Lucene search
K

689 matches found

Nuclei
Nuclei
added 19 hours ago99 views

Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)

It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attacker’s JavaScript code in the context of the victim’s browser. If the Calibre server is running with...

6.1CVSS6.3AI score0.2406EPSS
Exploits1References1
Nuclei
Nuclei
added 19 hours ago53 views

Calibre <= 7.14.0 Arbitrary File Read

Arbitrary file read via Calibre’s content server in Calibre = 7.14.0. id: CVE-2024-6781 info: name: Calibre = 7.14.0 Arbitrary File Read author: DhiyaneshDK severity: high description: | Arbitrary file read via Calibre’s content server in Calibre = 7.14.0. impact: | Attackers can exploit the...

7.5CVSS7AI score0.62696EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago231 views

Calibre <= 7.14.0 Remote Code Execution

Unauthenticated remote code execution via Calibre’s content server in Calibre = 7.14.0. id: CVE-2024-6782 info: name: Calibre = 7.14.0 Remote Code Execution author: DhiyaneshDK severity: critical description: | Unauthenticated remote code execution via Calibre’s content server in Calibre = 7.14.0...

9.8CVSS7.4AI score0.83393EPSS
Exploits8References1
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre,...

8.5CVSS6.2AI score0.00197EPSS
Exploits0References3
NVD
NVD
added 6 days ago9 views

CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS0.00197EPSS
Exploits0References3
CVE
CVE
added 6 days ago31 views

CVE-2026-53511

Calibre vulnerability CVE-2026-53511 affects the calibre e-book manager prior to version 9.10.0. A malicious EPUB/OPF/PDF can trigger arbitrary Python code execution when metadata is read by calibre (e.g., via Add books or Edit books) by embedding a python: template in calibre:user_metadata; the ...

8.5CVSS6.2AI score0.00197EPSS
Exploits0References3
OSV
OSV
added 6 days ago5 views

CVE-2026-53511 calibre: Arbitrary Code Execution in Template Formatter via Book Metadata

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS6.2AI score0.00197EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS6.2AI score0.00197EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-53511 calibre: Arbitrary Code Execution in Template Formatter via Book Metadata

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS0.00197EPSS
Exploits0References3
Debian CVE
Debian CVE
added 6 days ago3 views

CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS6.2AI score0.00197EPSS
Exploits0
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-307 calibre-web is vulnerable to Business Logic Errors

calibre-web is vulnerable to Business Logic Errors...

9.8CVSS7.1AI score0.01375EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-305 SQL injection in calibreweb

Calibre-Web before 0.6.18 allows user table SQL Injection...

9.8CVSS5.8AI score0.01118EPSS
Exploits0References6
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/28 12:0 a.m.4 views

calibre-9.10.0-1.1 on GA media (moderate)

calibre-9.10.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:11130-1 Rating: moderate Cross-References: CVE-2026-53511 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the calibre-9.10.0-1....

8.5CVSS5.8AI score0.00197EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53655

Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.10.0 Description A flaw exists where reading metadata from a malicious EPUB, OPF, or PDF file allows the execution of arbitrary Python code. This occurs when a custom column definition containing a python: template ...

8.5CVSS6.2AI score0.00197EPSS
Exploits0References12
OSV
OSV
added 2026/06/27 12:0 a.m.3 views

OPENSUSE-SU-2026:11130-1 calibre-9.10.0-1.1 on GA media

These are all security issues fixed in the calibre-9.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

8.5CVSS5.8AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.12 views

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS6.2AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7714

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

6.9CVSS6.1AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/05 8:21 p.m.5 views

CVE-2026-7713

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

6.5CVSS6.2AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 1:16 a.m.14 views

CVE-2026-7714

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

6.9CVSS0.00456EPSS
Exploits0References7
NVD
NVD
added 2026/05/04 12:16 a.m.5 views

CVE-2026-7713

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

6.5CVSS0.00272EPSS
Exploits0References9
Rows per page
Query Builder