CVE-2026-11345

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

CVE-2026-11345

In CVE-2026-11345, the linqi web app exposes an improper authentication flaw in the /api/Cdn/GetFile endpoint. The ValidateAnonFileAccess check incorrectly grants access when an AnonFile query parameter is exactly 256 characters, allowing unauthenticated remote access to files. The exposed resour...

EUVD-2022-55948

Inciga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijackin...

CVE-2023-45135 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In org.xwiki.platform:xwiki-platform-web versions 7.2-milestone-2 until 14.10.12 and org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12 and 15.5-rc-1, it is possible to...

USN-2371-1 exuberant-ctags vulnerability

It was discovered that Exuberant Ctags incorrectly handled certain minified js files. An attacker could use this issue to possibly cause Exuberant Ctags to consume resources, resulting in a denial of service...