Blinkospace Blinko
10 CVEs affecting Blinkospace Blinko. Latest disclosed: 2026-03-23. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-23882 | | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creation function allows specifying arbitrary… | |
CVE-2026-23485 | | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file… | |
CVE-2026-23488 | | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowin… | |
CVE-2026-23487 | | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerability where user.detail Endpoint Leaks the Superadmin Token… | |
CVE-2026-23486 | | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endpoint exposes all user information, including usernames, rol… | |
CVE-2026-23480 | | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escalation vulnerability. The upsertUser endpoint has 3 issues… | |
CVE-2026-23481 | | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile… | |
CVE-2026-23484 | | 2026-03-23 | Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write fi… | |
CVE-2026-23483 | | 2026-03-23 | Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join() to concatenate paths but does n… | |
CVE-2026-23482 | | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and doe… |