Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

125267 matches found

Nextcloud
Nextcloudadded 2026/05/12 9:13 a.m.10 views

Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner

None...

3.5CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2026/05/12 9:12 a.m.14 views

Valid share tokens allow to access tempory upload files of share owner

None...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2026/05/12 9:12 a.m.12 views

Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC

None...

8.1CVSS5.8AI score0.00311EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2026/05/12 9:10 a.m.7 views

Private circle can be added to another circle via API

None...

2.6CVSS5.8AI score0.002EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2026/05/12 9:10 a.m.9 views

View-only guests could see deleted Collectives pages in the trashbin

None...

2.6CVSS5.8AI score0.00189EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2026/05/12 9:9 a.m.8 views

PIN bypass in PassCodeActivity via back button

None...

4.6CVSS5.8AI score0.00153EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2026/05/12 9:8 a.m.9 views

Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate

None...

8.8CVSS5.8AI score0.00193EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2026/05/12 9:7 a.m.9 views

Logged-in user bypasses share password and download restrictions on Text attachments via documentId

None...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2026/05/12 9:5 a.m.8 views

Files Lock app allows users to lock and unlock files of other users

None...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/05/12 9:5 a.m.13 views

CVE-2026-8162

The CVE-2026-8162 entry affects multiparty (versions 4.2.3 and earlier) where a multipart/form-data request with a Content-Disposition filename* contains malformed percent-encoding. The parser calls decodeURI without a try/catch, causing a URIError to propagate as an uncaught exception and crash ...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/05/12 9:5 a.m.36 views

CVE-2026-8162 multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS0.00279EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/12 9:5 a.m.5 views

CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/12 9:5 a.m.6 views

CVE-2026-8162 multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/05/12 9:5 a.m.9 views

CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.8AI score0.00279EPSS
Exploits0
Nextcloud
Nextcloudadded 2026/05/12 9:4 a.m.8 views

Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update

None...

8.1CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2026/05/12 8:51 a.m.11 views

Open Redirect in user_oidc login flow via protocol-relative URL bypass

None...

6.1CVSS5.8AI score0.00232EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/12 8:50 a.m.7 views

CVE-2026-8161

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/05/12 8:50 a.m.49 views

CVE-2026-8161 multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS0.00473EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/05/12 8:50 a.m.8 views

CVE-2026-8161 multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References2
CVE
CVEadded 2026/05/12 8:50 a.m.41 views

CVE-2026-8161

This CVE affects [email protected] and earlier, where the parser stores fields/files on plain objects and can collide with inherited Object.prototype properties (e.g., proto , constructor, toString). The root cause is prototype pollution leading to a TypeError when .push() is invoked on a non-arra...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder