rpm package
opensuse/calibre&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/calibre&distro=openSUSE%20Tumbleweed
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33206 | — | < 9.7.0-1.1 | 9.7.0-1.1 | Mar 27, 2026 | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitra | ||
| CVE-2026-33205 | — | < 9.7.0-1.1 | 9.7.0-1.1 | Mar 27, 2026 | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET re | ||
| CVE-2026-30853 | — | < 9.7.0-1.1 | 9.7.0-1.1 | Mar 13, 2026 | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writa | ||
| CVE-2026-27824 | — | < 9.7.0-1.1 | 9.7.0-1.1 | Feb 27, 2026 | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both `remote_addr` and the `X-Forwarded-For` header. Since the `X | ||
| CVE-2026-27810 | — | < 9.7.0-1.1 | 9.7.0-1.1 | Feb 27, 2026 | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server re | ||
| CVE-2026-26065 | — | < 9.7.0-1.1 | 9.7.0-1.1 | Feb 20, 2026 | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extensio | ||
| CVE-2026-26064 | — | < 9.7.0-1.1 | 9.7.0-1.1 | Feb 20, 2026 | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Ex | ||
| CVE-2026-25731 | — | < 9.7.0-1.1 | 9.7.0-1.1 | Feb 6, 2026 | calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-h | ||
| CVE-2026-25635 | — | < 9.7.0-1.1 | 9.7.0-1.1 | Feb 6, 2026 | calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a pay | ||
| CVE-2026-25636 | — | < 9.7.0-1.1 | 9.7.0-1.1 | Feb 6, 2026 | calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/ |
- CVE-2026-33206Mar 27, 2026affected < 9.7.0-1.1fixed 9.7.0-1.1
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitra
- CVE-2026-33205Mar 27, 2026affected < 9.7.0-1.1fixed 9.7.0-1.1
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET re
- CVE-2026-30853Mar 13, 2026affected < 9.7.0-1.1fixed 9.7.0-1.1
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writa
- CVE-2026-27824Feb 27, 2026affected < 9.7.0-1.1fixed 9.7.0-1.1
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both `remote_addr` and the `X-Forwarded-For` header. Since the `X
- CVE-2026-27810Feb 27, 2026affected < 9.7.0-1.1fixed 9.7.0-1.1
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server re
- CVE-2026-26065Feb 20, 2026affected < 9.7.0-1.1fixed 9.7.0-1.1
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extensio
- CVE-2026-26064Feb 20, 2026affected < 9.7.0-1.1fixed 9.7.0-1.1
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Ex
- CVE-2026-25731Feb 6, 2026affected < 9.7.0-1.1fixed 9.7.0-1.1
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-h
- CVE-2026-25635Feb 6, 2026affected < 9.7.0-1.1fixed 9.7.0-1.1
calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a pay
- CVE-2026-25636Feb 6, 2026affected < 9.7.0-1.1fixed 9.7.0-1.1
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/