Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4969 matches found

Cvelist
Cvelistadded 2026/06/01 4:52 p.m.30 views

CVE-2026-45279 Nextcloud: Limited path traversal via template API if using `{lang}` in config

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if lang is used in the template directory config value, non-admin users can in some cases copy arbitrary files depending on unix permissions into...

4.4CVSS0.00038EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/01 4:51 p.m.7 views

EUVD-2026-33704

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

3.3CVSS5.7AI score0.00015EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/01 4:51 p.m.26 views

CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

3.3CVSS0.00015EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/06/01 4:51 p.m.7 views

CVE-2026-45278

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

3.3CVSS5.7AI score0.00015EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/06/01 4:51 p.m.9 views

CVE-2026-45278

CVE-2026-45278 affects Nextcloud (Open Source content collaboration platform). From version 6.1.0 up to before 8.2.2, an attacker could craft links that redirect users to another website when the user logs in via the attacker’s OIDC link, due to improper redirection handling in user_oidc. The iss...

6.1CVSS5.7AI score0.00015EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/01 4:51 p.m.7 views

CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

3.3CVSS5.7AI score0.00015EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/06/01 4:51 p.m.5 views

CVE-2026-45277

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2...

3.3CVSS5.9AI score0.00006EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/06/01 4:51 p.m.9 views

EUVD-2026-33703

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2...

3.3CVSS5.9AI score0.00006EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/01 4:51 p.m.26 views

CVE-2026-45277 Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2...

3.3CVSS0.00006EPSS
Exploits0References3
CVE
CVEadded 2026/06/01 4:51 p.m.13 views

CVE-2026-45277

Nextcloud (Approval app) suffers information disclosure via the fileId parameter: authenticated users can determine whether arbitrary files are linked to specific approval workflows. Root cause appears to be insufficient access controls exposing workflow associations. The issue is confirmed resol...

3.3CVSS5.9AI score0.00006EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/01 4:51 p.m.5 views

CVE-2026-45277 Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2...

3.3CVSS5.9AI score0.00006EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/06/01 4:51 p.m.7 views

CVE-2026-45275

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

6.5CVSS5.7AI score0.00016EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/01 4:51 p.m.8 views

CVE-2026-45275 Nextcloud: Authorization bypass in approval feature allows unauthorized file sharing with approvers

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

6.5CVSS5.7AI score0.00016EPSS
Exploits0References3
CVE
CVEadded 2026/06/01 4:51 p.m.14 views

CVE-2026-45275

CVE-2026-45275 affects Nextcloud with the Approval app prior to version 2.7.2. A privilege-escalation flaw allows a user who lacks sharing permissions to trigger the system to share a file with approvers, resulting in an authorization bypass and potential unauthorized distribution of restricted f...

6.5CVSS5.7AI score0.00016EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/06/01 4:51 p.m.27 views

CVE-2026-45275 Nextcloud: Authorization bypass in approval feature allows unauthorized file sharing with approvers

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

6.5CVSS0.00016EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/01 4:40 p.m.7 views

CVE-2026-45267 Nextcloud: Missing permission check for from submissions

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

6.5CVSS5.7AI score0.00015EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/01 4:40 p.m.26 views

CVE-2026-45267 Nextcloud: Missing permission check for from submissions

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

6.5CVSS0.00015EPSS
Exploits0References3
CVE
CVEadded 2026/06/01 4:40 p.m.12 views

CVE-2026-45267

Nextcloud (open source content collaboration platform) has a vulnerability identified as CVE-2026-45267 where a missing permissions check in form submissions allowed a user to read submissions from other users. The issue affects versions prior to 5.2.6 and has been fixed in 5.2.6. The root cause ...

6.5CVSS5.7AI score0.00015EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/01 4:40 p.m.6 views

EUVD-2026-33679

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

6.5CVSS5.7AI score0.00015EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/01 4:39 p.m.25 views

CVE-2026-45266 Nextcloud: Unauthorized force-mute from missing permission check when using internal signaling

Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and...

3.5CVSS0.00016EPSS
Exploits0References3
Rows per page
Query Builder