Discourse 安全漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from a lack of validatebeforecreate authorization in Data Explorer's...

PT-2026-22185

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description A missing validate before create authorization check in the Data Explorer's QueryGroupBookmarkable component allows any...

Minor update (2) for Vivaldi Desktop Browser 7.8

Download Vivaldi The following improvements were made since the first 7.8 minor update: Ad Blocker Make sure the folder for downloaded adblocking rules is always created VIB-1713 Bookmarks Ampersand shown in bookmark bar folders when items they should be underlined VB-124777 Chromium Update to...

BIT-GHOST-2025-9862 Ghost 6.0.6 - SSRF via oEmbed Bookmark

Server-Side Request Forgery SSRF vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3...

CVE-2024-34537

TYPO3 before 13.3.1 allows denial of service interface error in the Bookmark Toolbar ext:backend, exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21...

CVE-2025-13652

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

WordPress CBX Bookmark & Favorite plugin <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter vulnerability

Authenticated Subscriber+ SQL Injection via orderby Parameter vulnerability discovered by Muhamad Visat in WordPress Plugin CBX Bookmark & Favorite versions = 2.0.4...

CVE-2025-13652 CBX Bookmark & Favorite <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-13652

The CVE-2025-13652 entry concerns CBX Bookmark & Favorite (WordPress) with a SQL Injection vulnerability via the orderby parameter in all versions up to 2.0.4. The issue arises from insufficient escaping and lack of proper SQL query preparation, enabling authenticated attackers with Subscriber+ p...

WordPress plugin CBX Bookmark & Favorite SQL注入漏洞

...

PT-2026-1400

Name of the Vulnerable Software and Affected Versions CBX Bookmark & Favorite plugin for WordPress versions through 2.0.4 Description The software contains a SQL Injection flaw due to inadequate input sanitization of the orderby parameter. This allows authenticated attackers with Subscriber-level...

CVE-2025-14202

A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When an authenticated admin user views the SVG file with embedded JavaScript code of shared bookmark, JavaScript executes in the admin’s browser,...

CVE-2025-14202

A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When an authenticated admin user views the SVG file with embedded JavaScript code of shared bookmark, JavaScript executes in the admin’s browser,...

CVE-2025-14202 Cross-Site Request Forgery (CSRF) Leading to Account Takeover via SVG File Upload

A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When an authenticated admin user views the SVG file with embedded JavaScript code of shared bookmark, JavaScript executes in the admin’s browser,...

[SECURITY] Fedora 42 Update: nextcloud-32.0.2-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

CVE-2025-66101

Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through = 2.0.1...

CVE-2025-66101

Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through = 2.0.1...

CVE-2025-66101 WordPress CBX Bookmark & Favorite plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through = 2.0.1...

EUVD-2025-198449

Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through = 2.0.1...

CVE-2025-66101

CVE-2025-66101 is a Missing/ Broken Access Control vulnerability in WordPress plugin CBX Bookmark & Favorite (cbxwpbookmark) versions up to and including 2.0.1. Affected component is access control configuration, enabling unauthorized access to bookmark/favorite data. CVSS v3.1 base score 4.3 (Me...