Filtered by vendor Janeczku
Subscriptions
Filtered by product Calibre-web
Subscriptions
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6998 | 1 Janeczku | 1 Calibre-web | 2025-07-25 | N/A |
| ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1. | ||||
| CVE-2024-39123 | 1 Janeczku | 1 Calibre-web | 2025-07-09 | 5.4 Medium |
| In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization. | ||||
| CVE-2021-25964 | 1 Janeczku | 1 Calibre-web | 2025-04-30 | 5.4 Medium |
| In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered. | ||||
| CVE-2021-25965 | 1 Janeczku | 1 Calibre-web | 2025-04-30 | 8.8 High |
| In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. | ||||
| CVE-2023-2106 | 1 Janeczku | 1 Calibre-web | 2025-02-06 | 9.8 Critical |
| Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. | ||||
| CVE-2022-2525 | 1 Janeczku | 1 Calibre-web | 2025-02-06 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20. | ||||
| CVE-2022-30765 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| Calibre-Web before 0.6.18 allows user table SQL Injection. | ||||
| CVE-2022-0990 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | ||||
| CVE-2022-0939 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.9 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | ||||
| CVE-2022-0767 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.9 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | ||||
| CVE-2022-0766 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | ||||
| CVE-2022-0406 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 4.3 Medium |
| Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. | ||||
| CVE-2022-0405 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 4.3 Medium |
| Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. | ||||
| CVE-2022-0352 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. | ||||
| CVE-2022-0339 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | ||||
| CVE-2022-0273 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 6.5 Medium |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | ||||
| CVE-2021-4171 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| calibre-web is vulnerable to Business Logic Errors | ||||
| CVE-2021-4170 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 5.4 Medium |
| calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4164 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 8.8 High |
| calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2020-12627 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key. | ||||