22 matches found
CVE-2026-35516 LinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...
PT-2026-30864
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...
CVE-2026-3741
A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/DfriendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...
CVE-2023-49375
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/friendlink/update...
Malicious code in sails-link-update-glaciology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c565b4c6d9dd5485fafd3fce71a661cbee1ead7dd64f7bb8d20006fbbcbc76e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176545
Malicious code in sails-link-update-glaciology npm...
EUVD-2025-114563
Malicious code in deneb-link-update-deneb npm...
EUVD-2025-111685
Malicious code in link-update-jwt-chai npm...
MAL-2025-141546 Malicious code in deneb-link-update-deneb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36d9c4475b482ba822ab66700268c35909301fd11e9793500dc71c7e483a8395 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
PT-2025-34813 · Mahara · Mahara
Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04.8 and 24.04.4 Description: An issue allows an attacker to download files without proper authorization by using a malicious export download URL. Recommendations: Update to a newer version that contains a fix for this issu...
UBUNTU-CVE-2025-21887
In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovldentryupdatereval by moving dput in ovllinkup The issue was caused by dputupper being called before ovldentryupdatereval, while upper-dflags was still accessed in ovldentryremote. Move dputupper after its last...
kernel: net: hns3: fix kernel crash problem in concurrent scenario
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash problem in concurrent scenario When link status change, the nic driver need to notify the roce driver to handle this event, but at this time, the roce driver may uninit, then cause kernel crash. To fix...
BIT-GITLAB-2020-13333
A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage...
SUSE CVE-2021-47077
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedfupdatelinkspeed The following trace was observed: 14.042059 Call Trace: 14.042061 14.042068 qedflinkupdate+0x144/0x1f0 qedf 14.042117 qedlinkupdate+0x5c/0x80 qed 14.042135...
Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability
Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A cross-site scripting vulnerability exists in TinyMCE versions prior to 5.10.0 that could allow an attacker to execute arbitrary JavaScript when updating an image or link with a specially crafted URL...
GHSA-GFHV-XXQJ-H323 Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/update
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/friendlink/update...
CVE-2023-49375
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/friendlink/update...
Cross site request forgery (csrf)
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/friendlink/update...
PT-2023-31189 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: A Cross-Site Request Forgery CSRF issue was discovered in JFinalCMS. The vulnerability can be exploited via the "/admin/friend link/update" API endpoint. Recommendations: For JFinalCMS version 5.0.0, as a...
JFinalCMS Security Vulnerability
JFinalCMS is a content management system developed by heyewei. A security vulnerability exists in JFinalCMS v5.0.0, which originates from a cross-site request forgery vulnerability in the /admin/friendlink/update component...