132 matches found
CVE-2025-62722 LinkAce: Stored XSS Vulnerability in Link Title Field Through Social Media Sharing Feature
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting XSS vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the...
CVE-2025-62719
LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...
CVE-2025-62720
LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private links that should only be accessible to their owners. The HTML and CSV export functions in the...
CVE-2025-62721
LinkAce (self-hosted archive for website links) is affected by CVE-2025-62721. In versions ≤ 2.3.1, the authenticated RSS feed endpoints in the FeedController lack proper authorization, allowing any authenticated user to access all links, lists, and tags across all users. The issue is fixed in ve...
CVE-2025-62721 LinkAce: Authorization Bypass Allows Unauthorized Access to All Private Links, Lists, and Tags
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system,...
CVE-2025-62721 LinkAce: Authorization Bypass Allows Unauthorized Access to All Private Links, Lists, and Tags
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system,...
CVE-2025-62721 LinkAce: Authorization Bypass Allows Unauthorized Access to All Private Links, Lists, and Tags
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system,...
CVE-2025-62720 LinkAce: Data Exfiltration via Export Functions Allow Access to All Users' Private Links
LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private links that should only be accessible to their owners. The HTML and CSV export functions in the...
CVE-2025-62720 LinkAce: Data Exfiltration via Export Functions Allow Access to All Users' Private Links
LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private links that should only be accessible to their owners. The HTML and CSV export functions in the...
CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality
LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...
CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality
LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...
CVE-2025-62719
LinkAce CVE-2025-62719 affects the htmlKeywordsFromUrl function in FetchController (versions ≤ 2.3.0). It allows SSRF by fetching user-provided URLs without validating that the destination is external, enabling authenticated attackers to perform port scanning and service discovery on internal net...
CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality
LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...
PT-2025-45055
Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.4.0 Description LinkAce is a self-hosted archive for website links. Versions 2.3.1 and below permit any authenticated user to export the complete database of links, including private links intended only for their...
PT-2025-45054
Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.4.0 Description LinkAce is a self-hosted archive to collect website links. The htmlKeywordsFromUrl function within the FetchController class accepts user-provided URLs and makes HTTP requests without validating the...
PT-2025-45056
Name of the Vulnerable Software and Affected Versions LinkAce versions 2.3.1 and below Description LinkAce is a self-hosted archive to collect website links. Authenticated RSS feed endpoints in the FeedController class do not implement proper authorization checks. This allows any authenticated us...
PT-2025-45057
Name of the Vulnerable Software and Affected Versions LinkAce versions 2.3.1 and below Description LinkAce is a self-hosted archive to collect website links. The social media sharing functionality contains a Stored Cross-Site Scripting XSS issue that allows an authenticated user to inject arbitra...
LinkAce 代码问题漏洞
LinkAce is a self-hosted archive of links to your favorite websites by Kevin Woblick Individual Developer. A code issue vulnerability exists in LinkAce 2.3.0 and prior versions that stems from a failure to validate that the target of a user-supplied URL is an internal or private network resource,...
LinkAce 访问控制错误漏洞
LinkAce is a self-hosted archive of links to your favorite websites by Kevin Woblick Individual Developer. An Access Control Error vulnerability exists in LinkAce 2.3.1 and prior versions, which stems from the HTML and CSV export functionality in the ExportController class not applying ownership ...
LinkAce 访问控制错误漏洞
LinkAce is a self-hosted archive of links to your favorite websites by Kevin Woblick Individual Developer. An access control error vulnerability exists in LinkAce 2.3.1 and prior versions that stems from an authenticated RSS feed endpoint in the FeedController class that does not implement proper...