CVE-2026-45275

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

CVE-2026-45275

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

NextCloud Authorization Issues Vulnerability

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. Versions of Nextcloud prior to 2.7.2 contained an authorization vulnerability. This vulnerability stemmed from permission escalation, which could...

CVE-2026-39957

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'usergroupid' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who owns...

Lychee 安全漏洞

Lychee is a beautiful and easy-to-use photo management system developed by The Lychee Organisation. It is used for managing and sharing photos. Versions of Lychee prior to 7.5.4 contained security vulnerabilities. These vulnerabilities were caused by an error in the order of SQL operators in the...

PT-2026-31650

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'user group id' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who ow...

Copyparty 安全漏洞

Copyparty is a portable file server developed by Ed’s individual developer. Versions of Copyparty prior to 1.20.12 contained security vulnerabilities. These vulnerabilities stemmed from the lack of permission checks in the sharing function, which could allow users to access other files within...

CVE-2025-66513

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...

CVE-2025-66513

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...

PT-2025-49288

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions prior to 0.8.9 Nextcloud Tables versions prior to 0.9.6 Nextcloud Tables versions prior to 1.0.1 Description Nextcloud Tables allows users to create custom tables with defined columns. Before versions 0.8.9, 0.9.6, an...

EUVD-2008-2327

Malware in sbrugna...

CVE-2024-52509

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...

Unspecified Vulnerability in Nextcloud (CNVD-2024-29654)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from the fact that a sharing recipient with read and share permissions could reshare the item...

CVE-2021-21736

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory...

Improper access control

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory...

Microsoft Windows Update Delivery Optimization Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Windows Update Delivery Optimization in Microsoft Windows, which originates when the program fails to enforce file sharing permissions. A local attacker...

CVE-2002-1694

Microsoft Internet Information Server IIS 4.0 opens log files with FILESHAREREAD and FILESHAREWRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running...