Vulnerabilities > Janeczku > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-15 CVE-2023-2106 Unspecified vulnerability in Janeczku Calibre-Web
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
network
low complexity
janeczku
critical
 9.8
9.8
2023-04-15 CVE-2022-2525 Unspecified vulnerability in Janeczku Calibre-Web
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
network
low complexity
janeczku
critical
 9.8
9.8
2022-05-16 CVE-2022-30765 SQL Injection vulnerability in Janeczku Calibre-Web 0.6.18
Calibre-Web before 0.6.18 allows user table SQL Injection.
network
low complexity
janeczku CWE-89
critical
 9.8
9.8
2022-04-04 CVE-2022-0990 Unspecified vulnerability in Janeczku Calibre-Web
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
network
low complexity
janeczku
critical
 9.1
9.1
2022-04-04 CVE-2022-0939 Unspecified vulnerability in Janeczku Calibre-Web
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
network
low complexity
janeczku
critical
 9.9
9.9
2022-03-07 CVE-2022-0766 Server-Side Request Forgery (SSRF) vulnerability in Janeczku Calibre-Web
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
network
low complexity
janeczku CWE-918
critical
 9.8
9.8
2022-03-07 CVE-2022-0767 Server-Side Request Forgery (SSRF) vulnerability in Janeczku Calibre-Web
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
network
low complexity
janeczku CWE-918
critical
 9.9
9.9
2022-01-30 CVE-2022-0339 Unspecified vulnerability in Janeczku Calibre-Web
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
network
low complexity
janeczku
critical
 9.8
9.8
2022-01-17 CVE-2021-4171 Unspecified vulnerability in Janeczku Calibre-Web
calibre-web is vulnerable to Business Logic Errors
network
low complexity
janeczku
critical
 9.8
9.8
2020-05-04 CVE-2020-12627 Use of Hard-coded Credentials vulnerability in Janeczku Calibre-Web 0.6.6
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.
network
low complexity
janeczku CWE-798
critical
 9.8
9.8