26 matches found
CVE-2025-64327
CVE-2025-64327 affects ThinkDashboard (Go + JavaScript) and is caused by a blind SSRF in the /api/ping?url= endpoint in versions 0.6.7 and earlier. An attacker can cause the application to perform arbitrary requests to internal or external hosts, potentially revealing local network topology and o...
PT-2025-45378
Name of the Vulnerable Software and Affected Versions ThinkDashboard versions 0.6.7 and below Description ThinkDashboard, a self-hosted bookmark dashboard built with Go and vanilla JavaScript, has an issue where an attacker can upload arbitrary files to the '/data' directory of the web applicatio...
PT-2025-45385
Name of the Vulnerable Software and Affected Versions ThinkDashboard versions prior to 0.6.8 Description ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. A stored Cross-Site Scripting XSS issue exists in the dashboard for versions 0.6.7 and below due to a...
ThinkDashboard 安全漏洞
ThinkDashboard is a lightweight, self-hosted bookmarking dashboard by the individual developer MatiasDesu. A security vulnerability exists in ThinkDashboard version 0.6.7 and earlier, which stems from a server-side request forgery vulnerability in the /api/ping?url= endpoint that could lead an...
ThinkDashboard 代码问题漏洞
ThinkDashboard is a lightweight, self-hosted bookmarking dashboard by the individual developer MatiasDesu. A code issue vulnerability exists in ThinkDashboard version 0.6.7 and earlier, which stems from the backup import feature not properly validating file types, which could lead to a stored...
ThinkDashboard 跨站脚本漏洞
ThinkDashboard is a lightweight, self-hosted bookmarking dashboard. A cross-site scripting vulnerability exists in ThinkDashboard version 0.6.7 and earlier, which stems from a lack of schema filtering and can be exploited by an attacker to cause a stored cross-site scripting attack...