Lucene search
K

271 matches found

CNNVD
CNNVD
added 2025/07/24 12:0 a.m.5 views

Calibre-Web 操作系统命令注入漏洞

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database by Jan B, a personal developer. An operating system command injection vulnerability exists in Calibre-Web version 0.6.24, which stems from improper neutralization of special elements and could...

9.8CVSS7.1AI score0.02729EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/24 12:0 a.m.6 views

PT-2025-30695

Name of the Vulnerable Software and Affected Versions Calibre Web version 0.6.24 Nicolette Autocaliweb version 0.7.0 Description A Regular Expression Denial of Service ReDoS issue exists in the strip whitespaces function within cps/string helper.py. Unauthenticated remote attackers can exploit th...

8.7CVSS6AI score0.00828EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/23 3:5 a.m.6 views

CVE-2023-2106

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20...

9.8CVSS6.7AI score0.00742EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:50 p.m.7 views

CVE-2022-30765

Calibre-Web before 0.6.18 allows user table SQL Injection...

9.8CVSS7.5AI score0.01118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:15 p.m.15 views

CVE-2022-0406

Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16...

4.3CVSS6.8AI score0.00653EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:5 p.m.8 views

CVE-2022-0405

Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16...

4.3CVSS6.8AI score0.00747EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.10 views

CVE-2021-25965

In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery CSRF. By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application...

8.8CVSS6.7AI score0.0051EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:29 p.m.7 views

CVE-2021-3986

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...

4.3CVSS6.3AI score0.00358EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:29 p.m.5 views

CVE-2021-3988

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

6.1CVSS6.2AI score0.00356EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 p.m.17 views

CVE-2021-3987

An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...

5.4CVSS6.6AI score0.00334EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/06 4:22 a.m.10 views

CVE-2021-4170

calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

7.3CVSS6.6AI score0.00802EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/06 4:21 a.m.17 views

CVE-2021-4171

calibre-web is vulnerable to Business Logic Errors...

9.8CVSS6.7AI score0.01375EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/06 4:20 a.m.7 views

CVE-2021-4164

calibre-web is vulnerable to Cross-Site Request Forgery CSRF...

8.8CVSS6.7AI score0.0054EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 9:17 p.m.8 views

CVE-2022-2525

Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20...

9.8CVSS6.7AI score0.00762EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:28 p.m.13 views

CVE-2022-0939

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.18...

9.9CVSS6.8AI score0.01042EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:18 p.m.10 views

CVE-2022-0990

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.18...

9.3CVSS6.8AI score0.01316EPSS
Exploits1References1
OSV
OSV
added 2024/11/15 12:31 p.m.9 views

GHSA-FJ5V-W2JP-WQVJ Improper Access Control in janeczku/calibre-web

An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...

5.4CVSS4.5AI score0.00334EPSS
Exploits1References4
OSV
OSV
added 2024/11/15 12:31 p.m.9 views

GHSA-R735-9GC6-2HVQ Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

6.1CVSS5.7AI score0.00356EPSS
Exploits1References4
OSV
OSV
added 2024/11/15 12:31 p.m.12 views

GHSA-M982-H4F8-G4HF Generation of Error Message Containing Sensitive Information in janeczku/calibre-web

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...

4.3CVSS4.2AI score0.00358EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/11/15 12:31 p.m.14 views

Generation of Error Message Containing Sensitive Information in janeczku/calibre-web

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...

4.3CVSS6.3AI score0.00358EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder