271 matches found
Calibre-Web 操作系统命令注入漏洞
Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database by Jan B, a personal developer. An operating system command injection vulnerability exists in Calibre-Web version 0.6.24, which stems from improper neutralization of special elements and could...
PT-2025-30695
Name of the Vulnerable Software and Affected Versions Calibre Web version 0.6.24 Nicolette Autocaliweb version 0.7.0 Description A Regular Expression Denial of Service ReDoS issue exists in the strip whitespaces function within cps/string helper.py. Unauthenticated remote attackers can exploit th...
CVE-2023-2106
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20...
CVE-2022-30765
Calibre-Web before 0.6.18 allows user table SQL Injection...
CVE-2022-0406
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16...
CVE-2022-0405
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16...
CVE-2021-25965
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery CSRF. By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application...
CVE-2021-3986
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...
CVE-2021-3988
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2021-3987
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...
CVE-2021-4170
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-4171
calibre-web is vulnerable to Business Logic Errors...
CVE-2021-4164
calibre-web is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2022-2525
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20...
CVE-2022-0939
Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.18...
CVE-2022-0990
Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.18...
GHSA-FJ5V-W2JP-WQVJ Improper Access Control in janeczku/calibre-web
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...
GHSA-R735-9GC6-2HVQ Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
GHSA-M982-H4F8-G4HF Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...