VYPR

rpm package

opensuse/calibre&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/calibre&distro=openSUSE%20Tumbleweed

Vulnerabilities (10)

  • CVE-2026-33206Mar 27, 2026
    affected < 9.7.0-1.1fixed 9.7.0-1.1

    calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitra

  • CVE-2026-33205Mar 27, 2026
    affected < 9.7.0-1.1fixed 9.7.0-1.1

    calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET re

  • CVE-2026-30853Mar 13, 2026
    affected < 9.7.0-1.1fixed 9.7.0-1.1

    calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writa

  • CVE-2026-27824Feb 27, 2026
    affected < 9.7.0-1.1fixed 9.7.0-1.1

    calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both `remote_addr` and the `X-Forwarded-For` header. Since the `X

  • CVE-2026-27810Feb 27, 2026
    affected < 9.7.0-1.1fixed 9.7.0-1.1

    calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server re

  • CVE-2026-26065Feb 20, 2026
    affected < 9.7.0-1.1fixed 9.7.0-1.1

    calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extensio

  • CVE-2026-26064Feb 20, 2026
    affected < 9.7.0-1.1fixed 9.7.0-1.1

    calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Ex

  • CVE-2026-25731Feb 6, 2026
    affected < 9.7.0-1.1fixed 9.7.0-1.1

    calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-h

  • CVE-2026-25635Feb 6, 2026
    affected < 9.7.0-1.1fixed 9.7.0-1.1

    calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a pay

  • CVE-2026-25636Feb 6, 2026
    affected < 9.7.0-1.1fixed 9.7.0-1.1

    calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/