CVE-2026-44776

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

ECHO-D755-4269-58CC

Bulletin has no description...

CGA-R6XQ-884F-3MGW

Bulletin has no description...

CVE-2018-25204

CVE-2018-25204 affects Library CMS 1.0. The vulnerability is an SQL injection in the admin login workflow: the username parameter is injectable, enabling unauthenticated attackers to bypass authentication via boolean-based blind SQL payloads in POST requests to the admin login endpoint, thereby g...

Code injection

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source...

Library CMS Cross-Site Scripting Vulnerability

Library CMS is a library category display platform. A cross-site scripting vulnerability exists in KAASoft Library CMS version 2.1.1. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via the 'title' parameter...