Lucene search
K

19 matches found

NVD
NVD
added 2026/06/05 12:16 p.m.12 views

CVE-2026-11345

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS0.00414EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:29 a.m.13 views

CVE-2026-11345

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS5.6AI score0.00414EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 8:47 p.m.12 views

EUVD-2026-33056

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 8:47 p.m.17 views

CVE-2026-45342

LinkAce prior to version 2.5.6 is affected by an Insecure Direct Object Reference (IDOR) in the authorization policy layer. The root cause is in update() policy methods (LinkPolicy, LinkListPolicy, TagPolicy, NotePolicy) where access checks delegate to userCanAccessX(), which returns true for any...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44542

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 3:29 a.m.7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GET /public/api/resources/download endpoint when serving SVG files without a proper Content Security Policy header. An attacker can execute arbitrary JavaScript in the context of users' browsers by...

5.4CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/26 6:59 p.m.3 views

CVE-2025-68941

A flaw was found in Gitea. An attacker with an API token intended for public resources could exploit this vulnerability to gain unauthorized access to private resources. This misconfiguration allows for a bypass of access controls, potentially leading to information disclosure from private...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References6
Snyk
Snyk
added 2025/12/26 3:30 a.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 3:30 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 3:30 a.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 3:30 a.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 3:30 a.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/18 12:0 a.m.3 views

Eliz Panel 安全漏洞

Eliz Panel is a control panel from Eliz Corporation. A security vulnerability exists in Eliz Panel versions prior to 2.3.24 that stems from the presence of a vulnerability where a file or directory is accessible to an external party, which could allow an attacker to collect data from a public...

9.2CVSS6.6AI score0.00405EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.7 views

Malicious code in active-public_resources (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2024/03/29 11:30 a.m.43 views

Cloud_Enum - Multi-cloud OSINT Tool. Enumerate Public Resources In AWS, Azure, And Google Cloud

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. Currently enumerates the following: Amazon Web Services : - Open / Protected S3 Buckets - awsapps WorkMail, WorkDocs, Connect, etc. Microsoft Azure: - Storage Accounts - Open Blob Storage Containers - Hosted...

7.2AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/10/01 12:0 a.m.5 views

The vulnerability of the astra-winbind component of the Astra Linux operating system allows a perpetrator to gain access to confidential data and compromise its integrity.

The vulnerability of the astra-winbind component of the Astra Linux operating system is related to incorrect cleaning of PAM records when a node is removed from the domain, as well as the creation of publicly accessible resources during initialization. Exploiting this vulnerability allows an...

5.2CVSS5.5AI score
Exploits0References3
CNVD
CNVD
added 2019/04/29 12:0 a.m.2 views

Stored Cross-Site Scripting Vulnerability in Public Resources Trading Center of Jiangsu Guotai Newpoint Software Co.

Jiangsu Guotai New Point Software Co., Ltd. is to provide e-government, public resources trading, electronic bidding, construction industry, smart city and other fields of related software products and hardware and software integration solutions. A stored cross-site scripting vulnerability exists...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2018/02/05 11:49 a.m.37 views

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

7.5CVSS1.3AI score0.02857EPSS
Exploits0References2
Hacker One
Hacker One
added 2016/12/27 4:25 a.m.12 views

Legal Robot: Legal Robot AWS S3 Bucket Directory Listing

A security researcher found an AWS S3 bucket serving public resources intentionally. The files in this bucket were static assets like logos and marketing assets. We later removed this bucket altogether and therefore re-opened and marked this report as Resolved...

1.6AI score
Exploits0
Rows per page
Query Builder