NextCloud Server security vulnerabilities

NextCloud Server is an open-source NextCloud server program. There were security vulnerabilities in versions 31.0.0 to 31.0.12, and in versions 32.0.0 to 32.0.3 of NextCloud Server. These vulnerabilities stemmed from a lack of relational checks, which could allow authenticated users to read all...

NextCloud Tables security vulnerabilities

NextCloud Tables is an open-source table application developed by NextCloud. There were security vulnerabilities in the version of NextCloud Tables from 0.8.0 to 1.0.4. These vulnerabilities stemmed from view filter conditions being exposed to users with read-only permissions...

PT-2026-45432

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

PT-2026-45558

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

Team folders access control vulnerability

Team Folders is an open-source file sharing software developed by Nextcloud. Versions of Team Folders from 17.0.0 to 17.0.15, from 18.0.0 to 18.1.12, from 19.0.0 to 19.1.16, from 20.0.0 to 20.1.11, and from 21.0.0 to 21.0.4 contain an access control vulnerability. This vulnerability stems from a...

PUB-A-460779217

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-463995203

In pngimagefinishread of pngrtran.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45365

Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.2.2 Description The 'structure data' endpoint in the Airflow UI fails to verify if the caller has read permissions for linked DAGs Directed Acyclic Graphs, which are collections of all the tasks you want to...

PT-2026-45492

Name of the Vulnerable Software and Affected Versions Vitest versions prior to 4.1.0 Description A flaw in the UI/API server on Windows allows remote attackers to bypass file access restrictions and read arbitrary files when the server is exposed to the network. The issue occurs because the API...

PT-2026-45277

A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read sequence infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs ...

PT-2026-45532

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions 0.8.0 through 1.0.3 Description In Nextcloud Tables, the view filter criteria is exposed to users who possess read-only permissions. Recommendations Update to version 1.0.4 or 2.0.0...

ASB-A-470115162

In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

RHEL 10 : ovn25.09 (RHSA-2026:22111)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22111 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

📄 MATLAB R2024a Arbitrary Local System Information Disclosure

This proof of concept tool demonstrates arbitrary local system information disclosure via MATLAB using system/fileread primitives. ================================================================================================================================== | Title : MATLAB R2024a Full...

DEBIAN-CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

CVE-2026-8796

CVE-2026-8796 affects Sereal::Decoder before 5.005 (Perl). A heap out-of-bounds read can be triggered via crafted input when decoding COPY back-references that re-decode as SHORT_BINARY tags, allowing an attacker-controlled COPY offset to skip bounds and read past the input. This may enable consu...

CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

Chromium: CVE-2026-9875 Out of bounds read in WebGL

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-9919 Out of bounds read in WebGL

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...