The vulnerability of the Calibre e-book library software, related to deficiencies in authentication mechanisms, allows a perpetrator to execute arbitrary code.

The vulnerability of the Calibre electronic library software is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Calibre SQL Injection Vulnerability

Calibre is an open source free all-in-one eBook reading management and format conversion tool. Calibre version 7.15.0 and prior versions suffer from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit thi...

SUSE CVE-2024-7009

Unsanitized user-input in Calibre = 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database...

CVE-2011-4124

Input validation issues were found in Calibre at devices/linuxmounthelper.c which can lead to argument injection and elevation of privileges...

CVE-2018-7889

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...