66 matches found
Chamilo LMS 安全漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities stemmed fr...
GHSA-P5W6-75F9-CC2P Note Mark has Broken Access Control on Asset Download
Summary A broken access control vulnerability allows unauthenticated users to retrieve note assets directly from the asset download endpoint when they know both the note UUID and asset UUID. This exposes the full contents of private note assets without authentication, even when the associated boo...
Note Mark has Broken Access Control on Asset Download
Summary A broken access control vulnerability allows unauthenticated users to retrieve note assets directly from the asset download endpoint when they know both the note UUID and asset UUID. This exposes the full contents of private note assets without authentication, even when the associated boo...
CVE-2026-33954
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
CVE-2026-33954
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
CVE-2026-33954
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
EUVD-2026-16870
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
CVE-2026-33954
LinkAce (before v2.5.3) discloses private notes attached to non-private links to other authenticated users via the web interface. The API enforces note visibility, but the web link detail page renders notes without applying equivalent visibility filtering, enabling an authenticated user allowed t...
CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
PT-2026-28578
Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.5.3 Description LinkAce is a self-hosted archive for website links. Versions prior to 2.5.3 allow disclosure of a private note attached to a non-private link to another authenticated user through the web interface...
LinkAce 授权问题漏洞
LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.3 had an authorization vulnerability. This vulnerability stemmed from the lack of equivalent visibility filtering when rendering notes on the web...
CVE-2026-23488
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...
CVE-2026-23488
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...
CVE-2026-23488 Blinko: multiple interfaces in the comment feature allow unauthorized access
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...
EUVD-2026-14544
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...
CVE-2026-23488
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...
CVE-2026-23488 Blinko: multiple interfaces in the comment feature allow unauthorized access
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...
CVE-2026-23488
Blinko is affected prior to version 1.8.4. The /api/v1/comment/create endpoint allows unauthorized posting of comments to any note (including private ones), and /api/v1/comment/list allows unauthorized viewing of comments on all notes. The issue is fixed in version 1.8.4. CVSS v4.0 base score 6.9...