📦 Calibre Web
by Janeczku
🔍 What is Calibre Web?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2023-2106 is a critical authentication vulnerability in Calibre-Web that allows attackers to bypass weak password requirements and gain unauthorized access. This affects all users running Calibre-...
CVE-2022-2525 is an authentication brute-force vulnerability in Calibre-Web that allows attackers to make unlimited login attempts without rate limiting. This affects all users running Calibre-Web ver...
CVE-2022-30765 is a SQL injection vulnerability in Calibre-Web's user table functionality that allows attackers to execute arbitrary SQL commands. This affects all Calibre-Web instances running versio...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Calibre-Web, an open-source web application for managing eBook collections. The vulnerability allows attackers to make unauthor...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Calibre-Web, an open-source web application for managing eBook collections. Attackers can exploit this vulnerability to make th...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Calibre-Web, an open-source web application for managing eBook collections. Attackers can exploit this to make the server send ...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in calibre-web versions prior to 0.6.16. Attackers can exploit this to make the server send arbitrary HTTP requests to internal sy...
Calibre-web versions 0.6.0 to 0.6.13 contain a CSRF vulnerability that allows attackers to create admin accounts with attacker-controlled credentials. This affects all users running vulnerable version...
This vulnerability allows users without proper permissions to create public shelves in Calibre-Web, potentially exposing sensitive book collections. It affects all Calibre-Web instances where user acc...
A stored cross-site scripting vulnerability in Calibre-Web allows attackers to inject malicious JavaScript into username fields during user creation. The payload executes when administrators view the ...