Lucene search
K

271 matches found

NVD
NVD
added 2026/05/03 11:16 p.m.11 views

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS0.00219EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 11:0 p.m.51 views

CVE-2026-7709 janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS0.00219EPSS
Exploits0References4
CVE
CVE
added 2026/05/03 11:0 p.m.22 views

CVE-2026-7709

CVE-2026-7709 affects janeczku Calibre-Web up to 0.6.26. The vulnerable element is the function generate_auth_token in cps/kobo_auth.py of the Endpoint component. The issue stems from manipulation of the argument user_id , causing improper authorization. The vulnerability can be exploited remotel...

6.5CVSS6.3AI score0.00219EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/03 11:0 p.m.5 views

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS6.3AI score0.00219EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/03 11:0 p.m.8 views

EUVD-2026-26849

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS6.3AI score0.00219EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 11:0 p.m.5 views

CVE-2026-7709 janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS6.3AI score0.00219EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.10 views

Calibre-Web 安全漏洞

Calibre-Web is a web application developed by Jan B, designed for browsing, reading, and downloading e-books from the Calibre database. Calibre-Web versions 0.6.26 and earlier contain security vulnerabilities. These vulnerabilities stem from the generateauthtoken function in the Endpoint...

6.5CVSS6.6AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.6 views

PT-2026-36726

Name of the Vulnerable Software and Affected Versions janeczku Calibre-Web versions prior to 0.6.27 Description Improper authorization occurs in the Endpoint component due to the manipulation of the user id argument within the generate auth token function located in the cps/kobo auth.py file. Thi...

6.5CVSS6.5AI score0.00219EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.7 views

CVE-2020-12627

Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX RXHH!jmNLWX/,?RT' hardcoded secret key...

9.8CVSS7.3AI score0.01368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.6 views

CVE-2024-39123

In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...

5.4CVSS5.8AI score0.22894EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.7 views

CVE-2022-0766

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

9.8CVSS6.8AI score0.01284EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.7 views

CVE-2022-0767

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

9.9CVSS6.7AI score0.00962EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/11 4:23 a.m.6 views

CVE-2025-65858

A flaw was found in Calibre-Web. This vulnerability allows for client-side script execution via a Stored Cross-Site Scripting XSS vulnerability in the 'username' field during user creation...

3.5CVSS5AI score0.00174EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/02 3:30 p.m.4 views

EUVD-2025-200242

Calibre-Web Has a Stored Cross-Site Scripting XSS Vulnerability via the 'username' Field During User Creation...

3.5CVSS5AI score0.00174EPSS
Exploits1References3
OSV
OSV
added 2025/12/02 3:30 p.m.2 views

GHSA-PC5G-J9J7-P4Q3 Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation

A Stored Cross-Site Scripting XSS vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed...

4.8CVSS5.1AI score0.00174EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/12/02 3:30 p.m.9 views

Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation

A Stored Cross-Site Scripting XSS vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed...

3.5CVSS5.2AI score0.00174EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/12/02 2:16 p.m.9 views

CVE-2025-65858

A Stored Cross-Site Scripting XSS vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed...

3.5CVSS0.00174EPSS
Exploits1References1
OSV
OSV
added 2025/12/02 12:0 a.m.6 views

CVE-2025-65858

A Stored Cross-Site Scripting XSS vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed...

3.5CVSS5.1AI score0.00174EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.6 views

Calibre-Web 安全漏洞

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database by Jan B Individual Developer. A security vulnerability exists in Calibre-Web version v0.6.25, which stems from malicious JavaScript not being filtered in the username field during user creatio...

3.5CVSS5.7AI score0.00174EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/02 12:0 a.m.1 views

CVE-2025-65858

A Stored Cross-Site Scripting XSS vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed...

4.8AI score0.00174EPSS
Exploits1References1
Rows per page
Query Builder