CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...

CVE-2026-34453

SiYuan exposes bookmarked blocks from password-protected documents via the publish service prior to 3.6.2. In publish/read-only mode, /api/bookmark/getBookmark uses FilterBlocksByPublishAccess(nil, ...) and treats a nil context as authorized, skipping the password check and returning content from...

CVE-2026-27150

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...

EUVD-2022-32327

Malicious code in bioql PyPI...

EUVD-2022-42318

Malicious code in bioql PyPI...

CVE-2024-23112

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...

CVE-2025-24259

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check...

Fortinet FortiOS and FortiProxy Security Vulnerabilities

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

PT-2024-2091 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.7 through 6.4.14 FortiOS versions 7.0.1 through 7.0.13 FortiOS versions 7.2.0 through 7.2.6 FortiOS versions 7.4.0 through 7.4.1 FortiProxy versions 7.0.0 through 7.0.14 FortiProxy versions 7.2.0 through 7.2.8 FortiProxy...

PT-2023-29706 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier of the beta and tests-passed branches Description: Discourse is an open source platform for community discussion. There is an edge case where a bookmark reminder is...

CVE-2022-27839

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials...

Foreman Bookmark Access Security Bypass Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. An error in Foreman's handling of bookmarks associated with the Administer - Bookmarks feature can be exploited by a remote attacker to bypass security restrictions and gain access to other users' restricted...