Security Vulnerabilities
Insufficient input sanitization in the dashboard label or path can allow
an attacker to trigger a device error causing information disclosure or
data manipulation.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-11-06
Due to insufficient sanitization, an attacker can upload a specially
crafted configuration file to cause a denial-of-service condition,
traverse directories, or read/write files, within the context of the
local system account.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-11-06
Due to insufficient sanitization, an attacker can upload a specially
crafted configuration file to traverse directories and achieve remote
code execution with system-level permissions.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-06
Due to insufficient sanitization, an attacker can upload a specially
crafted configuration file to traverse directories and achieve remote
code execution with system-level permissions.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-11-06
Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.1
EPSS Score
0.0
Published
2025-11-06
Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.001
Published
2025-11-06
Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.001
Published
2025-11-06
Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.001
Published
2025-11-06
ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting (XSS) vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme filtering. This is fixed in version 0.6.8.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-06
ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip file to bypass the client-side file-type verification. This could lead to stored XSS, or be used for other nefarious purposes such as malware distribution. This issue is fixed in version 0.6.8.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-11-06