CVE-2026-45281

A flaw was found in Nextcloud Server. An authenticated user, with knowledge of another user's principal URL, could exploit improper authorization controls to gain full access to that user's calendar. This allows the attacker to view and modify the victim's calendar, leading to unauthorized...

CVE-2026-24090

Technical details (affected products, root cause, impact, and remediation) are not publicly available in the provided documents. Monitor for updates from the vendors and CVE feed.

CVE-2026-24090 Missing Authentication for Critical Function in HLOS

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow...

CVE-2026-24090

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow...

CVE-2025-59610 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

CVE-2025-59610

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

CVE-2025-59610

CVE-2025-59610 represents a memory corruption vulnerability that occurs when processing IOCTL requests with mismatched API versions, caused by concurrent modification of a user-space buffer. The CVSS 3.1 vector (L/H/C/I/A) indicates a Local, High complexity, High privileges required, no user inte...

CVE-2025-59610 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

CVE-2026-44966

Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of set directives in Velocity templates. If an application renders a template controll...

CVE-2026-24756

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

EUVD-2026-33839

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

CVE-2026-24755

Kiteworks Secure Data Forms (prior to v9.3.0) contains an Insecure Direct Object Reference (IDOR) vulnerability that allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource ownership. A patch is available in Kit...

CVE-2026-24753 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

WordPress JTL-Connector for WooCommerce plugin <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Modification vulnerability discovered by Muhan Luo - Security Innovation in WordPress Plugin JTL-Connector for WooCommerce versions = 2.4.1...

CVE-2026-45545

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries,...

CVE-2026-45281

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the...

EUVD-2026-33715

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries,...

CVE-2026-45545

Summary of CVE-2026-45545 (Nextcloud Tables SQL Injection) : An authenticated attacker with access to the Nextcloud Tables app could trigger a stored SQL injection that accepts arbitrary inputs up to 20 bytes and can break out of the length limit. This allows extraction or modification of databas...

Missing Authorization

Overview vitest is a Next generation testing framework powered by Vite Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshot...

Missing Authorization

Overview @vitest/browser is a Browser running for Vitest Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshots by connectin...