PT-2026-45852

Name of the Vulnerable Software and Affected Versions code-projects Student Admission System version 1.0 Description A SQL injection flaw exists in the /index.php file. This issue allows a remote attacker to manipulate the eid and did arguments to execute unauthorized database queries...

CVE-2026-45282

This CVE affects Nextcloud Server versions 32.0.0–32.0.8 and 33.0.0–33.0.2, where an authenticated attacker can access attachments of link shares using a valid share token and a known documentId, bypassing password protection or download restrictions. The vulnerability enables access to attachmen...

CVE-2026-45282 Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

EUVD-2026-33707

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

CVE-2026-45282 Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

ASB-A-500171842

Bulletin has no description...

CGA-3893-P8H8-XVP4

Bulletin has no description...

CVE-2026-43890

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...

EUVD-2026-29334

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...

MINI-V7JV-537M-F8FW

Bulletin has no description...

MINI-3PGP-2XF4-MQQP

Bulletin has no description...

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework from VMware that integrates artificial intelligence and big language modeling capabilities in the Spring ecosystem. A security vulnerability exists in VMware Spring AI versions 1.0.0 through 1.0.7 prior and 1.1.0 through 1.1.6 prior, which stems from...

CVE-2026-40865

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

MINI-M88M-PHM8-J7WF

Bulletin has no description...

MINI-8CCR-MMM7-4VV7

Bulletin has no description...

CVE-2026-5414

A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argument DocumentId results in improper control of resource identifiers. The attack may be performed...

CVE-2026-5414 Newgen OmniDocs WebApiRequestRedirection resource injection

A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argument DocumentId results in improper control of resource identifiers. The attack may be performed...

Newgen OmniDocs 安全漏洞

Newgen OmniDocs is an enterprise content management suite provided by Newgen Corporation. Versions of Newgen OmniDocs 12.0.00 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the DocumentId parameter in files/omnidocs/WebApiRequestRedirection,...

PT-2026-29866

Name of the Vulnerable Software and Affected Versions Newgen OmniDocs versions up to 12.0.00 Description A security flaw exists in Newgen OmniDocs up to version 12.0.00. The issue involves improper control of resource identifiers due to manipulation of the DocumentId argument within the...

MINI-JXP5-QW6M-3456

Bulletin has no description...