64 matches found
CVE-2026-11346
A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...
CVE-2026-11346
A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...
EUVD-2026-34825
A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...
CVE-2026-11346 Server-Side Request Forgery (SSRF) allowing Internal Network Probing in linqi
A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...
CVE-2026-11346
The CVE-2026-11346 entry concerns a Server-Side Request Forgery (SSRF) in the custom process creation feature of linQI. An authenticated user can craft a process containing an HTTP Request component to force the server to issue arbitrary HTTP requests, enabling internal-network probing by observi...
CVE-2026-11345 Improper Authentication Bypass in linqi CDN File Access
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...
CVE-2026-11345
In CVE-2026-11345, the linqi web app exposes an improper authentication flaw in the /api/Cdn/GetFile endpoint. The ValidateAnonFileAccess check incorrectly grants access when an AnonFile query parameter is exactly 256 characters, allowing unauthenticated remote access to files. The exposed resour...
CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
PT-2026-46931
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...
PT-2026-46932
A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...
EUVD-2024-31570
Malicious code in bioql PyPI...
EUVD-2024-31572
Malicious code in bioql PyPI...
EUVD-2024-31569
Malicious code in bioql PyPI...
EUVD-2024-31571
Malicious code in bioql PyPI...
EUVD-2024-31573
Malicious code in bioql PyPI...
EUVD-2024-31568
Malicious code in bioql PyPI...
CVE-2024-33863
An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion...
CVE-2024-33867
An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt...
CVE-2024-33865
An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/GUID endpoints...
CVE-2024-33866
An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/GUID XSS...