CVE-2026-0615

The Librarian supervisord status page can be retrieved by the webfetch tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions...

CVE-2018-1000139

I, Librarian version 4.8 and earlier contains a Cross Site Scripting XSS vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user...

EUVD-2018-1859

Malware in sbrugna...

I, Librarian 代码问题漏洞

I, Librarian is a library management program by Martin Kucej, a personal developer. A security vulnerability exists in I, Librarian version 5.11.1 and earlier, which stems from improper input validation in classes/security/validation.php and is vulnerable to server-side request forgery attacks...

PT-2024-34154

Name of the Vulnerable Software and Affected Versions: I, Librarian versions prior to 5.11.2 Description: The issue arises from a broken logic in handling Supplemental Files, allowing unsafe files with Javascript to be executed within the application context. An attacker can exploit this by...

PT-2024-29651 · I · I

Name of the Vulnerable Software and Affected Versions: I, Librarian versions prior to 5.11.1 Description: The issue arises from the lack of validation or sanitation of PDF notes displayed on the Item Summary page. An attacker can exploit this by inserting a malicious payload into the PDF notes,...

PT-2019-12307

Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the export files parameter in the "export.php" API endpoint. Recommendations For I,...

CVE-2018-1000139

I, Librarian version 4.8 and earlier contains a Cross Site Scripting XSS vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user...