Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)

It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attacker’s JavaScript code in the context of the victim’s browser. If the Calibre server is running with...

Calibre <= 7.14.0 Remote Code Execution

Unauthenticated remote code execution via Calibre’s content server in Calibre = 7.14.0. id: CVE-2024-6782 info: name: Calibre = 7.14.0 Remote Code Execution author: DhiyaneshDK severity: critical description: | Unauthenticated remote code execution via Calibre’s content server in Calibre = 7.14.0...

Calibre <= 7.14.0 Arbitrary File Read

Arbitrary file read via Calibre’s content server in Calibre = 7.14.0. id: CVE-2024-6781 info: name: Calibre = 7.14.0 Arbitrary File Read author: DhiyaneshDK severity: high description: | Arbitrary file read via Calibre’s content server in Calibre = 7.14.0. impact: | Attackers can exploit the...

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

CVE-2026-7714

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

CVE-2026-7713

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

CVE-2026-7714

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

CVE-2026-7713

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

CVE-2026-7714

CVE-2026-7714 affects crocodilestick Calibre-Web-Automated (up to version 4.0.6). The vulnerability lies in the Admin Endpoint’s cps/cwa_functions.py, where authentication is missing, enabling a remote attacker to potentially exploit it. Exploit details have been published, and the project was in...

CVE-2026-7714 crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

CVE-2026-7714

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

EUVD-2026-26865

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

CVE-2026-7714 crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

CVE-2026-7713

CVE-2026-7713 affects crocodilestick Calibre-Web-Automated up to 4.0.6. The vulnerable component is the Kobo auth-token Route, specifically the generate_auth_token function in cps/kobo_auth.py, where improper authorization may be exploited remotely. An exploit has been published and publicized. A...

CVE-2026-7713

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

CVE-2026-7713 crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorization

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

EUVD-2026-26854

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

CVE-2026-7713 crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorization

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

PT-2026-36731

Name of the Vulnerable Software and Affected Versions crocodilestick Calibre-Web-Automated versions prior to 4.0.7 Description An improper authorization issue exists in the Kobo auth-token Route component. A remote attacker can manipulate the generate auth token function within the cps/kobo auth....

Calibre-Web Automated 授权问题漏洞

Calibre-Web Automated is a self-hosted digital library management tool developed by CrocodileStick’s individual developer. Versions of Calibre-Web Automated prior to 4.0.6 contained an authorization vulnerability. This vulnerability stemmed from an unknown feature in the Admin Endpoint component’...