CVE-2025-62614

BookLore (versions 1.8.1 and earlier) has an authentication bypass in the BookMediaController, allowing unauthenticated users to access and download book covers, thumbnails, and full PDF/CBX content. The root cause is missing access-control annotations on multiple media endpoints and the CoverJwt...

EUVD-2021-28964

Malicious code in bioql PyPI...

PT-2024-20240 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: A SQL injection vulnerability exists, allowing an attacker to pass specially crafted offset, limit, and sort parameters to perform SQL injection via the "/novel/bookContent/list" API...

Tad Book3 访问控制错误漏洞

Tad Book3 is an XOOPS module by the individual developer of Tad in Taiwan, China, which can be used to write books, handouts, and as a notepad. Tad Book3 suffers from an authorization issue vulnerability that stems from the Tad Book3 Edit Book page not performing authentication. An attacker can u...

Cross site scripting

Cross-site scripting XSS vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title...

CVE-2008-6170

Cross-site scripting XSS vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title...