVE-2021-25964

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be...

5.4CVSS

5.1AI Score

0.001EPSS

2021-10-04 03:15 PM

cve

CVE-2020-12627

Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret...

9.8CVSS

9.6AI Score

0.002EPSS

2020-05-04 03:15 AM