The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php.

The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php.

Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attackers to spoof the address bar via vectors related to URL display.

Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings."

Unspecified vulnerability in the GO Bookmark Widget (com.gau.go.launcherex.gowidget.bookmark) application 1.1 for Android has unknown impact and attack vectors.

SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action.

Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.

Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter.

SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action.

PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter.