CVE-2026-45543

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...

CVE-2026-45543

Nextcloud Forms vulnerability CVE-2026-45543: From versions 4.3.0 through before 5.2.7, removing a collaborator did not revoke read access to uploaded respondent files for affected forms, enabling unauthorized access to those files (scope limited to forms where the user previously had results acc...

CVE-2026-45543 Nextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...

EUVD-2026-33713

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...

EUVD-2026-11034

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reloadpreview function. This makes it possible for...

Plone < 5.2.7 / 6.x < 6.0.0a3 XSS (CVE-2022-23599)

The detected version of Plone, is prior to version 5.2.7, or version 6 prior to 6.0.0a3. It is, therefore, affected by a cross site scripting vulnerability. A remote attacker can exploit this via cache poisoning to redirect a user when clicking links on the compromised page. Note that Nessus has...

PT-2026-22711

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...

CVE-2026-1566

The CVE affects LatePoint

CVE-2026-25757

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue may lead to disclosure of PII of guest users including names, addresses and phone numbers. This...

CVE-2025-52864

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

PT-2026-1081

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.7.3256 build 20250913 Description A flaw exists where a remote attacker, having obtained administrator privileges, could trigger a denial-of-service DoS condition through a NULL pointer dereference. Recommendations...

QNAP Photo Station XMR Mining Vulnerability (NAS-201705-04)

QNAP Photo Station is prone to a vulnerability related to XMR mining programs. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-20210

Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research...

CVE-2017-20210

This CVE concerns QNAP Photo Station. Affected software: Photo Station versions 5.4.1 and 5.2.7. Root cause: related to XMR mining programs; vendors indicate a security fix is included in these versions. Impact and exploitation details are not provided in the documents beyond the XMR-mining assoc...

QNAP Systems Photo Station 安全漏洞

QNAP Systems Photo Station is an online photo album from China-based QNAP Systems, Inc. It is used to organize multimedia content photos and videos on Qnap Nas. A security vulnerability exists in QNAP Systems Photo Station versions 5.4.1 and 5.2.7 that stems from a security issue related to the X...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1414 more potentially affected by CVE-2025-64459 via django (>=5.2.0 <=5.2.7)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.0.13, =1.2.7 and more Source cves: CVE-2025-64459 Source advisory: SNYK:PYTHON-DJANGO-13836728...

EUVD-2020-29625

Malware in sbrugna...

EUVD-2019-13199

Malware in sbrugna...

EUVD-2020-29626

Malware in sbrugna...

EUVD-2022-5967

Malicious code in bioql PyPI...