9.8CVSS
7.6AI Score
0.002EPSS
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to...
9.8CVSS
9.5AI Score
0.002EPSS
9.8CVSS
9.6AI Score
0.002EPSS
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to...
9.1CVSS
9.3AI Score
0.002EPSS
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to...
9.9CVSS
9.5AI Score
0.001EPSS
4.3CVSS
4.6AI Score
0.001EPSS
4.3CVSS
4.6AI Score
0.001EPSS
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to...
9.8CVSS
9.4AI Score
0.002EPSS
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to...
9.9CVSS
9.4AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.002EPSS
6.5CVSS
6.3AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site...
5.4CVSS
5.3AI Score
0.001EPSS
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the...
8.8CVSS
8.6AI Score
0.001EPSS
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be...
5.4CVSS
5.1AI Score
0.001EPSS
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret...
9.8CVSS
9.6AI Score
0.002EPSS