CVE-2026-27832 Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection SQLi vulnerability, exploitable through the advancedQueryData parameter comparator field on an authenticated endpoint. The endpoint...

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.8 Images Update

New images are available for Red Hat build of Keycloak 26.0.8 and Red Hat build of Keycloak 26.0.8 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...

Keycloak 安全漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. A security vulnerability exists in Keycloak versions prior to 26.0.8 that stems from the presence of a denial-of-service vulnerability that could allow an administrative user with the privilege to change...

Keycloak 安全漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. A security vulnerability exists in versions of Keycloak prior to 26.0.8, which stems from the possibility that an administrator user may be able to access sensitive server environment variables and syste...

Nextcloud Server < 20.0.14.16, 21.x < 21.0.9.13, 22.x < 22.2.10.15, 23.x < 23.0.12.12, 24.x < 24.0.12.8, 25.x < 25.0.13, 26.x < 26.0.8, 27.x < 27.1.3 Improper Access Control Vulnerability (GHSA-f962-hw26-g267)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-48302

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...

CVE-2023-48301 Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clickin...

Code injection

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8,...