Karakeep
Monthly
Server-side request forgery in Karakeep self-hosted bookmark manager versions prior to 0.32.0 allows authenticated users to bypass internal-network protections by chaining attacker-controlled HTTP redirects, reaching Docker-internal services from the crawler and video download flows. Publicly available exploit code exists per SSVC, though EPSS is low at 0.03% and the issue is not in CISA KEV. Fixed in version 0.32.0.
Stored cross-site scripting in Karakeep 0.30.0 allows remote attackers to execute arbitrary JavaScript in users' browsers by injecting malicious HTML through the Reddit metascraper plugin, which bypasses sanitization that is applied to other content sources. The vulnerability exists because the Reddit plugin's HTML output is rendered directly via dangerouslySetInnerHTML without DOMPurify filtering, and public exploit code is available. Version 0.31.0 contains the patch.
Server-side request forgery in Karakeep self-hosted bookmark manager versions prior to 0.32.0 allows authenticated users to bypass internal-network protections by chaining attacker-controlled HTTP redirects, reaching Docker-internal services from the crawler and video download flows. Publicly available exploit code exists per SSVC, though EPSS is low at 0.03% and the issue is not in CISA KEV. Fixed in version 0.32.0.
Stored cross-site scripting in Karakeep 0.30.0 allows remote attackers to execute arbitrary JavaScript in users' browsers by injecting malicious HTML through the Reddit metascraper plugin, which bypasses sanitization that is applied to other content sources. The vulnerability exists because the Reddit plugin's HTML output is rendered directly via dangerouslySetInnerHTML without DOMPurify filtering, and public exploit code is available. Version 0.31.0 contains the patch.