Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

LinkAce — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in LinkAce, with AI-generated Chinese analysis, references, and POCs.

Vendor: Kovah

CVE IDTitleCVSSSeverityPaused
CVE-2026-40905 LinkAce: Password Reset Poisoning via X-Forwarded-Host Header Injection Leading to Account Takeover CWE-601 8.1 High2026-04-21
CVE-2026-35516 LinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection CWE-918 5.0 Medium2026-04-07
CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page CWE-285 6.5 Medium2026-03-27
CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce CWE-918 8.5 High2026-03-27
CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy() CWE-639 4.3AIMediumAI2026-03-10
CVE-2026-30953 LinkAce affected by SSRF via link creation: NoPrivateIpRule not applied to LinkStoreRequest CWE-918 7.7 High2026-03-10
CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description CWE-80 5.4AIMediumAI2026-02-21
CVE-2025-62722 LinkAce: Stored XSS Vulnerability in Link Title Field Through Social Media Sharing Feature CWE-79 5.4AIMediumAI2025-11-04
CVE-2025-62721 LinkAce: Authorization Bypass Allows Unauthorized Access to All Private Links, Lists, and Tags CWE-200 4.3AIMediumAI2025-11-04
CVE-2025-62720 LinkAce: Data Exfiltration via Export Functions Allow Access to All Users' Private Links CWE-200 4.3AIMediumAI2025-11-04
CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality CWE-918 4.3AIMediumAI2025-11-04
CVE-2025-59424 LinkAce Vulnerable to Stored XSS on the Audit Page CWE-79 7.3 High2025-09-18
CVE-2025-53838 LinkAce has a Stored One Click XSS vulnerability CWE-79 5.4AIMediumAI2025-09-08
CVE-2024-56508 File Upload Vulnerability Leading to XSS in LinkAce v1.15.5 CWE-434 7.6 High2024-12-27
CVE-2024-56507 Reflected Cross-Site Scripting (XSS) Vulnerability in LinkAce CWE-79 4.6 Medium2024-12-27

All 15 known CVE vulnerabilities affecting LinkAce with full Chinese analysis, references, and POCs where available.