Lucene search
K

273 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-307 calibre-web is vulnerable to Business Logic Errors

calibre-web is vulnerable to Business Logic Errors...

9.8CVSS7.1AI score0.01375EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-305 SQL injection in calibreweb

Calibre-Web before 0.6.18 allows user table SQL Injection...

9.8CVSS5.8AI score0.01118EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.12 views

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS6.2AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7714

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

6.9CVSS6.1AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/05 8:21 p.m.8 views

CVE-2026-7713

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

6.5CVSS6.2AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 1:16 a.m.15 views

CVE-2026-7714

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

6.9CVSS0.00456EPSS
Exploits0References7
NVD
NVD
added 2026/05/04 12:16 a.m.6 views

CVE-2026-7713

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

6.5CVSS0.00272EPSS
Exploits0References9
OSV
OSV
added 2026/05/04 12:15 a.m.3 views

CVE-2026-7714 crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

6.9CVSS6.1AI score0.00456EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/04 12:15 a.m.4 views

CVE-2026-7714 crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

6.9CVSS6.2AI score0.00456EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:15 a.m.4 views

CVE-2026-7714

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

6.9CVSS6.2AI score0.00456EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/05/04 12:15 a.m.10 views

EUVD-2026-26865

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

6.9CVSS6.2AI score0.00456EPSS
Exploits0References7
CVE
CVE
added 2026/05/04 12:15 a.m.24 views

CVE-2026-7714

CVE-2026-7714 affects crocodilestick Calibre-Web-Automated (up to version 4.0.6). The vulnerability lies in the Admin Endpoint’s cps/cwa_functions.py, where authentication is missing, enabling a remote attacker to potentially exploit it. Exploit details have been published, and the project was in...

6.9CVSS6.2AI score0.00456EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/04 12:15 a.m.40 views

CVE-2026-7714 crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

6.9CVSS0.00456EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/04 12:0 a.m.9 views

EUVD-2026-26854

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

6.5CVSS6.2AI score0.00272EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/04 12:0 a.m.38 views

CVE-2026-7713 crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorization

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

6.5CVSS0.00272EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/04 12:0 a.m.6 views

CVE-2026-7713 crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorization

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

6.5CVSS6.2AI score0.00272EPSS
Exploits0References9
CVE
CVE
added 2026/05/04 12:0 a.m.24 views

CVE-2026-7713

CVE-2026-7713 affects crocodilestick Calibre-Web-Automated up to 4.0.6. The vulnerable component is the Kobo auth-token Route, specifically the generate_auth_token function in cps/kobo_auth.py, where improper authorization may be exploited remotely. An exploit has been published and publicized. A...

6.5CVSS6.2AI score0.00272EPSS
Exploits0References9
OSV
OSV
added 2026/05/04 12:0 a.m.3 views

CVE-2026-7713 crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorization

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

5.3CVSS6.1AI score0.00272EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.16 views

PT-2026-36731

Name of the Vulnerable Software and Affected Versions crocodilestick Calibre-Web-Automated versions prior to 4.0.7 Description An improper authorization issue exists in the Kobo auth-token Route component. A remote attacker can manipulate the generate auth token function within the cps/kobo auth....

6.5CVSS6.6AI score0.00272EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.17 views

PT-2026-36742

Name of the Vulnerable Software and Affected Versions crocodilestick Calibre-Web-Automated versions prior to 4.0.7 Description A flaw in the Admin Endpoint component, specifically within the cps/cwa functions.py file, allows for missing authentication. This issue enables a remote attacker to bypa...

6.9CVSS6.6AI score0.00456EPSS
Exploits0References9
Rows per page
Query Builder