LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenti
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript
LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting (XSS) vulnerability exists in the LinkAce. This issue occurs in the "URL"
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting (XSS) vulnerability that allows an
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web inte
LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests
LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting (XSS) vulnerability was discovered in versions prior to 2.1.9 that allows an attacker to inject arbitrary JavaS
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read response
LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fiel
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP head
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags and l
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allo
LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists (/lists/feed). An authenti
LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionali
LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL (LinkRepository::create() calls HtmlMeta::
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication (GetLinkShareFromClaims in pkg/models/link_sharing.go) constructs authorization obje
Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /u
A vulnerability classified as critical was found in Benner Connecta 1.0.5330. Affected by this vulnerability is an unknown functionality of the file /Usuarios/Usuario/EditarLogado/. The manipulation o
Page 1+ Next →