2 matches found
CVE-2026-23485
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...
CVE-2026-23485
Blinko, a AI-powered card note-taking project , has a path-traversal vulnerability in the filePath parameter prior to version 1.8.4 , enabling enumeration of server files via differing error responses. The issue is patched in version 1.8.4 ; upgrade to 1.8.4 or later to mitigate.