19 matches found
CVE-2026-11345
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...
CVE-2026-11345
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...
EUVD-2026-33056
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...
CVE-2026-45342
LinkAce prior to version 2.5.6 is affected by an Insecure Direct Object Reference (IDOR) in the authorization policy layer. The root cause is in update() policy methods (LinkPolicy, LinkListPolicy, TagPolicy, NotePolicy) where access checks delegate to userCanAccessX(), which returns true for any...
PT-2026-44542
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GET /public/api/resources/download endpoint when serving SVG files without a proper Content Security Policy header. An attacker can execute arbitrary JavaScript in the context of users' browsers by...
CVE-2025-68941
A flaw was found in Gitea. An attacker with an API token intended for public resources could exploit this vulnerability to gain unauthorized access to private resources. This misconfiguration allows for a bypass of access controls, potentially leading to information disclosure from private...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...
Eliz Panel 安全漏洞
Eliz Panel is a control panel from Eliz Corporation. A security vulnerability exists in Eliz Panel versions prior to 2.3.24 that stems from the presence of a vulnerability where a file or directory is accessible to an external party, which could allow an attacker to collect data from a public...
Malicious code in active-public_resources (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Cloud_Enum - Multi-cloud OSINT Tool. Enumerate Public Resources In AWS, Azure, And Google Cloud
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. Currently enumerates the following: Amazon Web Services : - Open / Protected S3 Buckets - awsapps WorkMail, WorkDocs, Connect, etc. Microsoft Azure: - Storage Accounts - Open Blob Storage Containers - Hosted...
The vulnerability of the astra-winbind component of the Astra Linux operating system allows a perpetrator to gain access to confidential data and compromise its integrity.
The vulnerability of the astra-winbind component of the Astra Linux operating system is related to incorrect cleaning of PAM records when a node is removed from the domain, as well as the creation of publicly accessible resources during initialization. Exploiting this vulnerability allows an...
Stored Cross-Site Scripting Vulnerability in Public Resources Trading Center of Jiangsu Guotai Newpoint Software Co.
Jiangsu Guotai New Point Software Co., Ltd. is to provide e-government, public resources trading, electronic bidding, construction industry, smart city and other fields of related software products and hardware and software integration solutions. A stored cross-site scripting vulnerability exists...
CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
Legal Robot: Legal Robot AWS S3 Bucket Directory Listing
A security researcher found an AWS S3 bucket serving public resources intentionally. The files in this bucket were static assets like logos and marketing assets. We later removed this bucket altogether and therefore re-opened and marked this report as Resolved...