CVE-2026-31863

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

CVE-2026-31863

CVE-2026-31863 affects Anytype Heart: the challenge-based authentication for the local gRPC client API can be bypassed, allowing unauthorized access without the 4-digit code via a local attack vector. Affects Anytype Heart; attack vector LOCAL, complexity HIGH, privileges REQUIRED LOW, with only ...

GHSA-VV3H-7QWR-722V Anytype Heart's gRPC API client challenge verification can be bypassed on localhost

Impact The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. Affected components: - Anytype Desktop all platforms ≤ v0.48.2 - Anytype-CLI headless deployments ≤ v0.1.9 Not affected: - Anytype mobile apps iOS...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force in the challenge process. An attacker can gain unauthorized access to the local gRPC API by bypassing the 4-digit code authentication mechanism. This is only exploitable if the attacker has local user-level access to the...

Information disclosure

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts...

CVE-2012-6076

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts...

CVE-2012-6076

Inkscape prior to 0.48.4 is affected by CVE-2012-6076: it reads EPS files from /tmp instead of the current directory, potentially allowing local users to cause the application to process unintended files and disclose sensitive information. The vulnerability is described in publicly available CVE ...

PT-2013-1827 · Inkscape +1 · Inkscape +1

Name of the Vulnerable Software and Affected Versions: Inkscape versions prior to 0.48.4 Description: The issue concerns an XML external entity XXE injection attack in the rasterization process. This allows local users to read arbitrary files via an external entity in a SVG file. Recommendations:...

Fedora 17 : inkscape-0.48.4-1.fc17 (2012-20620)

Fix XXE flaw, man page ownership. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...