CVE-2026-45282

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

CVE-2026-45282

This CVE affects Nextcloud Server versions 32.0.0–32.0.8 and 33.0.0–33.0.2, where an authenticated attacker can access attachments of link shares using a valid share token and a known documentId, bypassing password protection or download restrictions. The vulnerability enables access to attachmen...

CVE-2026-45282 Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5887

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5887

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5896

Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5887

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5887

CVE-2026-5887 affects Google Chrome on Windows (Chromium-based) with insufficient validation of untrusted input in the Downloads feature prior to version 147.0.7727.55, allowing a crafted HTML page to bypass download restrictions. Connected advisories show fixed releases across distros: Chromium ...

PT-2026-31505

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description Insufficient validation of untrusted input in Downloads in Google Chrome on Windows allowed a remote attacker to bypass download restrictions via a crafted HTML page. The security...

EUVD-2019-5130

Malware in sbrugna...

EUVD-2019-5101

Malware in sbrugna...

EUVD-2022-34869

Malicious code in bioql PyPI...

EUVD-2023-12229

Malicious code in bioql PyPI...

EUVD-2022-34635

Malicious code in bioql PyPI...

PT-2025-22436 · Unknown · Open Edx Platform

Name of the Vulnerable Software and Affected Versions: The Open edX Platform versions prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba Description: The issue concerns the Open edX Platform, a learning management platform, where prior to a specific commit, there was no built-in protection...

Linux Distros Unpatched Vulnerability : CVE-2024-38519

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded...

The vulnerability of the SuiteCRM customer relationship management system lies in the lack of restrictions on file downloads. This allows a malicious actor to execute or open files on the web server without having access to those files.

The vulnerability of the SuiteCRM customer relationship management system is related to the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to execute or open files on the web server without having access to those files...

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System (GMS) global network firewall system lies in the lack of restrictions on file downloads, which allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System GMS global network firewall management system is related to the lack of restrictions on file downloads. Exploiting this vulnerability could allow a malicious actor to compromise the...

The vulnerability in the isolated iframe of the Google Chrome browser allows a perpetrator to circumvent existing restrictions on file downloads.

The vulnerability in the isolated iframe environment of Google Chrome relates to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to circumvent existing restrictions on file downloads by using a specially created HTML page...