Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

132 matches found

OSV
OSVadded 2026/03/10 8:40 p.m.5 views

CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References3
CVE
CVEadded 2026/03/10 8:38 p.m.7 views

CVE-2026-30953

LinkAce is affected by CVE-2026-30953 due to missing validation for NoPrivateIpRule during link creation. The server fetches HTML metadata from user-provided URLs in LinkRepository::create() via HtmlMeta::getFromUrl(), and the NoPrivateIpRule is only applied in FetchController.php, not in the pri...

7.7CVSS5.8AI score0.00218EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/03/10 8:38 p.m.3 views

CVE-2026-30953 LinkAce affected by SSRF via link creation: NoPrivateIpRule not applied to LinkStoreRequest

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

7.7CVSS5.8AI score0.00218EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/10 12:0 a.m.2 views

PT-2026-24454

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/03/10 12:0 a.m.3 views

LinkAce 安全漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce 2.1.0 and earlier contained security vulnerabilities, stemming from an improper authorization in the processTaxonomy method. This vulnerability could potentiall...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/03/10 12:0 a.m.4 views

LinkAce 代码问题漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. LinkAce has code vulnerabilities; these vulnerabilities arise from the lack of the NoPrivateIpRule validation rule during link creation, which may lead to server-side request...

7.7CVSS5.9AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/21 6:54 a.m.19 views

CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

8.7CVSS0.00218EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/02/21 6:54 a.m.4 views

CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

8.7CVSS5.8AI score0.00218EPSS
Exploits1References2
CVE
CVEadded 2026/02/21 6:54 a.m.9 views

CVE-2026-27458

LinkAce versions 2.4.2 and earlier are affected by a Stored XSS in the Atom feed at /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description, escaping the CDATA and injecting an SVG element into the Atom XML, which the browser parses and executes as JavaScrip...

8.7CVSS6AI score0.00218EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/02/21 6:54 a.m.3 views

CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

8.7CVSS6AI score0.00218EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/02/21 12:0 a.m.4 views

LinkAce 安全漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce 2.4.2 and earlier contained a security vulnerability; this vulnerability stemmed from a storage-type cross-site scripting vulnerability in the list’s Atom...

8.7CVSS5.8AI score0.00218EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/02/21 12:0 a.m.6 views

PT-2026-21363

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

8.7CVSS6AI score0.00218EPSS
Exploits1References3
CNVD
CNVDadded 2025/11/10 12:0 a.m.3 views

LinkAce cross-site scripting vulnerability (CNVD-2025-27898)

LinkAce is a self-hosted archive of links to your favorite websites. A cross-site scripting vulnerability exists in LinkAce 2.3.1 and prior versions, which stems from insufficient validation of title field input by the social media sharing feature and can be exploited by an attacker to cause a...

8.7CVSS6.1AI score0.00209EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/11/05 11:10 p.m.8 views

CVE-2025-62721

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system,...

7.1CVSS6.5AI score0.0032EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/11/05 11:10 p.m.16 views

CVE-2025-62722

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting XSS vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the...

8.7CVSS5.2AI score0.00209EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/11/05 10:4 p.m.7 views

CVE-2025-62719

LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...

4.3CVSS6.6AI score0.00272EPSS
Exploits1References1
NVD
NVDadded 2025/11/04 11:15 p.m.9 views

CVE-2025-62722

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting XSS vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the...

8.7CVSS0.00209EPSS
Exploits1References3
CVE
CVEadded 2025/11/04 10:31 p.m.10 views

CVE-2025-62722

CVE-2025-62722 concerns LinkAce, a self-hosted archive for collecting website links. The vulnerability is a Stored XSS in the social media sharing feature, arising from insufficient validation of the title field. Affected versions are 2.3.1 and earlier; when a user views a link’s details page and...

8.7CVSS4.9AI score0.00209EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2025/11/04 10:31 p.m.6 views

CVE-2025-62722 LinkAce: Stored XSS Vulnerability in Link Title Field Through Social Media Sharing Feature

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting XSS vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the...

8.7CVSS0.00209EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2025/11/04 10:31 p.m.3 views

CVE-2025-62722 LinkAce: Stored XSS Vulnerability in Link Title Field Through Social Media Sharing Feature

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting XSS vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the...

8.7CVSS4.9AI score0.00209EPSS
Exploits1References3
Rows per page
Query Builder