|
3221
|
5.9 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful …
|
CWE-287
Improper Authentication
|
CVE-2026-45691
|
2026-06-5 01:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3222
|
5.9 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed atta…
|
CWE-287
Improper Authentication
|
CVE-2026-45690
|
2026-06-5 01:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3223
|
8.2 |
HIGH
Network
|
nextcloud
|
tables
|
Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker wi…
|
CWE-89
SQL Injection
|
CVE-2026-45545
|
2026-06-5 01:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3224
|
4.3 |
MEDIUM
Network
|
nextcloud
|
tables
|
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. Th…
|
CWE-1230
Exposure of Sensitive Information Through Metadata
|
CVE-2026-45544
|
2026-06-5 01:47 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3225
|
5.3 |
MEDIUM
Network
|
nextcloud
|
forms
|
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the af…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-45543
|
2026-06-5 01:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3226
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characte…
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2026-5078
|
2026-06-5 01:40 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3227
|
- |
|
-
|
-
|
SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using …
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2025-41259
|
2026-06-5 01:40 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3228
|
7.2 |
HIGH
Network
|
-
|
-
|
There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR.
An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP servic…
|
CWE-78
OS Command
|
CVE-2026-3820
|
2026-06-5 01:40 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3229
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10690
|
2026-06-5 01:37 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3230
|
- |
|
-
|
-
|
An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross…
|
CWE-74
Injection
|
CVE-2026-10729
|
2026-06-5 01:37 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
