CVE-2025-7404 — CVSS 9.8 (critical): Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows…
CVE-2021-25965 — CVSS 8.8 (high): In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a…
CVE-2021-3988 — CVSS 6.1 (medium): A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability…
CVE-2021-25964 — CVSS 5.4 (medium): In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit…
CVE-2021-4170 — CVSS 5.4 (medium): calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-39123 — CVSS 5.4 (medium): In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper…
CVE-2021-3986 — CVSS 4.3 (medium): A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue…
CVE-2021-3987 — CVSS 4.3 (medium): An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions…
CVE-2025-65858 — CVSS 3.5 (low): A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the…