Kovah

#14060of 53,632
19.1Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2026-24434
7.7
2026-03-10
Linkace · Linkace · CVE-2026-30953
**Name of the Vulnerable Software and Affected Versions** LinkAce (affected versions not specified) **Description** LinkAce is a self-hosted archive for collecting website links. A flaw exists in the link creation process where the server fetches HTML metadata from a URL provided via a POST request to the `/links` endpoint. The validation rules for `LinkStoreRequest` do not include a rule to prevent requests to internal network addresses, Docker service hostnames, and cloud metadata endpoints. While a `NoPrivateIpRule` class exists within the project, it is only applied in `FetchController.php` and not during the primary link creation process. This could allow an attacker to potentially access internal resources or sensitive information. **Recommendations** Apply the `NoPrivateIpRule` class to the `LinkStoreRequest` validation rules in the link creation path to prevent requests to internal network addresses, Docker service hostnames, and cloud metadata endpoints.
PT-2026-24454
5.3
2026-03-10
Linkace · Linkace · CVE-2026-30954
**Name of the Vulnerable Software and Affected Versions** LinkAce versions prior to 2.1.1 **Description** LinkAce is a self-hosted archive for collecting website links. Versions 2.1.0 and earlier contain an issue where the `processTaxonomy()` method within the `LinkRepository.php` file allows authenticated users to associate tags and lists belonging to other users with their own links. This is achieved by submitting integer IDs. **Recommendations** Update to version 2.1.1 or later.
PT-2018-6744
6.1
2018-03-05
Invoiceplane · Invoiceplane · CVE-2017-18217
Name of the Vulnerable Software and Affected Versions: InvoicePlane versions prior to 1.5.5 Description: An issue was discovered related to Cross Site Scripting. The Email address and Web address parameters are vulnerable, specifically in the files application/modules/clients/views/view.php, application/modules/invoices/views/view.php, and application/modules/quotes/views/view.php. Recommendations: For versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue. As a temporary workaround, consider restricting user input for the `Email address` and `Web address` parameters to minimize the risk of exploitation.