UBUNTU-CVE-2026-48823

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

CVE-2026-27150 Discourse doesn't ensure guardian check when creating QueryGroupBookmark

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...

CVE-2026-27150

CVE-2026-27150 (Discourse) affects the Data Explorer component (QueryGroupBookmarkable) in Discourse. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing authorization in validate_before_create allowed any logged-in user to create bookmarks for query groups they lack access to, enabling ...

PT-2026-4832

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.0 Description Shaarli is a personal bookmarking service susceptible to a cross-site scripting XSS issue. A malicious tag beginning with a double quote " can prematurely terminate the tag on the start page, enabli...

CVE-2023-25029

Cross-Site Request Forgery CSRF vulnerability in utahta WP Social Bookmarking Light plugin = 2.0.7 versions...

karakeep 安全漏洞

karakeep is a self-hostable bookmarking application from the Karakeep App open source. A security vulnerability exists in karakeep versions v0.26.0 through v0.7.0, which stems from vulnerability to server-side request forgery attacks...

EUVD-2017-4428

Malware in sbrugna...

EUVD-2006-1055

Malware in sbrugna...

EUVD-2025-11566

Malicious code in bioql PyPI...

EUVD-2025-10639

Malicious code in bioql PyPI...

EUVD-2023-29008

Malicious code in bioql PyPI...

CVE-2013-2311

Cross-site scripting XSS vulnerability in static/js/share.js aka the social bookmarking widget in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-9433

The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php...

CVE-2025-39422

Cross-Site Request Forgery CSRF vulnerability in PResponsive WP Social Bookmarking wp-social-bookmarking allows Stored XSS.This issue affects WP Social Bookmarking: from n/a through = 3.6...

Exposure of Sensitive Information Through Metadata

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata when executing the UpdateChannelBookmark function, due to improper handling of user permissions. By creating a bookmark referencing a deleted file, an attacker can expose metadata from...

CVE-2025-39422

Cross-Site Request Forgery CSRF vulnerability in PResponsive WP Social Bookmarking wp-social-bookmarking allows Stored XSS.This issue affects WP Social Bookmarking: from n/a through = 3.6...

CVE-2025-39422 WordPress WP Social Bookmarking plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PResponsive WP Social Bookmarking wp-social-bookmarking allows Stored XSS.This issue affects WP Social Bookmarking: from n/a through = 3.6...

WordPress plugin WP Social Bookmarking 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-16989 · WordPress · Wp Social Bookmarking

Name of the Vulnerable Software and Affected Versions: WP Social Bookmarking versions n/a through 3.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in PResponsive WP Social Bookmarking. Recommendations: For versions n/a through 3.6, update to a...

CVE-2025-2424

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation...