|
601
|
9.8 |
CRITICAL
Network
janeczku
|
calibre-web
|
calibre-web is vulnerable to Business Logic Errors
Update
|
NVD-CWE-noinfo
|
CVE-2021-4171
|
2024-11-19 22:55 |
2022-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
602
|
5.4 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-4170
|
2024-11-19 22:55 |
2022-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
8.8 |
HIGH
Network
|
janeczku
|
calibre-web
|
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin pri…
Update
|
CWE-352
Origin Validation Error
|
CVE-2021-25965
|
2024-11-19 22:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
5.4 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the descrip…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-25964
|
2024-11-19 22:55 |
2021-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
605
|
9.8 |
CRITICAL
Network
janeczku
|
calibre-web
|
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-12627
|
2024-11-19 22:55 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
606
|
9.3 |
CRITICAL
Network
apple
|
macos
iphone_os
ipados
tvos
visionos
safari
|
An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A …
Update
|
NVD-CWE-noinfo
|
CVE-2024-44206
|
2024-11-19 22:47 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
607
|
- |
|
-
|
-
|
The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.216. This …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9830
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.243. This …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9777
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
- |
|
-
|
-
|
SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php.
New
|
-
|
CVE-2024-52675
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11224
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
