21 matches found
CVE-2026-45082
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
CVE-2026-45082
Karakeep (elf-hostable bookmark-everything app) has an SSRF protection bypass in versions before 0.32.0. Attackers could abuse crafted HTTP redirects to cause authenticated users to trigger requests from vulnerable components to internally reachable Docker network services. Affected processing pa...
CVE-2026-45082 Karakeep has a SSRF Protection Bypass via Redirect Handling
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
CVE-2026-45082 Karakeep has a SSRF Protection Bypass via Redirect Handling
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
EUVD-2026-31826
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
karakeep 安全漏洞
Karakeep is an open-source bookmarking app developed by Karakeep App. Versions of Karakeep prior to 0.32.0 contained security vulnerabilities. These vulnerabilities stemmed from a SSRF protection that could be bypassed by carefully crafted HTTP redirection chains. Authentication users could enabl...
CVE-2026-27627 Karakeep's Reddit plugin content bypasses DOMPurify sanitization, enabling stored XSS
Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...
CVE-2026-27627
Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...
CVE-2026-27627 Karakeep's Reddit plugin content bypasses DOMPurify sanitization, enabling stored XSS
Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...
karakeep 跨站脚本漏洞
Karakeep is an open-source bookmarking app developed by Karakeep App. Version 0.30.0 of Karakeep contains a cross-site scripting vulnerability. This vulnerability arises from the Reddit meta-fetching plugin not using DOMPurify to clean HTML content, allowing malicious HTML to be executed in users...
CVE-2025-60540
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...
EUVD-2025-34483
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...
CVE-2025-60540
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...
CVE-2025-60540
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...
karakeep 安全漏洞
karakeep is a self-hostable bookmarking application from the Karakeep App open source. A security vulnerability exists in karakeep versions v0.26.0 through v0.7.0, which stems from vulnerability to server-side request forgery attacks...
CVE-2025-60540
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...
CVE-2025-60540
CVE-2025-60540 is documented as a Server-Side Request Forgery (SSRF) affecting karakeep versions from v0.26.0 up to v0.7.0. The connected sources confirm the affected product and range of vulnerable versions and repeat the same description across multiple feeds, but do not provide concrete remedi...
PT-2025-42184
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...
CVE-2025-60540
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...
MAL-2025-5564 Malicious code in karakeep (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b96143e1a337213c5ae7cdcd914230744fcb082e0645188de5f5fa18b991916 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...