Mrraul124

Name of the Vulnerable Software and Affected Versions: Linkwarden version 2.10.2 Description: The issue concerns a File Path Disclosure Vulnerability in Linkwarden, a self-hosted, open-source collaborative bookmark manager. In the affected version, the server accepts links of the format `file:///etc/passwd` without validation, potentially leading to the leak of other users' links and, in some cases, environment secrets. Recommendations: For version 2.10.2, update to version 2.10.3 to resolve the issue. As a temporary workaround, consider restricting the acceptance of links to validated formats to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Lychee versions 6.6.6 through 6.6.9 **Description** The issue affects Lychee, a free photo-management tool. An attacker can exploit a path traversal vulnerability in SecurePathController.php to leak local files, including environment variables, nginx logs, other users' uploaded images, and configuration secrets. **Recommendations** For versions 6.6.6 through 6.6.9, update to version 6.6.10 to resolve the issue. As a temporary workaround, consider restricting access to the SecurePathController.php file until the update is applied.