CVE-2026-45284

Nextcloud vulnerability CVE-2026-45284 affects the User OIDC LdapService in the Nextcloud platform. From version 1.3.6 up to, but not including, 8.4.0, an improper check allowed LDAP-authenticated users who had been deleted to continue authenticating via OIDC. This could permit access to accounts...

CVE-2026-45284 Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

EUVD-2026-33710

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

CVE-2026-45284

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

EUVD-2026-33704

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

CVE-2026-45278

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

CVE-2026-45278

CVE-2026-45278 affects Nextcloud (Open Source content collaboration platform). From version 6.1.0 up to before 8.2.2, an attacker could craft links that redirect users to another website when the user logs in via the attacker’s OIDC link, due to improper redirection handling in user_oidc. The iss...

CVE-2026-45156

Nextcloud vulnerable component: User OIDC handling; a missing signature verification allowed an ID4me authority to impersonate any user. Affected versions: 0.3.0–before 3.1.0, 5.0.0–before 5.1.0, and 6.0.0–before 6.4.0. Root cause: absent JWT/signature check in OIDC flow as described in the CVE d...

EUVD-2026-33675

Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowed a malicious ID4me authority to identify as any user. This issue has been patched in versions...

CVE-2026-45156 Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC

Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowed a malicious ID4me authority to identify as any user. This issue has been patched in versions...

CVE-2026-45156 Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC

Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowed a malicious ID4me authority to identify as any user. This issue has been patched in versions...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.24 and 13.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

Ivanti Connect Secure - XXE

Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...

NextCloud Access Control Vulnerability

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. In versions 1.3.6 to 8.4.0, there was a vulnerability related to access control. This vulnerability stemmed from improper checks, allowing users...

PT-2026-45472

Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowed a malicious ID4me authority to identify as any user. This issue has been patched in versions...

NextCloud user_oidc: Authorization issue vulnerability

Nextcloud useroidc is an application developed by the German company Nextcloud. There were authorization issues in versions of Nextcloud useroidc between 0.3.0 and 3.1.0, as well as between 5.0.0 and 5.1.0, and between 6.0.0 and 6.4.0. This issue stemmed from a lack of User OIDC signature...

ASB-A-380091558

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45523

Name of the Vulnerable Software and Affected Versions Nextcloud versions 6.1.0 through 8.2.1 Description An attacker can craft malicious links that redirect users to an external website when the victim attempts to log in using OpenID Connect OIDC, a protocol used for authentication. Recommendatio...

PT-2026-45558

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

PT-2026-45528

Name of the Vulnerable Software and Affected Versions Nextcloud versions 1.3.6 through 8.3.x Description An improper check in the authentication process allows users provided by LDAP to continue authenticating via user OIDC even after they have been deleted. Recommendations Update to version 8.4....