909 matches found
Slims9 Bulian 9.4.2 - SQL Injection
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. id: CVE-2021-45793 info: name: Slims9 Bulian 9.4.2 - SQL Injection author: nblirwn severity: high description: | Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data c...
[SECURITY] Fedora 43 Update: calibre-9.11.0-1.fc43
Calibre is meant to be a complete e-library solution. It includes library management, format conversion, news feeds to ebook conversion as well as e-book reader sync features. Calibre is primarily a ebook cataloging program. It manages your ebook collection for you. It is designed around the...
[SECURITY] Fedora 44 Update: calibre-9.11.0-1.fc44
Calibre is meant to be a complete e-library solution. It includes library management, format conversion, news feeds to ebook conversion as well as e-book reader sync features. Calibre is primarily a ebook cataloging program. It manages your ebook collection for you. It is designed around the...
CVE-2026-12582
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...
CVE-2026-12582
CVE-2026-12582 affects the Library Management System WordPress plugin where versions prior to 3.5.8 fail to sanitize and escape a user-supplied parameter used in a SQL statement. This permits unauthenticated attackers to perform SQL injection and exfiltrate data from the database, including user ...
CVE-2026-12582 Library Management System < 3.5.8 - Unauthenticated SQL Injection via book_id
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...
PYSEC-2026-307 calibre-web is vulnerable to Business Logic Errors
calibre-web is vulnerable to Business Logic Errors...
CVE-2026-50765
A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...
CVE-2026-56034
Unauthenticated SQL Injection in Library Management System = 3.5.7 versions...
CVE-2026-56034
The CVE concerns the WordPress Library Management System plugin (versions
EUVD-2026-39697
Unauthenticated SQL Injection in Library Management System = 3.5.7 versions...
CVE-2026-56034 WordPress Library Management System plugin <= 3.5.7 - SQL Injection vulnerability
Unauthenticated SQL Injection in Library Management System = 3.5.7 versions...
PT-2026-52981
Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the patron restriction type administration page. An authenticated remote attacker with administrator privileges can inject...
CVE-2026-50767
A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...
CVE-2026-50767
A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...
CVE-2026-50765
A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...
PT-2026-52750
Name of the Vulnerable Software and Affected Versions Library Management System versions prior to 3.5.8 Description An unauthenticated SQL Injection exists in the system, allowing an attacker to execute arbitrary SQL commands without providing credentials. Recommendations Update to a version newe...
WordPress Library Management System plugin <= 3.5.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Benedictus Jovan aillesim/eneri in WordPress Plugin Library Management System versions = 3.5.7...
CVE-2026-6000
A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database Backup File Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The...
CVE-2026-42052
Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...