16 matches found
CVE-2026-30954
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
CVE-2026-30954
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
CVE-2026-30954
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
CVE-2026-30954
Affected software: LinkAce (self-hosted archive). Vulnerable component: processTaxonomy() in LinkRepository.php. Root cause / what happens: In 2.1.0 and earlier, authenticated users can attach other users’ private tags and lists to their own links by passing integer IDs. Impact (as stated): allow...
CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
EUVD-2026-10877
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
EUVD-2026-10876
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
LinkAce 安全漏洞
LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce 2.1.0 and earlier contained security vulnerabilities, stemming from an improper authorization in the processTaxonomy method. This vulnerability could potentiall...
CVE-2025-62721 LinkAce: Authorization Bypass Allows Unauthorized Access to All Private Links, Lists, and Tags
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system,...
CVE-2025-62721 LinkAce: Authorization Bypass Allows Unauthorized Access to All Private Links, Lists, and Tags
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system,...
Apache Pony Mail Information Disclosure Vulnerability
Apache Pony Mail is a plug-in with mail archiving, viewing and interaction capabilities from the Apache USA Software Foundation. A security vulnerability exists in the statistics generator in Apache Pony Mail versions 0.7 through 0.9, which stems from the statistics generator returning timestamp...
Authorization
The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the conten...
Debian Security Advisory DSA 674-1 (mailman)
The remote host is missing an update to mailman announced via advisory DSA 674-1. OpenVAS Vulnerability Test $Id: deb6741.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 674-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
CVE-2005-0080
The 55optionstraceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address...
mailman -- directory traversal vulnerability
A directory traversal vulnerability in mailman allow remote attackers to read arbitrary files due to inadequate input sanitizing. This could, among other things, lead remote attackers to gaining access to the mailman configuration database which contains subscriber email addresses and passwords o...