2 matches found
CVE-2026-45691
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...
Devolutions Server <= 2025.2.15.0 / 2025.3.2.0 <= 2025.3.5.0 Multiple Vulnerabilities (DEVO-2025-0016)
The version of Devolutions Server installed on the remote host is prior to 2025.2.17.0, or 2025.3.x prior to 2025.3.6.0, and is, therefore, affected by multiple vulnerabilities: - Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged...