CVE-2026-30954

Medium CVSS: 5.3

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs.

Vendor

Linkace

Product

Linkace

CWE

CWE-639

Yayın Tarihi

2026-03-10 21:16:48

Güncelleme

2026-03-17 16:13:55

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-639 Linkace MEDIUM Linkace 2026

Referanslar

https://github.com/Kovah/LinkAce/security/advisories/GHSA-vc99-cgj6-wwxh

Benzer Kayıtlar

High

CVE-2026-33953

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP l…

Medium

CVE-2026-33954

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-…

High

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetche…

High

CVE-2026-27458

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting v…

High

CVE-2025-62722

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functio…

High

CVE-2025-62721

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints…