CVE-2026-45279 Nextcloud: Limited path traversal via template API if using `{lang}` in config

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if lang is used in the template directory config value, non-admin users can in some cases copy arbitrary files depending on unix permissions into...

Limited path traversal via template API if using `{lang}` in config

None...

XWiki Platform 路径遍历漏洞

Xwiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company Xwiki. A security vulnerability exists in versions of XWiki Platform prior to 12.10.3 that stems from the ability to request any file located in the class loader using the template API...