Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
NextcloudApproval

3 matches found

CVE
CVEadded 2026/06/01 4:51 p.m.24 views

CVE-2026-45275

CVE-2026-45275 affects Nextcloud with the Approval app prior to version 2.7.2. A privilege-escalation flaw allows a user who lacks sharing permissions to trigger the system to share a file with approvers, resulting in an authorization bypass and potential unauthorized distribution of restricted f...

6.5CVSS5.7AI score0.00358EPSS
CVE
CVEadded 2026/06/01 4:51 p.m.19 views

CVE-2026-45277

Nextcloud (Approval app) suffers information disclosure via the fileId parameter: authenticated users can determine whether arbitrary files are linked to specific approval workflows. Root cause appears to be insufficient access controls exposing workflow associations. The issue is confirmed resol...

3.3CVSS5.9AI score0.0013EPSS
CVE
CVEadded 2025/12/05 5:37 p.m.18 views

CVE-2025-66515

The CVE describes an authorization flaw in the Nextcloud Approval app where an authenticated user listed as a workflow requester can place another user’s file into the “pending approval” state using the file’s numeric id, without having access to the file. This affects versions prior to 1.3.1 and...

2.7CVSS6.2AI score0.00261EPSS