Lucene search
+L

747 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in Bookmarks in Google Chrome prior to version 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS7AI score0.0282EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in Bookmarks in Google Chrome before version 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension and specific user interactions...

8.8CVSS6.9AI score0.00475EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Chromium

Chromium: CVE-2021-30623 – Use after free in Bookmarks...

8.8CVSS7.7AI score0.03972EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Chromium

Before version 97.0.4692.99, using Bookmarks in Google Chrome allowed a remote attacker to potentially exploit heap corruption by using a crafted HTML page, as long as that attacker could convince a user to engage in certain user interactions...

8.8CVSS7.3AI score0.0075EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.35 views

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.77, using "Use after free" in Bookmarks in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS8AI score0.01004EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in Bookmarks in Google Chrome before version 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00773EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 8:15 p.m.11 views

Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark

Impact Persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured gist/WebDAV. The attacker can inject exec fields or global config to cause remote code to run when a bookmark is opened ...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.32 views

PT-2026-41157

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.8.9 Description Persistent local-pty code execution is possible through the import of bookmark JSON files or compromised synchronization targets such as gist or WebDAV. An attacker can inject exec fields or global...

9.4CVSS6.4AI score0.00234EPSS
Exploits0References7
Fedora
Fedora
added 2026/05/11 1:3 a.m.31 views

[SECURITY] Fedora 43 Update: nextcloud-33.0.3-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.9CVSS6.4AI score0.02474EPSS
Exploits15
Fedora
Fedora
added 2026/05/10 3:23 a.m.39 views

[SECURITY] Fedora 42 Update: nextcloud-33.0.3-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.9CVSS6.5AI score0.02474EPSS
Exploits15
Fedora
Fedora
added 2026/05/10 2:55 a.m.34 views

[SECURITY] Fedora 44 Update: nextcloud-33.0.3-1.fc44

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.9CVSS6.5AI score0.02474EPSS
Exploits15
Fedora
Fedora
added 2026/04/25 1:53 a.m.11 views

[SECURITY] Fedora 44 Update: mupdf-1.27.1-10.fc44

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

7.8CVSS5.7AI score0.00213EPSS
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.15 views

[SECURITY] Fedora 44 Update: kf6-kbookmarks-6.25.0-1.fc44

KBookmarks lets you access and manipulate bookmarks stored using the XBEL format...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/12 3:38 p.m.9 views

[SECURITY] Fedora 43 Update: mupdf-1.27.1-10.fc43

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

7.8CVSS5.9AI score0.00213EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/31 11:30 p.m.9 views

SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark

Summary The publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccessnil, .... Because the filter treats a nil context as authorized,...

7.5CVSS5.9AI score0.01227EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/31 11:30 p.m.8 views

GHSA-C77M-R996-JR3Q SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark

Summary The publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccessnil, .... Because the filter treats a nil context as authorized,...

7.5CVSS5.9AI score0.01227EPSS
Exploits1References5
OSV
OSV
added 2026/03/31 9:43 p.m.5 views

CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...

7.5CVSS5.8AI score0.01227EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.7 views

PT-2026-29381

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2 Description The publish service in SiYuan allows unauthenticated visitors to access bookmarked blocks from password-protected documents. This occurs because the /api/bookmark/getBookmark endpoint, when operating ...

7.5CVSS5.9AI score0.01227EPSS
Exploits1References10
Fedora
Fedora
added 2026/03/02 12:42 a.m.18 views

[SECURITY] Fedora 43 Update: nextcloud-32.0.6-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.2CVSS6.1AI score0.025EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/02/28 1:56 a.m.7 views

CVE-2026-27150

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...

5.3CVSS6AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder