Lucene search
+L

628 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.32 views

PT-2026-41157

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.8.9 Description Persistent local-pty code execution is possible through the import of bookmark JSON files or compromised synchronization targets such as gist or WebDAV. An attacker can inject exec fields or global...

9.4CVSS6.4AI score0.00234EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/08 11:10 p.m.12 views

EUVD-2026-28872

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint POST /api/v1/archives/linkId?format=4 accepts HTML files text/html without sanitizing JavaScript content. When the archive i...

8.8CVSS6AI score0.00458EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 3:31 p.m.7 views

EUVD-2026-24754

Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 2:16 p.m.4 views

CVE-2026-31192

Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request...

6.5CVSS0.00281EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 12:0 a.m.10 views

CVE-2026-31192

The vulnerability CVE-2026-31192 affects Raindrop.io Bookmark Manager Web App version 5.6.76.0. The root cause is insufficient validation of Chrome extension identifiers, leading to potential exposure of sensitive user data via a crafted request. Documents confirm the affected component and the u...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Raindrop.io Bookmark Manager Web App 输入验证错误漏洞

Raindrop.io Bookmark Manager Web App is a cloud-based bookmark management application developed by the Russian company Raindrop.io. Version 5.6.76.0 of Raindrop.io Bookmark Manager Web App contains a vulnerability related to input validation. This vulnerability stems from insufficient validation ...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/22 12:0 a.m.4 views

CVE-2026-31192

Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request...

5.8AI score0.00281EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/22 12:0 a.m.33 views

CVE-2026-31192

Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request...

0.00281EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-34338

Name of the Vulnerable Software and Affected Versions Raindrop.io Bookmark Manager Web App version 5.6.76.0 Description Insufficient validation of Chrome extension identifiers allows attackers to obtain sensitive user data through a crafted request. Recommendations At the moment, there is no...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References7
Fedora
Fedora
added 2026/04/16 11:42 p.m.15 views

[SECURITY] Fedora 44 Update: kf6-kbookmarks-6.25.0-1.fc44

KBookmarks lets you access and manipulate bookmarks stored using the XBEL format...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/07 1:11 a.m.4 views

[SECURITY] Fedora 42 Update: nextcloud-33.0.1-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.2CVSS6.4AI score0.00478EPSS
Exploits3
Snyk
Snyk
added 2026/03/31 11:30 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the getBookmark function. An attacker can retrieve sensitive content from password-protected documents by sending unauthenticated requests to the /api/bookmark/getBookmark endpoint, which improperly authorize...

8.7CVSS5.9AI score0.01227EPSS
Exploits1References2
OSV
OSV
added 2026/03/31 11:30 p.m.8 views

GHSA-C77M-R996-JR3Q SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark

Summary The publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccessnil, .... Because the filter treats a nil context as authorized,...

7.5CVSS5.9AI score0.01227EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/31 9:43 p.m.26 views

CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...

7.5CVSS0.01227EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 9:43 p.m.15 views

CVE-2026-34453

SiYuan exposes bookmarked blocks from password-protected documents via the publish service prior to 3.6.2. In publish/read-only mode, /api/bookmark/getBookmark uses FilterBlocksByPublishAccess(nil, ...) and treats a nil context as authorized, skipping the password check and returning content from...

7.5CVSS5.8AI score0.01227EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/31 9:43 p.m.5 views

CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...

7.5CVSS5.8AI score0.01227EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.6.2 contained security vulnerabilities. These vulnerabilities stemmed from improper access control for bookmark blocks during service deployment, which could allow...

7.5CVSS5.8AI score0.01227EPSS
Exploits1References4
CNVD
CNVD
added 2026/03/09 12:0 a.m.5 views

Unspecified vulnerability in Discourse (CNVD-2026-17486)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from a lack of validatebeforecreate authorization in Data Explorer's...

5.3CVSS5.7AI score0.00153EPSS
Exploits0
Fedora
Fedora
added 2026/03/07 12:33 a.m.8 views

[SECURITY] Fedora 44 Update: nextcloud-32.0.6-1.fc44

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.2CVSS5.8AI score0.025EPSS
Exploits1
OSV
OSV
added 2026/03/03 1:29 p.m.5 views

BIT-DISCOURSE-2026-27150 Discourse doesn't ensure guardian check when creating QueryGroupBookmark

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...

5.3CVSS6AI score0.00153EPSS
Exploits0References2
Rows per page
Query Builder