628 matches found
PT-2026-41157
Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.8.9 Description Persistent local-pty code execution is possible through the import of bookmark JSON files or compromised synchronization targets such as gist or WebDAV. An attacker can inject exec fields or global...
EUVD-2026-28872
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint POST /api/v1/archives/linkId?format=4 accepts HTML files text/html without sanitizing JavaScript content. When the archive i...
EUVD-2026-24754
Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request...
CVE-2026-31192
Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request...
CVE-2026-31192
The vulnerability CVE-2026-31192 affects Raindrop.io Bookmark Manager Web App version 5.6.76.0. The root cause is insufficient validation of Chrome extension identifiers, leading to potential exposure of sensitive user data via a crafted request. Documents confirm the affected component and the u...
Raindrop.io Bookmark Manager Web App 输入验证错误漏洞
Raindrop.io Bookmark Manager Web App is a cloud-based bookmark management application developed by the Russian company Raindrop.io. Version 5.6.76.0 of Raindrop.io Bookmark Manager Web App contains a vulnerability related to input validation. This vulnerability stems from insufficient validation ...
CVE-2026-31192
Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request...
CVE-2026-31192
Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request...
PT-2026-34338
Name of the Vulnerable Software and Affected Versions Raindrop.io Bookmark Manager Web App version 5.6.76.0 Description Insufficient validation of Chrome extension identifiers allows attackers to obtain sensitive user data through a crafted request. Recommendations At the moment, there is no...
[SECURITY] Fedora 44 Update: kf6-kbookmarks-6.25.0-1.fc44
KBookmarks lets you access and manipulate bookmarks stored using the XBEL format...
[SECURITY] Fedora 42 Update: nextcloud-33.0.1-1.fc42
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the getBookmark function. An attacker can retrieve sensitive content from password-protected documents by sending unauthenticated requests to the /api/bookmark/getBookmark endpoint, which improperly authorize...
GHSA-C77M-R996-JR3Q SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark
Summary The publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccessnil, .... Because the filter treats a nil context as authorized,...
CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...
CVE-2026-34453
SiYuan exposes bookmarked blocks from password-protected documents via the publish service prior to 3.6.2. In publish/read-only mode, /api/bookmark/getBookmark uses FilterBlocksByPublishAccess(nil, ...) and treats a nil context as authorized, skipping the password check and returning content from...
CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...
SiYuan 安全漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.6.2 contained security vulnerabilities. These vulnerabilities stemmed from improper access control for bookmark blocks during service deployment, which could allow...
Unspecified vulnerability in Discourse (CNVD-2026-17486)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from a lack of validatebeforecreate authorization in Data Explorer's...
[SECURITY] Fedora 44 Update: nextcloud-32.0.6-1.fc44
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
BIT-DISCOURSE-2026-27150 Discourse doesn't ensure guardian check when creating QueryGroupBookmark
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...