Browse all 4 CVE security advisories affecting Calibre. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Calibre is an e-book management tool used for organizing, converting, and syncing digital books across devices. Historically, it has been susceptible to remote code execution vulnerabilities through improper input validation in its content server and web interface components. Cross-site scripting flaws have also been prevalent due to insufficient sanitization of user-supplied data in various modules. Privilege escalation vulnerabilities have occurred in its update mechanisms and plugin systems. While no major public security incidents have been widely documented, the consistent discovery of multiple CVEs highlights ongoing security challenges in its architecture, particularly around input handling and plugin management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-7009 | Calibre SQL Injection — CalibreCWE-89 | 4.2 | Medium | 2024-08-06 |
| CVE-2024-7008 | Calibre Reflected Cross-Site Scripting (XSS) — CalibreCWE-79 | 5.4 | Medium | 2024-08-06 |
| CVE-2024-6782 | Calibre Remote Code Execution — CalibreCWE-863 | 9.8 | Critical | 2024-08-06 |
| CVE-2024-6781 | Calibre Arbitrary File Read — CalibreCWE-22 | 7.5 | High | 2024-08-06 |
This page lists every published CVE security advisory associated with Calibre. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.