CVE-2026-45286

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

CVE-2026-45286

CVE-2026-45286 affects Nextcloud Open Source Content Collaboration Platform. An authenticated user could enumerate other users on the same instance by abusing the Calendar app’s endpoint for suggesting attendees; standard sharing restrictions did not apply to that endpoint. Impacted versions are ...

CVE-2026-45286

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

NextCloud Calendar information leakage vulnerability

NextCloud Calendar is an open-source calendar application developed by NextCloud. There were information leakage vulnerabilities in versions 5.5.13 to 5.5.17 and 6.2.0 to 6.2.3 of NextCloud Calendar. These vulnerabilities stemmed from the lack of shared restrictions applied to the meeting...

OESA-2026-2127 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: 'Severity: low \n\nAffected versions:\n\n- Apache ActiveMQ Client org.apache.activemq:activemq-client before 5.19.3\n- Apache ActiveMQ Client org.apache.activemq:activemq-client 6.0.0 before...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by...

GHSA-H2H4-5M64-M273 Apache ActiveMQ: Improper validation and restriction of a classpath path name

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

CVE-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

CLEANSTART-2026-KT07616 Security fixes for CVE-2026-22735, CVE-2026-22737 applied in versions: 6.2.3-r0

Multiple security vulnerabilities affect the activemq package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-13726 IBM Sterling Partner Engagement Manager Information Disclosure

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system...

CVE-2026-25759

Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...

CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting

Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...

EUVD-2021-22796

Malware in sbrugna...

EUVD-2023-2622

Malicious code in bioql PyPI...

WordPress Essential Addons for Elementor plugin <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.2.2...

CVE-2024-23669

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

Snipe-IT Cross-Site Request Forgery Vulnerability

Snipe-IT is an open source IT asset/license management system. A cross-site request forgery vulnerability exists in Snipe-IT versions prior to v.6.2.3, which stems from vulnerability to cross-site request forgery CSRF attacks...

Kunduz Homework Helper App Security Vulnerability

Kunduz Homework Helper App is a homework help application from Kunduz. Sifir Bes Education and Informatics Kunduz - Homework Helper App version 6.2.3 previously had a security vulnerability that stemmed from the use of hard-coded encryption keys...

SUSE CVE-2021-29477

Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. The...

PT-2022-7118 · Unrar +5 · Unrar +5

Name of the Vulnerable Software and Affected Versions: UnRAR versions prior to 6.2.3 Description: The issue is related to the incorrect handling of symbolic links before accessing a file, which can be exploited by a remote attacker to gain access to confidential data. This can occur via symlink...