Kareadita Kavita
4 CVEs affecting Kareadita Kavita. Latest disclosed: 2026-05-26. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-39307 | Low | 3.5 | 2024-06-28 | Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't s… |
CVE-2026-47202 | | 2026-05-26 | Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a J… | |
CVE-2026-44776 | | 2026-05-26 | Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization… | |
CVE-2026-44775 | | 2026-05-26 | Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with [AllowAnonymous], allowing completely unaut… |