Lucene search
+L

66 matches found

CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities stemmed fr...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References3
OSV
OSV
added 2026/04/13 7:31 p.m.4 views

GHSA-P5W6-75F9-CC2P Note Mark has Broken Access Control on Asset Download

Summary A broken access control vulnerability allows unauthenticated users to retrieve note assets directly from the asset download endpoint when they know both the note UUID and asset UUID. This exposes the full contents of private note assets without authentication, even when the associated boo...

5.9CVSS5.8AI score0.00409EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/13 7:31 p.m.8 views

Note Mark has Broken Access Control on Asset Download

Summary A broken access control vulnerability allows unauthenticated users to retrieve note assets directly from the asset download endpoint when they know both the note UUID and asset UUID. This exposes the full contents of private note assets without authentication, even when the associated boo...

5.9CVSS5.8AI score0.00409EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-33954

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 10:16 p.m.6 views

CVE-2026-33954

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS0.00318EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:23 p.m.2 views

CVE-2026-33954

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 9:23 p.m.9 views

CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/27 9:23 p.m.21 views

CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS0.00318EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 9:23 p.m.4 views

EUVD-2026-16870

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 9:23 p.m.15 views

CVE-2026-33954

LinkAce (before v2.5.3) discloses private notes attached to non-private links to other authenticated users via the web interface. The API enforces note visibility, but the web link detail page renders notes without applying equivalent visibility filtering, enabling an authenticated user allowed t...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/27 9:23 p.m.3 views

CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28578

Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.5.3 Description LinkAce is a self-hosted archive for website links. Versions prior to 2.5.3 allow disclosure of a private note attached to a non-private link to another authenticated user through the web interface...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

LinkAce 授权问题漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.3 had an authorization vulnerability. This vulnerability stemmed from the lack of equivalent visibility filtering when rendering notes on the web...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.8 views

CVE-2026-23488

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...

6.9CVSS5.7AI score0.00305EPSS
Exploits0References1
NVD
NVD
added 2026/03/23 9:17 p.m.11 views

CVE-2026-23488

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...

6.9CVSS0.00305EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/23 8:48 p.m.4 views

CVE-2026-23488 Blinko: multiple interfaces in the comment feature allow unauthorized access

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...

6.9CVSS5.7AI score0.00305EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/23 8:48 p.m.13 views

EUVD-2026-14544

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...

6.9CVSS5.7AI score0.00305EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 8:48 p.m.7 views

CVE-2026-23488

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...

6.9CVSS5.7AI score0.00305EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/23 8:48 p.m.28 views

CVE-2026-23488 Blinko: multiple interfaces in the comment feature allow unauthorized access

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...

6.9CVSS0.00305EPSS
Exploits0References4
CVE
CVE
added 2026/03/23 8:48 p.m.24 views

CVE-2026-23488

Blinko is affected prior to version 1.8.4. The /api/v1/comment/create endpoint allows unauthorized posting of comments to any note (including private ones), and /api/v1/comment/list allows unauthorized viewing of comments on all notes. The issue is fixed in version 1.8.4. CVSS v4.0 base score 6.9...

6.9CVSS5.7AI score0.00305EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder