Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.11 views

CVE-2026-47202

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

9.3CVSS5.7AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 6:16 p.m.21 views

CVE-2026-44776

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

5.9CVSS0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:30 p.m.8 views

CVE-2026-47202

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

9.3CVSS5.7AI score0.00171EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/26 5:30 p.m.14 views

EUVD-2026-31938

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

9.3CVSS5.7AI score0.00171EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 5:29 p.m.19 views

EUVD-2026-31937

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

5.9CVSS5.7AI score0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:27 p.m.9 views

CVE-2026-44775

Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with AllowAnonymous, allowing completely unauthenticated access to page images from any chapter in any library. While the endpoint accepts an apiKey parameter, it is never validated. Sin...

6.9CVSS5.7AI score0.00281EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/26 5:27 p.m.37 views

CVE-2026-44775

Kavita CVE-2026-44775 affects the Kavita reader server prior to v0.9.0, where ReaderController.GetImage allowed unauthenticated access to page images across libraries because the endpoint was decorated with [AllowAnonymous] and the apiKey parameter was never validated. An unauthenticated actor co...

6.9CVSS5.7AI score0.00281EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 5:27 p.m.14 views

EUVD-2026-31936

Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with AllowAnonymous, allowing completely unauthenticated access to page images from any chapter in any library. While the endpoint accepts an apiKey parameter, it is never validated. Sin...

6.9CVSS5.7AI score0.00281EPSS
Exploits0References2
Rows per page
Query Builder