10 matches found
CVE-2022-2525
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
CVE-2023-2106
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
CVE-2022-0767
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVE-2022-0766
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVE-2022-30765
Calibre-Web before 0.6.18 allows user table SQL Injection.
CVE-2022-0339
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
CVE-2022-0939
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
CVE-2021-4171
calibre-web is vulnerable to Business Logic Errors
CVE-2022-0990
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
CVE-2020-12627
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.