132 matches found
PT-2026-44544
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...
PT-2026-44543
Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.5.6 Description A stored cross-site scripting issue exists in instances configured with SSO/OAuth authentication. A low-privilege user can execute arbitrary JavaScript in an administrator's browser session by settin...
LinkAce 跨站脚本漏洞
LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting flaw. Low-privilege users could se...
CVE-2026-40905
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By...
CVE-2026-40905 LinkAce: Password Reset Poisoning via X-Forwarded-Host Header Injection Leading to Account Takeover
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By...
EUVD-2026-24473
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By...
CVE-2026-40905
CVE-2026-40905 (LinkAce) relates to a password reset poisoning vulnerability in LinkAce prior to 2.5.4 caused by trusting the user-controlled X-Forwarded-Host header when generating password reset URLs. An attacker can manipulate this header during a reset request to inject a malicious domain int...
LinkAce 输入验证错误漏洞
LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.4 contained a vulnerability related to input validation errors. This vulnerability stemmed from the improper trust given to the X-Forwarded-Host...
PT-2026-34172
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By...
CVE-2026-35516
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...
CVE-2026-35516
LinkAce CVE-2026-35516 affects LinkAce prior to version 2.5.4. The issue arises because LinkRepository::update and CheckLinksCommand::checkLink do not validate private IPs, allowing an authenticated user to cause server-side requests to internal resources (e.g., AWS IMDSv1, cloud metadata, intern...
EUVD-2026-19682
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...
CVE-2026-35516 LinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...
CVE-2026-35516
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...
PT-2026-30864
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...
LinkAce 代码问题漏洞
LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.4 had code vulnerabilities. These vulnerabilities stemmed from insufficient checks on private IP addresses, allowing authenticated users to read...
CVE-2026-33954
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
CVE-2026-33953
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...
CVE-2026-33954
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
CVE-2026-33954
LinkAce (before v2.5.3) discloses private notes attached to non-private links to other authenticated users via the web interface. The API enforces note visibility, but the web link detail page renders notes without applying equivalent visibility filtering, enabling an authenticated user allowed t...