CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

EUVD-2026-34825

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

CVE-2026-11346 Server-Side Request Forgery (SSRF) allowing Internal Network Probing in linqi

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

CVE-2026-11346

The CVE-2026-11346 entry concerns a Server-Side Request Forgery (SSRF) in the custom process creation feature of linQI. An authenticated user can craft a process containing an HTTP Request component to force the server to issue arbitrary HTTP requests, enabling internal-network probing by observi...

CVE-2026-11346 Server-Side Request Forgery (SSRF) allowing Internal Network Probing in linqi

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

CVE-2026-11345 Improper Authentication Bypass in linqi CDN File Access

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

CVE-2026-11345

In CVE-2026-11345, the linqi web app exposes an improper authentication flaw in the /api/Cdn/GetFile endpoint. The ValidateAnonFileAccess check incorrectly grants access when an AnonFile query parameter is exactly 256 characters, allowing unauthenticated remote access to files. The exposed resour...

CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

PT-2026-46932

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

Linqi 安全漏洞

Linqi is an English speaking practice platform developed by the German company Linqi. It combines human language interaction with AI-based feedback. Linqi has a security vulnerability, which stems from hard-coded encryption keys and weak algorithms for generating initialization vectors. This allo...

Linqi 安全漏洞

Linqi is an English speaking practice platform developed by the German company Linqi. Linqi has a security vulnerability, which stems from a server-side request forgeing vulnerability in the custom process creation function. This vulnerability allows authenticated attackers to detect internal...

Linqi 安全漏洞

Linqi is an English speaking practice platform developed by the German company Linqi. The platform combines human language interaction with AI feedback. Linqi has a security vulnerability, which stems from the lack of authorized checks. As a result, any authenticated user can read and write...

Linqi 安全漏洞

Linqi is an English speaking practice platform developed by the German company Linqi. There is a security vulnerability in Linqi, which stems from improper authentication at the/api/Cdn/GetFile endpoint. This allows unauthorized remote attackers to bypass file access controls, but the actual...

PT-2026-46931

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

EUVD-2024-31573

Malicious code in bioql PyPI...

EUVD-2024-31572

Malicious code in bioql PyPI...