Lucene search
+L

14 matches found

nvd
nvd
added 2026/04/28 10:16 p.m.11 views

CVE-2026-41649

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

7.7CVSS0.00293EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/04/28 8:11 p.m.5 views

CVE-2026-41649 Outline has IDOR in document share creation that allows unauthorized access to private documents across workspaces

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

7.7CVSS5.3AI score0.00293EPSS
Exploits1References3
euvd
euvd
added 2026/04/28 8:11 p.m.12 views

EUVD-2026-26144

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

7.7CVSS5.3AI score0.00293EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28492

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS5.7AI score0.00322EPSS
Exploits1References1
nvd
nvd
added 2026/03/05 9:16 p.m.22 views

CVE-2026-28492

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS0.00322EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/03/05 9:6 p.m.10 views

CVE-2026-28492

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS5.8AI score0.00322EPSS
Exploits1References4Affected Software1
cve
cve
added 2026/03/05 9:6 p.m.37 views

CVE-2026-28492

File Browser CVE-2026-28492 affects the File Browser file-management interface. Before v2.61.0, the withHashFile middleware uses filepath.Dir(link.Path) to determine BasePathFs, causing the filesystem root to be set to the parent directory of a public share rather than the share itself. This allo...

7.1CVSS5.8AI score0.00322EPSS
Exploits1References3Affected Software1
github
github
added 2026/02/25 4:0 p.m.12 views

FileBrowser Quantum: Password Protection Not Enforced on Shared File Links

Summary When users share password-protected files, the recipient can completely bypass the password and still download the file. Details This happens because the API returns a direct download link in the details of the share, which is accessible to anyone with JUST THE SHARE LINK, even without th...

7.1CVSS5.5AI score0.00307EPSS
Exploits1References6Affected Software1
susecve
susecve
added 2023/02/15 3:40 a.m.5 views

SUSE CVE-2021-32741

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in...

5.3CVSS5.2AI score0.01322EPSS
Exploits0References4
cnnvd
cnnvd
added 2021/08/04 12:0 a.m.5 views

ownCloud 信息泄露漏洞

Owncloud ownCloud is a personal cloud storage solution from US-based ownCloud Owncloud. An information disclosure vulnerability exists in ownCloud Server that stems from a generated error message containing sensitive information. An attacker could trigger the error by appending certain characters...

5.3CVSS5.8AI score0.01267EPSS
Exploits0References4
osv
osv
added 2021/07/12 10:15 p.m.17 views

CVE-2021-32741

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in...

5.3CVSS6.5AI score
Exploits0References3
prion
prion
added 2021/07/12 10:15 p.m.12 views

Code injection

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in...

5CVSS5.4AI score0.01322EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2021/07/12 10:5 p.m.21 views

CVE-2021-32741 Lack of ratelimit on public share link mount endpoint

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in...

5.3CVSS7.3AI score0.01322EPSS
Exploits0References3
nvd
nvd
added 2020/06/05 1:15 p.m.15 views

CVE-2020-12848

In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password a...

5.8CVSS5.5AI score0.01105EPSS
Exploits1References3
Rows per page
Query Builder