Lucene search
+L

628 matches found

Vulnrichment
Vulnrichment
added 2025/11/21 12:30 p.m.4 views

CVE-2025-66101 WordPress CBX Bookmark & Favorite plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through = 2.0.1...

6.6AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 12:30 p.m.13 views

CVE-2025-66101 WordPress CBX Bookmark & Favorite plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through = 2.0.1...

4.3CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 12:30 p.m.11 views

CVE-2025-66101

CVE-2025-66101 is a Missing/ Broken Access Control vulnerability in WordPress plugin CBX Bookmark & Favorite (cbxwpbookmark) versions up to and including 2.0.1. Affected component is access control configuration, enabling unauthorized access to bookmark/favorite data. CVSS v3.1 base score 4.3 (Me...

4.3CVSS6.6AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/21 12:30 p.m.7 views

EUVD-2025-198449

Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through = 2.0.1...

4.3CVSS6.5AI score0.00162EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.10 views

WordPress plugin CBX Bookmark & Favorite 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.7 views

PT-2025-47767

Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through = 2.0.1...

7AI score0.00162EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/18 7:18 a.m.10 views

WordPress CBX Bookmark & Favorite plugin <= 2.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin CBX Bookmark & Favorite versions = 2.0.1...

4.3CVSS7AI score0.00162EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/18 12:11 a.m.22 views

CVE-2025-63917

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

7.1CVSS7.1AI score0.00387EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/17 6:30 p.m.7 views

EUVD-2025-197810

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

7.1CVSS6.6AI score0.00387EPSS
Exploits1References4
NVD
NVD
added 2025/11/17 5:15 p.m.7 views

CVE-2025-63917

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

7.1CVSS0.00387EPSS
Exploits1References3
OSV
OSV
added 2025/11/17 5:15 p.m.5 views

CVE-2025-63917

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

7.1CVSS5.9AI score0.00387EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.26 views

PT-2025-47167

Name of the Vulnerable Software and Affected Versions PDFPatcher versions through 1.1.3.4663 Description The software does not properly restrict XML external entity XXE references in its XML bookmark import functionality. The application utilizes .NET’s XmlDocument class without disabling externa...

7.1CVSS6.7AI score0.00387EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/07 9:53 p.m.18 views

CVE-2025-64177

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

6.1CVSS5.7AI score0.00226EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/07 3:54 p.m.3 views

CVE-2025-49909

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Bookmark & Follow penci-bookmark-follow allows Reflected XSS.This issue affects Penci Bookmark & Follow: from n/a through 2.4...

7.1CVSS6.4AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 10:15 p.m.6 views

CVE-2025-64177

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

6.1CVSS0.00226EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/06 9:32 p.m.3 views

CVE-2025-64177 ThinkDashboard: Stored XSS in Dashboard via Malicious Bookmark

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

5.4CVSS5.3AI score0.00226EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/06 9:32 p.m.8 views

CVE-2025-64177 ThinkDashboard: Stored XSS in Dashboard via Malicious Bookmark

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

5.4CVSS0.00226EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/06 9:32 p.m.4 views

EUVD-2025-38184

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

5.4CVSS5.2AI score0.00226EPSS
Exploits1References2
CVE
CVE
added 2025/11/06 9:32 p.m.36 views

CVE-2025-64177

ThinkDashboard is a self-hosted bookmark dashboard (Go/JavaScript). A stored XSS vulnerability exists in versions 0.6.7 and earlier caused by lack of scheme filtering when processing bookmarks. Exploitation occurs when a user clicks a malicious bookmark, enabling stored XSS as described in multip...

6.1CVSS5.3AI score0.00226EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/11/06 9:32 p.m.5 views

CVE-2025-64177 ThinkDashboard: Stored XSS in Dashboard via Malicious Bookmark

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting XSS vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme...

5.4CVSS5.7AI score0.00226EPSS
Exploits1References4
Rows per page
Query Builder