Filtered by vendor Go-shiori
Subscriptions
Filtered by product Shiori
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-61463 | 1 Go-shiori | 1 Shiori | 2026-07-13 | 8.8 High |
| Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to administrator by submitting a crafted PATCH request with owner: true, then re-authenticate to obtain an admin JWT token granting full system access. | ||||
| CVE-2025-60538 | 1 Go-shiori | 1 Shiori | 2026-01-22 | 6.5 Medium |
| A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack. | ||||
Page 1 of 1.