📦 Calibre

CVE-2011-4124 is a privilege escalation vulnerability in Calibre's Linux mount helper that allows local attackers to execute arbitrary commands with root privileges. The vulnerability exists due to im...

CVE-2026-26065 is a path traversal vulnerability in calibre's PDB readers that allows attackers to write arbitrary files anywhere the user has write permissions. This can lead to code execution, denia...

A Server-Side Template Injection vulnerability in Calibre's Templite engine allows arbitrary code execution when converting ebooks using malicious custom templates via command-line options. This affec...

Calibre e-book manager versions before 9.2.0 contain a path traversal vulnerability in the CHM reader that allows attackers to write arbitrary files anywhere the user has write permissions. On Windows...

A path traversal vulnerability in Calibre's EPUB conversion allows malicious EPUB files to corrupt arbitrary files writable by the Calibre process. Attackers can exploit this by crafting EPUB files wi...

CVE-2024-6781 is a path traversal vulnerability in Calibre ebook management software that allows unauthenticated attackers to read arbitrary files from the server filesystem. This affects all Calibre ...

This vulnerability in calibre's HTML conversion plugin allows Server-Side Request Forgery (SSRF) by default, enabling attackers to access resources outside the document root. It affects calibre users ...

CVE-2011-4126 is a race condition vulnerability in Calibre's Linux mount helper that allows unprivileged local users to mount arbitrary devices to any location on the filesystem. This affects Linux sy...

Calibre versions up to 7.15.0 contain a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. Attackers can inject malicious scripts that execute in users' browsers wh...