GHSA-5VPR-4FGW-F69H File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file

Summary The EPUB preview function in File Browser is vulnerable to Stored Cross-site Scripting XSS. JavaScript embedded in a crafted EPUB file executes in the victim's browser when they preview the file. Details frontend/src/views/files/Preview.vue passes allowScriptedContent: true to the...

CVE-2019-20829

An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYSwcslen in an Epub file...

CVE-2019-20824

An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYSwcslen in an Epub file...

CVE-2025-63365

SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents...

CVE-2025-63365

SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents...

EUVD-2019-11366

Malware in sbrugna...

EUVD-2017-6045

Malware in sbrugna...

EUVD-2017-6046

Malware in sbrugna...

EUVD-2017-6043

Malware in sbrugna...

EUVD-2019-11361

Malware in sbrugna...

EUVD-2018-11814

Malware in sbrugna...

Amazon Linux 2 : libgepub (ALAS-2025-2910)

The version of libgepub installed on the remote host is prior to 0.6.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2910 advisory. A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening...

CVE-2025-52880

Komga (media server for comics/manga/eBooks) has a documented XSS vulnerability in EPUB handling affecting versions 1.8.0–1.21.3. The flaw lets an attacker perform actions on the victim via crafted EPUBs, and when an admin user is targeted, it can combine with server-side commands to achieve arbi...

CVE-2025-52880 Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File

Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting XSS vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attacker...

CVE-2025-52880 Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File

Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting XSS vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attacker...

CVE-2025-6196

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like...

CVE-2025-6196 Libgepub: integer overflow in libgepub's epub archive handling

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like...

CVE-2025-6196

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like...

CVE-2025-6196 Libgepub: integer overflow in libgepub's epub archive handling

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like...

CVE-2025-6196

CVE-2025-6196 affects libgepub, a library used to read EPUB files. The underlying issue is an integer/size calculation problem in the EPUB archive handling, which can lead to oversized memory allocations and crash the application. Documented impact includes potential denial of service when parsin...