CVE-2026-45159 Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...

GHSA-XV3R-VR59-95RG CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE

Summary ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the publ...

CVE-2026-5525

Notepad++ v8.9.3 contains a stack-based buffer overflow in the file drop handler. Dropping a directory path exactly 259 characters long without a trailing backslash causes the program to append a backslash and null terminator without proper bounds checking, leading to a stack buffer overflow and ...

CVE-2026-5525 Stack-Based Buffer Overflow in Notepad++ File Drop Handler leads to DoS

A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...

PT-2026-31894

Name of the Vulnerable Software and Affected Versions Notepad++ version 8.9.3 Description A stack-based buffer overflow exists in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backsla...

CVE-2023-25146

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note...

CVE-2025-54549 Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO

Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO...

CLSA-2025-1761596531 Update of microcode_ctl

Update version - Drop releasenote.md file...

EUVD-2020-29029

Malware in sbrugna...

EUVD-2021-19534

Malware in sbrugna...

EUVD-2021-34675

Malicious code in bioql PyPI...

Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner

Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner...

ZendTo 路径遍历漏洞

ZendTo is a Web-based file transfer system from ZendTo, a UK-based company. A security vulnerability exists in ZendTo versions 6.15-7 and earlier, which stems from a path traversal in the file drop feature that could lead to retrieval of other user files or host system files, or cause a denial of...

Design/Logic Flaw

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note...

CVE-2023-25146

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note...

CVE-2023-25146

CVE-2023-25146 is a local vulnerability in Trend Micro Apex One agent where a security agent link following flaw could let an attacker who already has low-privilege code execution quarantine a file, delete the original folder, and replace it with a junction to an arbitrary location, resulting in ...

CVE-2023-25146

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note...

SUSE CVE-2020-8119

Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app...

SUSE CVE-2021-32766

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link sha...

SUSE CVE-2021-41233

Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an...