EUVD-2026-8608

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

CVE-2026-27744 SPIP tickets < 4.3.3 Unauthenticated RCE

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

Users can modify tags on files that do not belong to them

None...

user_ldap app logs user passwords in the log file on level debug

None...

Full path of data directory exposed to users

None...

Calendar name length not validated before writing to database

None...

nextcloudcmd incorrectly trusts bad TLS certificates

None...