matiasdesuu CVE Vulnerabilities & CVE List (3)

Products (CPE): — CVEs: 3

matiasdesuu vulnerability overview

Aggregates CVE and security vulnerability intelligence across all matiasdesuu-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting and vendor risk ssrf and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.

Vulnerability distribution trend (last 24 months)

Showing 13 of 3 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-64177 ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting (XSS) vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme filtering. This is fixed in version 0.6.8. [email protected] 5.4 0.20% 2025-11-06 2026-06-17
CVE-2025-64176 ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip file to bypass the client-side file-type verification. This could lead to stored XSS, or be used for other nefarious purposes such as malware distribution. This issue is fixed in version 0.6.8. [email protected] 5.3 0.22% 2025-11-06 2026-06-17
CVE-2025-64327 ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery (SSRF) vulnerability, in its `/api/ping?url= endpoint`. This allows an attacker to make arbitrary requests to internal or external hosts. This can include discovering ports open on the local machine, hosts on the local network, and ports open on the hosts on the internal network. This issue is fixed in version 0.6.8. [email protected] 5.3 0.29% 2025-11-06 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence