Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

CVE-2026-23486

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. This issue has been patched in version 1.8.4...

EUVD-2026-14541

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. This issue has been patched in version 1.8.4...

CVE-2026-23486

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. This issue has been patched in version 1.8.4...

CVE-2026-23486

The CVE-2026-23486 vulnerability affects Blinko prior to version 1.8.4, where a publicly accessible endpoint exposed all user information (usernames, roles, and account creation dates). The issue is caused by an exposed endpoint, with impacts limited to information disclosure (low confidentiality...

CVE-2026-23486 Blinko: Unauthorized User Information Leak

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. This issue has been patched in version 1.8.4...

CVE-2026-23486 Blinko: Unauthorized User Information Leak

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. This issue has been patched in version 1.8.4...

PT-2026-27214

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.4 Description A publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. The affected software is an AI-powered card note-taking project. The issue was...

GHSA-G9WF-5777-GQ43

creationtimestamp| type| source ---|---|--- 2025-02-03 21:15:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113942024388964254 2025-03-19 18:36:44+00:00| seen| https://gist.github.com/superboy-zjc/a31b8ea7466f91b437598297bf5cbce8 2025-03-20 20:27:37+00:00| seen|...

GHSA-2X7R-93WW-CXRQ

creationtimestamp| type| source ---|---|--- 2024-01-02 15:26:47+00:00| seen| https://t.me/ctinow/161829 2024-01-20 15:17:17+00:00| seen| https://t.me/ctinow/170652...

CVE-2017-18357

creationtimestamp| type| source ---|---|--- 2019-01-15 18:57:32+00:00| seen| https://t.me/cibsecurity/2037 2019-05-17 23:32:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/shopwarecreateinstancefromnamedargumentsrce.rb 2019-05-23...

CVE-2007-2918

creationtimestamp| type| source ---|---|--- 2010-05-09 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16511 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/logitechvideocallstart.rb 2025-02-06...