Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Calibre-web Project Subscribe
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30765 1 Calibre-web Project 1 Calibre-web 2022-05-24 7.5 HIGH 9.8 CRITICAL
Calibre-Web before 0.6.18 allows user table SQL Injection.
CVE-2022-0990 1 Calibre-web Project 1 Calibre-web 2022-04-12 6.4 MEDIUM 9.1 CRITICAL
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
CVE-2022-0939 1 Calibre-web Project 1 Calibre-web 2022-04-11 7.5 HIGH 9.9 CRITICAL
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
CVE-2022-0405 1 Calibre-web Project 1 Calibre-web 2022-04-11 4.0 MEDIUM 4.3 MEDIUM
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVE-2022-0406 1 Calibre-web Project 1 Calibre-web 2022-04-09 4.0 MEDIUM 4.3 MEDIUM
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVE-2022-0339 1 Calibre-web Project 1 Calibre-web 2022-03-17 7.5 HIGH 9.8 CRITICAL
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
CVE-2022-0273 1 Calibre-web Project 1 Calibre-web 2022-03-17 4.0 MEDIUM 6.5 MEDIUM
Improper Access Control in Pypi calibreweb prior to 0.6.16.
CVE-2022-0352 1 Calibre-web Project 1 Calibre-web 2022-03-15 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
CVE-2022-0767 1 Calibre-web Project 1 Calibre-web 2022-03-14 7.5 HIGH 9.9 CRITICAL
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVE-2022-0766 1 Calibre-web Project 1 Calibre-web 2022-03-11 7.5 HIGH 9.8 CRITICAL
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVE-2021-4171 1 Calibre-web Project 1 Calibre-web 2022-01-24 7.5 HIGH 9.8 CRITICAL
calibre-web is vulnerable to Business Logic Errors
CVE-2021-4164 1 Calibre-web Project 1 Calibre-web 2022-01-21 6.8 MEDIUM 8.8 HIGH
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4170 1 Calibre-web Project 1 Calibre-web 2022-01-21 3.5 LOW 5.4 MEDIUM
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-25965 1 Calibre-web Project 1 Calibre-web 2021-11-17 6.8 MEDIUM 8.8 HIGH
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.
CVE-2021-25964 1 Calibre-web Project 1 Calibre-web 2021-10-08 3.5 LOW 5.4 MEDIUM
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.
CVE-2020-12627 1 Calibre-web Project 1 Calibre-web 2021-07-21 7.5 HIGH 9.8 CRITICAL
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.