linqi
by linqi
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-11347 | Hig | 0.55 | — | — | Jun 5, 2026 | The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with… | ||
| CVE-2026-11369 | Hig | 0.46 | — | — | Jun 5, 2026 | The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference (IDOR) vulnerability… | ||
| CVE-2026-11345 | Med | 0.45 | — | — | Jun 5, 2026 | An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256… | ||
| CVE-2026-11346 | Med | 0.34 | — | — | Jun 5, 2026 | A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send… | ||
| CVE-2024-33868 | 0.00 | — | 0.00 | May 14, 2024 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. | |||
| CVE-2024-33866 | 0.00 | — | 0.00 | May 14, 2024 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS. | |||
| CVE-2024-33863 | 0.00 | — | 0.00 | May 14, 2024 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion. |
- risk 0.55cvss —epss —
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with…
- risk 0.46cvss —epss —
The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference (IDOR) vulnerability…
- risk 0.45cvss —epss —
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256…
- risk 0.34cvss —epss —
A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send…
- CVE-2024-33868May 14, 2024risk 0.00cvss —epss 0.00
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.
- CVE-2024-33866May 14, 2024risk 0.00cvss —epss 0.00
An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS.
- CVE-2024-33863May 14, 2024risk 0.00cvss —epss 0.00
An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion.