Kovah Linkace
18 CVEs affecting Kovah Linkace. Latest disclosed: 2026-05-28. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33953 | High | 8.5 | 2026-03-27 | LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side… |
CVE-2026-45344 | High | 8.1 | 2026-05-28 | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts att… |
CVE-2026-40905 | High | 8.1 | 2026-04-21 | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to im… |
CVE-2026-30953 | High | 7.7 | 2026-03-10 | LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL (… |
CVE-2024-56508 | High | 7.6 | 2024-12-27 | LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occ… |
CVE-2025-59424 | High | 7.3 | 2025-09-18 | LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting (XSS) vulnerability has been identified on the /system… |
CVE-2026-33954 | Medium | 6.5 | 2026-03-27 | LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a diff… |
CVE-2026-35516 | Medium | 5.0 | 2026-04-07 | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs… |
CVE-2024-56507 | Medium | 4.6 | 2024-12-27 | LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting (XSS) vulnerability exists in th… |
CVE-2026-45343 | | 2026-05-28 | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privi… | |
CVE-2026-45342 | | 2026-05-28 | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorizat… | |
CVE-2026-30954 | | 2026-03-10 | LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users… | |
CVE-2026-27458 | | 2026-02-21 | LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endp… | |
CVE-2025-62722 | | 2025-11-04 | LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scr… | |
CVE-2025-62721 | | 2025-11-04 | LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to im… | |
CVE-2025-62720 | | 2025-11-04 | LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from al… | |
CVE-2025-62719 | | 2025-11-04 | LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts u… | |
CVE-2025-53838 | | 2025-09-08 | LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting (XSS) vulnerability was discovered in versions prior to 2.1.9 that all… |