Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Kovah — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting Kovah. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Kovah:LinkAce
CVE IDTitleCVSSSeverityPublished
CVE-2026-40905 LinkAce: Password Reset Poisoning via X-Forwarded-Host Header Injection Leading to Account Takeover — LinkAceCWE-601 8.1 High2026-04-21
CVE-2026-35516 LinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection — LinkAceCWE-918 5.0 Medium2026-04-07
CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page — LinkAceCWE-285 6.5 Medium2026-03-27
CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce — LinkAceCWE-918 8.5 High2026-03-27
CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy() — LinkAceCWE-639 4.3AIMediumAI2026-03-10
CVE-2026-30953 LinkAce affected by SSRF via link creation: NoPrivateIpRule not applied to LinkStoreRequest — LinkAceCWE-918 7.7 High2026-03-10
CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description — LinkAceCWE-80 5.4AIMediumAI2026-02-21
CVE-2025-62722 LinkAce: Stored XSS Vulnerability in Link Title Field Through Social Media Sharing Feature — LinkAceCWE-79 5.4AIMediumAI2025-11-04
CVE-2025-62721 LinkAce: Authorization Bypass Allows Unauthorized Access to All Private Links, Lists, and Tags — LinkAceCWE-200 4.3AIMediumAI2025-11-04
CVE-2025-62720 LinkAce: Data Exfiltration via Export Functions Allow Access to All Users' Private Links — LinkAceCWE-200 4.3AIMediumAI2025-11-04
CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality — LinkAceCWE-918 4.3AIMediumAI2025-11-04
CVE-2025-59424 LinkAce Vulnerable to Stored XSS on the Audit Page — LinkAceCWE-79 7.3 High2025-09-18
CVE-2025-53838 LinkAce has a Stored One Click XSS vulnerability — LinkAceCWE-79 5.4AIMediumAI2025-09-08
CVE-2024-56508 File Upload Vulnerability Leading to XSS in LinkAce v1.15.5 — LinkAceCWE-434 7.6 High2024-12-27
CVE-2024-56507 Reflected Cross-Site Scripting (XSS) Vulnerability in LinkAce — LinkAceCWE-79 4.6 Medium2024-12-27

This page lists every published CVE security advisory associated with Kovah. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.