CVE-2026-45157 Nextcloud: Valid share tokens allow to access tempory upload files of share owner

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

PT-2026-45524

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 31.0.0 through 31.0.13 Nextcloud Server versions 32.0.0 through 32.0.3 Nextcloud Enterprise Server versions prior to 28.0.14.15 Nextcloud Enterprise Server versions prior to 29.0.17.12 Nextcloud Enterprise Server...

@ag-grid-enterprise/charts-enterprise (=32.0.0) potentially affected by CVE-2024-39001 via @ag-grid-enterprise/charts (=32.0.0)

@ag-grid-enterprise/charts NPM version =32.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @ag-grid-enterprise/charts and may be impacted: - @ag-grid-enterprise/charts-enterprise =32.0.0 Source cves: CVE-2024-39001 Source advisory:...

Security Bulletin: Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Jazz Reporting Services.

Summary IBM Jazz Reporting Service Application Suite uses Google Guava package which is vulnerable to CVE-2023-2976. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation...

GHSA-7G45-4RM6-3MM3 Guava vulnerable to insecure use of temporary directory

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files...