|
2921
|
6.4 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes…
|
CWE-862
Missing Authorization
|
CVE-2026-45285
|
2026-06-4 05:34 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2922
|
8.8 |
HIGH
Network
|
nextcloud
|
user_oidc
|
Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user …
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-45284
|
2026-06-4 05:28 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2923
|
8.6 |
HIGH
Network
|
openairinterface
|
openairinterface5g
|
An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in open…
|
CWE-369
Divide By Zero
|
CVE-2026-37232
|
2026-06-4 05:26 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2924
|
2.7 |
LOW
Network
|
projectcapsule
|
capsule
|
Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate …
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-30963
|
2026-06-4 05:22 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2925
|
7.8 |
HIGH
Local
|
google
|
android_xr
|
In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional executi…
|
CWE-285
Improper Authorization
|
CVE-2026-0072
|
2026-06-4 05:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2926
|
7.5 |
HIGH
Network
|
juliangruber
|
brace-expansion
|
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large num…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-45149
|
2026-06-4 05:13 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2927
|
5.4 |
MEDIUM
Network
|
mozilla
|
firefox
|
Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted wit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9308
|
2026-06-4 05:02 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2928
|
5.4 |
MEDIUM
Network
|
mozilla
|
firefox
|
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These pa…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9309
|
2026-06-4 05:02 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2929
|
7.5 |
HIGH
Network
|
dlink
|
di-7001mini-8g_firmware
|
A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-10270
|
2026-06-4 05:02 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2930
|
9.6 |
CRITICAL
Network
|
cline
|
cline
|
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time o…
|
CWE-306
CWE-1385
Missing Authentication for Critical Function
Missing Origin Validation in WebSockets
|
CVE-2026-44211
|
2026-06-4 04:52 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
