CVE-2026-45286

CVE-2026-45286 affects Nextcloud Open Source Content Collaboration Platform. An authenticated user could enumerate other users on the same instance by abusing the Calendar app’s endpoint for suggesting attendees; standard sharing restrictions did not apply to that endpoint. Impacted versions are ...

NextCloud Calendar information leakage vulnerability

NextCloud Calendar is an open-source calendar application developed by NextCloud. There were information leakage vulnerabilities in versions 5.5.13 to 5.5.17 and 6.2.0 to 6.2.3 of NextCloud Calendar. These vulnerabilities stemmed from the lack of shared restrictions applied to the meeting...

EUVD-2026-31827

A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xpcmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack...

Das Parking Management System SQL注入漏洞

Das Parking Management System is a parking management system developed by Das Real Technology Co., Ltd. Version 6.2.0 of Das Parking Management System has a SQL injection vulnerability. This vulnerability stems from the improper use of the xpcmdshell function in the API Endpoint component’s...

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass vulnerability

Authenticated Subscriber+ Authorization Bypass vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin FluentForm versions = 6.2.0...

CVE-2026-40638

Dell PowerScale InsightIQ versions 5.0.0–6.2.0 contain an elevation of privileges flaw described as an execution with unnecessary privileges. A high-privileged attacker with local access could potentially exploit this to gain elevated rights. The available documents do not provide exploitation st...

CVE-2026-40638

Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

Dell PowerScale InsightIQ 安全漏洞

Dell PowerScale InsightIQ is a powerful performance monitoring and reporting tool developed by the American company Dell. Versions 5.0.0 to 6.2.0 of Dell PowerScale InsightIQ contain security vulnerabilities. These vulnerabilities stem from issues with unnecessary permission executions, which cou...

Astra Linux - уязвимость в redis

A heap overflow issue was discovered in Redis versions prior to 5.0.10, before 6.0.9, and before 6.2.0, when using a heap allocator other than jemalloc or glibc’s malloc function. This issue could lead to out-of-bound writing or the crash of the process. Essentially, this flaw does not affect the...

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +5034 more potentially affected by CVE-2026-22745 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22745 Source advisory: OSV:GHSA-6P4F-WCWH-5VVM...

CVE-2026-34904 WordPress Simple Social Media Share Buttons plugin <= 6.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0...

WordPress Simple Social Media Share Buttons plugin <= 6.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Carlos Ferreira in WordPress Plugin Simple Social Media Share Buttons versions = 6.2.0...

Spring MVC and WebFlux has Server Sent Event stream corruption

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

RHSA-2026:2740 Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release

Bulletin has no description...

CVE-2019-12994

Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...

PT-2025-48572

Name of the Vulnerable Software and Affected Versions ChurchCRM versions 6.2.0 and earlier Description ChurchCRM is an open-source church management system. A time-based blind SQL injection exists in how the 1FieldSec parameter is handled. Injecting SLEEP results in predictable server-side delays...

DEBIAN-CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

EUVD-2025-26474

A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack remotely. The exploit has been published and may be used...

at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2), cc.allio.uno:uno-starter-websocket (>=1.1.9 <=1.2.1) +710 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.2.0 <=6.2.11)

org.springframework:spring-websocket MAVEN version =6.2.0, =0.0.1, =1.1.9, =1.1.9, =3.5.5.3, =3.4.0.0, =3.4.0.0, =3.5.5.3, =1.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...