Lucene search
+L

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/26 5:30 p.m.13 views

CVE-2026-47202 Kavita: Pre-Auth Account Takeover

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

9.3CVSS5.7AI score0.00171EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 5:29 p.m.5 views

CVE-2026-44776 Kavita: IDOR in /api/Download/*

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

5.9CVSS5.8AI score0.0025EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/26 5:29 p.m.12 views

CVE-2026-44776 Kavita: IDOR in /api/Download/*

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

5.9CVSS5.7AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/11 12:0 a.m.9 views

kavita 安全漏洞

kavita is a fast, feature-rich, cross-platform reading server. A security vulnerability exists in versions prior to kavita 0.6.0.3 that stems from improperly restricted authentication attempts...

9.4CVSS7.4AI score0.009EPSS
Exploits1References3
Rows per page
Query Builder