Calibre-ebook

Calibre

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2026-30853

Exploit
  • EPSS 0.01%
  • Veröffentlicht 13.03.2026 19:00:09
  • Zuletzt bearbeitet 18.03.2026 14:01:22

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arb...

5.3

CVE-2026-27824

Exploit
  • EPSS 0.02%
  • Veröffentlicht 27.02.2026 19:46:07
  • Zuletzt bearbeitet 04.03.2026 16:39:05

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both `remote_addr` and the `X-Forwa...

6.4

CVE-2026-27810

Exploit
  • EPSS 0.05%
  • Veröffentlicht 27.02.2026 19:44:39
  • Zuletzt bearbeitet 04.03.2026 16:40:42

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitra...

8.8

CVE-2026-26065

Exploit
  • EPSS 0.04%
  • Veröffentlicht 20.02.2026 02:16:53
  • Zuletzt bearbeitet 20.02.2026 16:45:18

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file ...

8.8

CVE-2026-26064

Exploit
  • EPSS 0.07%
  • Veröffentlicht 20.02.2026 02:16:52
  • Zuletzt bearbeitet 20.02.2026 16:53:32

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows...

7.8

CVE-2026-25731

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.02.2026 20:14:35
  • Zuletzt bearbeitet 17.02.2026 21:18:56

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the -...

8.6

CVE-2026-25635

Exploit
  • EPSS 0.08%
  • Veröffentlicht 06.02.2026 20:10:29
  • Zuletzt bearbeitet 17.02.2026 21:27:17

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote C...

7.8

CVE-2026-25636

Exploit
  • EPSS 0.02%
  • Veröffentlicht 06.02.2026 20:07:40
  • Zuletzt bearbeitet 17.02.2026 21:23:11

calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves Ciph...

7.1

CVE-2024-7009

Exploit
  • EPSS 8.42%
  • Veröffentlicht 06.08.2024 04:16:47
  • Zuletzt bearbeitet 19.08.2024 17:18:50

Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.

6.1

CVE-2024-7008

Exploit
  • EPSS 12.71%
  • Veröffentlicht 06.08.2024 04:16:46
  • Zuletzt bearbeitet 19.08.2024 17:19:25

Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.