132 matches found
CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
CVE-2026-33953
CVE-2026-33953 (LinkAce) : The SSRF protection in LinkAce can be bypassed via internal hostname resolution. In versions prior to 2.5.3, direct requests to private IP literals are blocked, but server-side requests to internal resources can still be triggered when those resources are referenced thr...
CVE-2026-33953
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...
CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...
CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...
EUVD-2026-16868
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...
CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...
LinkAce 授权问题漏洞
LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.3 had an authorization vulnerability. This vulnerability stemmed from the lack of equivalent visibility filtering when rendering notes on the web...
PT-2026-28577
Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.5.3 Description LinkAce is a self-hosted archive for collecting website links. Versions before 2.5.3 prevent direct requests to private IP literals, but continue to make server-side requests to internal resources wh...
PT-2026-28578
Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.5.3 Description LinkAce is a self-hosted archive for website links. Versions prior to 2.5.3 allow disclosure of a private note attached to a non-private link to another authenticated user through the web interface...
LinkAce 代码问题漏洞
LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.3 had code vulnerabilities. These vulnerabilities stemmed from the fact that internal resources still executed server-side requests when referring ...
CVE-2026-30954
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
CVE-2026-30954
Affected software: LinkAce (self-hosted archive). Vulnerable component: processTaxonomy() in LinkRepository.php. Root cause / what happens: In 2.1.0 and earlier, authenticated users can attach other users’ private tags and lists to their own links by passing integer IDs. Impact (as stated): allow...
CVE-2026-30954
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
EUVD-2026-10877
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
EUVD-2026-10876
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...