30 matches found
CVE-2026-51946
creationtimestamp| type| source ---|---|--- 2026-07-02 07:17:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnih6gcem2k 2026-07-02 07:24:19+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpnit5xhki22 2026-07-03 12:06:17+00:00| seen|...
PYSEC-2026-345 Gradio allows users to access arbitrary files
Impact This vulnerability allows users of Gradio applications that have a public link such as on Hugging Face Spaces to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server. Patches Yes, the...
EUVD-2026-33709
Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member a person added via email address who does not have a Nextcloud account, the...
CVE-2026-45285
Concretely affected software: Nextcloud server branches 32.x (32.0.0–32.0.8) and 33.x (33.0.0–33.0.2). The vulnerability arises when sharing with a Team that includes an external member; a public link is auto-created for that external member and is not shown in the share UI. The link grants the s...
PT-2026-45529
Name of the Vulnerable Software and Affected Versions Nextcloud versions 32.0.0 through 32.0.8 Nextcloud versions 33.0.0 through 33.0.2 Description When a user shares a folder or file with a Nextcloud Team containing an external member a person added via email without a Nextcloud account, the...
Nextcloud Teams 安全漏洞
NextCloud Teams is an open-source team collaboration and group management tool developed by NextCloud. There were security vulnerabilities in versions of NextCloud Teams between 32.0.0 and 32.0.9, as well as between 33.0.0 and 33.0.3. These vulnerabilities stemmed from the system automatically...
CVE-2026-41649
Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...
Outline 安全漏洞
Outline is an open-source knowledge base developed by Outline. Versions of Outline from 0.86.0 to 1.7.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references. When both the collectionId and documentId are provided in a request, the authorizatio...
CVE-2026-4149
creationtimestamp| type| source ---|---|--- 2026-04-11 01:30:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116383483774809251 2026-04-11 01:30:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mj6osz6g672t 2026-04-11 03:06:41+00:00| seen|...
CVE-2026-35516
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...
CVE-2026-32761
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...
CVE-2026-32761
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser 2.61.0 and earlier contain security vulnerabilities. These vulnerabilities stem from...
CVE-2026-32761
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...
The Silent Spill: Measuring Sensitive Data Leaks across Public URL Repositories
A large number of URLs are made public by various platforms for security analysis, archiving, and paste sharing -- such as VirusTotal, URLScan.io, Hybrid Analysis, the Wayback Machine, and RedHunt. These services may unintentionally expose links containing sensitive information, as reported in so...
CVE-2026-2959
creationtimestamp| type| source ---|---|--- 2026-02-23 00:00:41+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mfidv3dn2t2u 2026-02-23 00:00:55+00:00| seen| https://infosec.exchange/users/offseq/statuses/116117001877252256 2026-02-23 01:00:39+00:00| seen|...
OpenCloud Affected by Public Link Exploit
Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...
Google Gemini iOS 安全漏洞
Google Gemini iOS is an AI-assisted tools app from Google, Inc. in the United States. Google Gemini iOS suffers from a security vulnerability that originates from the generation of public links containing the full conversation history when sharing conversation snippets, which could lead to...
EUVD-2021-19474
Malware in sbrugna...
GHSA-M842-4QM8-7GPQ Gradio allows users to access arbitrary files
Impact This vulnerability allows users of Gradio applications that have a public link such as on Hugging Face Spaces to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server. Patches Yes, the...