CVE-2021-22952

A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk devices assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and lat...

SUSE CVE-2021-41179

Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as @PublicPage could thus be accessed with a valid user session that isn't...

CVE-2021-39222

Nextcloud Talk is affected by a stored XSS vulnerability in the Talk component of Nextcloud. The issue can be triggered by right-clicking a malicious file and opening it in a new tab, but exploitation is mitigated on modern browsers due to Content-Security-Policy (CSP). Remediation is to upgrade ...

CVE-2021-39222 XSS in Talk

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting XSS vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict...

PT-2021-15295 · Ubiquiti · Unifi Talk

Name of the Vulnerable Software and Affected Versions: UniFi Talk application versions 1.12.3 and earlier Description: A vulnerability in the UniFi Talk application permits a malicious actor who has already gained access to a network to control Talk devices assigned to said network if they are no...