CVE-2025-64177

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

CVE-2025-64327

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

CVE-2025-64176

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip...

CVE-2025-64177

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

CVE-2025-64177 ThinkDashboard: Stored XSS in Dashboard via Malicious Bookmark

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

EUVD-2025-38184

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

CVE-2025-64177 ThinkDashboard: Stored XSS in Dashboard via Malicious Bookmark

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

CVE-2025-64177 ThinkDashboard: Stored XSS in Dashboard via Malicious Bookmark

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

CVE-2025-64327

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

CVE-2025-64176

ThinkDashboard versions ≤ 0.6.7 are affected by an Arbitrary File Upload vulnerability in the Backup Import feature. An attacker can upload any file to the /data directory by selecting a ZIP for backup import, bypassing client-side file-type verification, potentially leading to stored XSS or malw...

EUVD-2025-38185

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip...

CVE-2025-64327 ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

CVE-2025-64327

CVE-2025-64327 affects ThinkDashboard (Go + JavaScript) and is caused by a blind SSRF in the /api/ping?url= endpoint in versions 0.6.7 and earlier. An attacker can cause the application to perform arbitrary requests to internal or external hosts, potentially revealing local network topology and o...

EUVD-2025-38186

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

EUVD-2024-54898

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-20806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Phamm aka PHP LDAP Virtual Hosting Manager 0.6.8 allows XSS via the login page the /public/main.php action parameter. CVE-2018-20806 Note that Nessus relies on...

CVE-2024-50641

An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token...

CVE-2024-50641

An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token...

CVE-2024-50641

An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token...

CVE-2024-50641

Summary: CVE-2024-50641 affects PandoraNext-TokensTool ≤ 0.6.8, enabling authentication bypass to access the API without a token. The CVSS v3.1 base score is 8.1 (HIGH) with network access, high impact on confidentiality, integrity, and availability, and no privileges required. Connected sources ...