CVE-2026-45285

A flaw was found in Nextcloud. When a user shares a folder or file with a Nextcloud Team that includes an external member, the system automatically generates a public link for that external member. This link, which is not visible to the folder owner, grants the same permissions as the Team's...

CVE-2026-45285

Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member a person added via email address who does not have a Nextcloud account, the...

CVE-2026-45285 Nextcloud: Hidden Public Link creation when sharing to a Team External Member

Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member a person added via email address who does not have a Nextcloud account, the...

CVE-2026-39970

The CVE covers TypeBot (chatbot builder) ≤ version 3.15.2, where the profile picture upload form fails to sanitize SVG/XML uploads and directly renders them. This enables stored XSS via crafted SVGs containing JavaScript, with payload stored on app.typebot.io and accessible via a permanent link, ...

CVE-2026-32267

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user or an unauthenticated user who has been sent a shared URL can escalate their privileges to admin by abusing...

SUSE CVE-2026-27611

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...

CVE-2026-23989

REVA (OpenCloud Reva component) contains a vulnerability in its GRPC authorization middleware that lets a malicious user bypass the public link scope verification via the archiver service, enabling creation of an archive (zip/tar) containing all resources within the link’s scope. Affected version...

CVE-2025-67857

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure...

CVE-2021-41573

Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...

CVE-2025-65516

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

PT-2025-44053

Name of the Vulnerable Software and Affected Versions Frappe Learning versions prior to 2.39.1 Description Frappe Learning, a learning management system, had a security issue where students could access the Quiz Form if they possessed the URL. This allowed unauthorized access to quiz content...

CVE-2025-5009

In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet...

EUVD-2017-9981

Malware in sbrugna...

CVE-2025-54144

Summary: CVE-2025-54144 affects Firefox for iOS before version 141. The URL scheme used to facilitate searching of text queries could be abused to open arbitrary website URLs or internal pages if a user is tricked into clicking a link. This is described as a security bypass in Firefox for iOS pri...

DEBIAN-CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

CVE-2024-22421 Potential authentication and CSRF tokens leak in JupyterLab

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server...

HotelDruid 安全漏洞

HotelDruid is a hotel management system by the Digitaldruid.net team. The system includes features such as room management, financial management and inventory management. A security vulnerability exists in HotelDruid Hotel Management Software version v3.0.3 and prior versions, which originates fr...

Shopify: Removing parts of URL from jQuery request exposes links for download of Paid Digital Assets of the most recent Order placed by anyone on the store!

Please Note: I found this bug on a website made using Shopify I tried doing the same with my Shopify store but I was not able to buy anything as it was required to add credit card details which I don't have : THE LINKS GIVEN AS THE EXAMPLE ARE NOT VALID LINKS BUT THE BUG WORKS ON EVERY SHOPIFY...

CVE-2020-5975

NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure...

PT-2019-4622 · Django Software Foundation +3 · Django +3

Name of the Vulnerable Software and Affected Versions: Django versions 1.11 through 1.11.20 Django versions 2.1 through 2.1.8 Django versions 2.2 through 2.2.1 Description: The issue is related to the AdminURLFieldWidget function in the Django web development framework, which is associated with...