Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2026-43889

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

6.5CVSS5.6AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 10:22 p.m.24 views

CVE-2026-43889

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

6.5CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 9:10 p.m.12 views

CVE-2026-43889

Outline is vulnerable prior to 1.7.0 due to the shares.create API accepting both collectionId and documentId and, when published=false, skipping the share-permission check. A subsequent shares.update permits publication using an OR policy (can share collection OR can share document), allowing an ...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.11 views

PT-2026-39857

Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.7.0 Description The 'shares.create' API accepts both collectionId and documentId simultaneously. When published is set to false, the system only verifies read access for each, skipping the required share permission...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.3 views

CVE-2026-32761

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...

6.5CVSS5.7AI score0.00424EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/19 11:45 p.m.2 views

CVE-2026-32761 File Browser has an Authorization Policy Bypass in its Public Share Download Flow

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...

6.5CVSS5.7AI score0.00424EPSS
Exploits1References3
OSV
OSV
added 2026/03/19 11:45 p.m.3 views

CVE-2026-32761 File Browser has an Authorization Policy Bypass in its Public Share Download Flow

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...

6.5CVSS5.7AI score0.00424EPSS
Exploits1References5
OSV
OSV
added 2026/03/18 12:59 p.m.3 views

GHSA-68J5-4M99-W9W9 File Browser has an Authorization Policy Bypass in Public Share Download Flow

Summary A permission enforcement flaw allows users without download privileges download=false to still expose and retrieve file content via public share links when they retain share privileges share=true. This bypasses intended access control policy and enables unauthorized data exfiltration to...

6.5CVSS5.8AI score0.00424EPSS
Exploits1References5
NVD
NVD
added 2025/12/05 6:15 p.m.5 views

CVE-2025-66557

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

5.4CVSS0.00233EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 5:28 p.m.22 views

CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

5.4CVSS0.00233EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:28 p.m.3 views

CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

5.4CVSS6.3AI score0.00233EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 5:28 p.m.4 views

CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

5.4CVSS6.6AI score0.00233EPSS
Exploits0References6
Nextcloud
Nextcloud
added 2025/12/05 7:52 a.m.11 views

Deck app allowed user with "Can share" permission to modify permissions of other non-owners

None...

5.4CVSS5.2AI score0.00233EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.4 views

PT-2025-49299

Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.14.6 Nextcloud Deck versions prior to 1.15.2 Description Nextcloud Deck is a kanban style organization tool for personal and team project management integrated with Nextcloud. A flaw in the permission logic...

5.4CVSS6.3AI score0.00233EPSS
Exploits0References10
Hacker One
Hacker One
added 2025/07/11 12:1 p.m.9 views

Nextcloud: Deck app allowed user with "Can share" permission to modify permissions of other non-owners

The Deck app in Nextcloud allowed users with "Can share" permission to modify the permissions of other non-owners...

5.4CVSS6.8AI score0.00233EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/10/29 12:0 a.m.6 views

ownCloud < 10.2.1 Share Permission Vulnerability

ownCloud is prone to a vulnerability where it is possible to extend internal-share permissions using the API. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

7.2AI score
Exploits0References1
Rows per page
Query Builder