747 matches found
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in Bookmarks in Google Chrome prior to version 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Bookmarks in Google Chrome before version 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension and specific user interactions...
Astra Linux – Vulnerability in Chromium
Chromium: CVE-2021-30623 – Use after free in Bookmarks...
Astra Linux – Vulnerability in Chromium
Before version 97.0.4692.99, using Bookmarks in Google Chrome allowed a remote attacker to potentially exploit heap corruption by using a crafted HTML page, as long as that attacker could convince a user to engage in certain user interactions...
Astra Linux – Vulnerability in Chromium
Before version 91.0.4472.77, using "Use after free" in Bookmarks in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Bookmarks in Google Chrome before version 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark
Impact Persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured gist/WebDAV. The attacker can inject exec fields or global config to cause remote code to run when a bookmark is opened ...
PT-2026-41157
Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.8.9 Description Persistent local-pty code execution is possible through the import of bookmark JSON files or compromised synchronization targets such as gist or WebDAV. An attacker can inject exec fields or global...
[SECURITY] Fedora 43 Update: nextcloud-33.0.3-1.fc43
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 42 Update: nextcloud-33.0.3-1.fc42
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 44 Update: nextcloud-33.0.3-1.fc44
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 44 Update: mupdf-1.27.1-10.fc44
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
[SECURITY] Fedora 44 Update: kf6-kbookmarks-6.25.0-1.fc44
KBookmarks lets you access and manipulate bookmarks stored using the XBEL format...
[SECURITY] Fedora 43 Update: mupdf-1.27.1-10.fc43
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark
Summary The publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccessnil, .... Because the filter treats a nil context as authorized,...
GHSA-C77M-R996-JR3Q SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark
Summary The publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccessnil, .... Because the filter treats a nil context as authorized,...
CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...
PT-2026-29381
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2 Description The publish service in SiYuan allows unauthenticated visitors to access bookmarked blocks from password-protected documents. This occurs because the /api/bookmark/getBookmark endpoint, when operating ...
[SECURITY] Fedora 43 Update: nextcloud-32.0.6-1.fc43
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
CVE-2026-27150
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...