CVE-2026-47202

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

CVE-2026-23491

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A path traversal vulnerability exists in the getfile method of the Guest module's Get controller in InvoicePlane up to and including through 1.6.3. The vulnerability allows unauthenticated attacker...

CVE-2024-39307

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1...

CVE-2024-39307

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1...

zml.cgi.txt

-----BEGIN PGP SIGNED MESSAGE----- --blackshell security advisory no2-- --zml.cgi remote exploit-- vendor details & history zml.cgi for webservers by jero.cc http://www.jero.cc/zml/zml.html details of exploit this is a classic CGI bug which uses ../../../../ to read remote files. example:...