2 matches found
CVE-2026-42455
CVE-2026-42455 affects Linkwarden (self-hosted, open-source bookmark manager). For versions ≤ 2.14.0, the archive upload endpoint POST /api/v1/archives/[linkId]?format=4 accepts HTML files without sanitizing JavaScript content. When the archive is later retrieved via GET /api/v1/archives/[linkId]...
EUVD-2026-25049
DDEV has ZipSlip path traversal in tar and zip archive extraction...