5068 matches found
MINI-495G-8688-HXJP
Bulletin has no description...
CVE-2026-45282
A flaw was found in Nextcloud Server. An authenticated attacker, by knowing a share token and a document ID, could access attachments of link shares. This circumvents password protection or download restrictions, leading to the disclosure of sensitive information from attachments. Mitigation...
ECHO-E6B5-3B2A-9C32
Bulletin has no description...
ECHO-C8C0-89CD-58D0
Bulletin has no description...
CVE-2026-45282 Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...
ECHO-EE72-5202-2C87
Bulletin has no description...
MINI-MRWC-7XJR-QRV3
Bulletin has no description...
ECHO-121E-D4D0-4C0E
Bulletin has no description...
PT-2026-47201
Unknown description...
ECHO-AD54-7743-1269 suexec in Apache HTTP Server 2.2.3 does not verify user/group ID combinations, which "might allow local users to leverage other vulnerabilities". The vendor disputes the issue because the attack "rely on an insecure server configuration" in which the unprivileged server user already has write access to the document root and can run arbitrary code; the suexec security model is not intended to protect against privilege escalation in such a configuration. NVD lists only 2.2.3 as affected (shipped version is 2.4.68). Debian: unimportant. https://security-tracker.debian.org/tracker/CVE-2007-1743
Bulletin has no description...
MINI-RJJ2-MGG9-55QH
Bulletin has no description...
MINI-JPV6-2FMM-24QV
Bulletin has no description...
MINI-C4V3-9488-QVGV
Bulletin has no description...
ECHO-FFC7-D859-2D12
Bulletin has no description...
PT-2026-42699
Name of the Vulnerable Software and Affected Versions libp2p versions prior to 15.0.23 Description Three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node using default options, leading to an Out-Of-Memory OOM crash...
CGA-GRCV-9JQV-F3V4
Bulletin has no description...
MINI-CPX2-MXJC-3WV3
Bulletin has no description...
EUVD-2026-30774
Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...
MINI-XCF6-9JHQ-RQXQ
Bulletin has no description...
MINI-3CQJ-RHHG-5JXJ
Bulletin has no description...