CVE-2026-45282 Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

Logged-in user bypasses share password and download restrictions on Text attachments via documentId

None...

goshs 安全漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs from 1.1.0 to 2.0.0-beta.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of shared tokens, which could bypass the limited file download restrictions, allowing access to a...

The vulnerability of the Avalanche Premise mobile device management system, which stems from the lack of load limits on files, allows a perpetrator to execute arbitrary code.

The vulnerability of the Avalanche Premise mobile device management system lies in the lack of restrictions on file downloads. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the OTCMS sales application, related to the lack of file upload limit restrictions, allows a hacker to execute arbitrary code.

The vulnerability of the OTCMS sales application lies in the lack of restrictions on the download of files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code upon downloading arbitrary files onto the device...