Filtered by vendor Janeczku
Subscribe
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0767 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | 7.5 HIGH | 9.9 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | |||||
| CVE-2021-25965 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | 6.8 MEDIUM | 8.8 HIGH |
| In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. | |||||