CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2106 – Weak Password Requirements in janeczku/calibre-web
https://notcve.org/view.php?id=CVE-2023-2106
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. • https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781 • CWE-521: Weak Password Requirements •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2525 – Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web
https://notcve.org/view.php?id=CVE-2022-2525
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20. • https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30765
https://notcve.org/view.php?id=CVE-2022-30765
Calibre-Web before 0.6.18 allows user table SQL Injection. Calibre-Web versiones anteriores a 0.6.18, permite una inyección SQL en la tabla de usuario • https://github.com/janeczku/calibre-web/blob/master/SECURITY.md https://github.com/janeczku/calibre-web/releases/tag/0.6.18 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0990 – Server-Side Request Forgery (SSRF) in janeczku/calibre-web
https://notcve.org/view.php?id=CVE-2022-0990
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el repositorio de GitHub janeczku/calibre-web versiones anteriores a 0.6.18 • https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367 https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0939 – Server-Side Request Forgery (SSRF) in janeczku/calibre-web
https://notcve.org/view.php?id=CVE-2022-0939
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el repositorio de GitHub janeczku/calibre-web versiones anteriores a 0.6.18 • https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367 https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4 • CWE-918: Server-Side Request Forgery (SSRF) •