CVE-2026-45275

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

CVE-2026-45275 Nextcloud: Authorization bypass in approval feature allows unauthorized file sharing with approvers

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

CVE-2026-45275

CVE-2026-45275 affects Nextcloud with the Approval app prior to version 2.7.2. A privilege-escalation flaw allows a user who lacks sharing permissions to trigger the system to share a file with approvers, resulting in an authorization bypass and potential unauthorized distribution of restricted f...

CVE-2026-45275 Nextcloud: Authorization bypass in approval feature allows unauthorized file sharing with approvers

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

PT-2026-45521

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

CVE-2026-29077 Frappe: Broken Access Control in DocShare

Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation when sharing documents, a user could share a document with a permission that they themselves didn't have. This issue has been patched in versions 15.98.0 and 14.100.0...

Frappe 安全漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 15.98.0 and 14.100.0 have security vulnerabilities. These vulnerabilities stem from a lack of validation when sharing documents,...

CVE-2025-65672

CVE-2025-65672 concerns an insecure direct object reference (IDOR) in ClassroomIO 0.1.13, enabling unauthorized sharing and inviting access to course settings. Connected sources consistently describe the root cause as broken access control with IDOR, allowing a student‑level user to manipulate co...

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

EUVD-2025-14799

Malicious code in bioql PyPI...

EUVD-2024-2628

Malicious code in bioql PyPI...

FileBrowser 安全漏洞

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that stems from an improper implementation of password-protected links,...

Your Meta AI chats might be public, and it’s not a bug

Conversations that people are having with the Meta AI app are being exposed publicly, often without the users realizing it, revealing a variety of medical, legal, and private matters. The standalone app and the company's integrations with artificial intelligence AI across its platforms—Facebook,...

CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

CVE-2020-8182

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...

Nextcloud: Allows any user to share their "Root" level folder by sharing "."

There seems to be a bug in the "File to Share" feature of Nextcloud Talk. This allows any authenticated user/admin to share their "root" level folder by manipulating the "path": parameter in the JSON body request to the remote API /nextcloud/ocs/v2.php/apps/filessharing/api/v1/shares Steps to rep...

CVE-2016-7845

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing...

Arbitrary file upload vulnerability in GigaCC OFFICE

Overview GigaCC OFFICE provided by WAM!NET Japan K.K. contains a vulnerability where arbitrary files may be uploaded. WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and WAM!NET Japan K.K. coordinated...

MDKA-2007:127 : openssh-askpass-qt

The QT openssh password asking dialog, provided by openssh-askpass-qt package, would always exit with successful status 0, even when the user did not press the Ok button. This would, at least, make the openssh client always allow sharing a connection when ControlMaster option was set to ask. This...