|
2671
|
5.5 |
MEDIUM
Local
|
pypa
|
pip
|
pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed out…
|
CWE-22
Path Traversal
|
CVE-2026-8643
|
2026-06-5 01:52 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2672
|
6.8 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticate…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45810
|
2026-06-5 01:51 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2673
|
7.1 |
HIGH
Network
|
nextcloud
|
tables
|
Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the …
|
CWE-89
SQL Injection
|
CVE-2026-45722
|
2026-06-5 01:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2674
|
5.9 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful …
|
CWE-287
Improper Authentication
|
CVE-2026-45691
|
2026-06-5 01:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2675
|
5.9 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed atta…
|
CWE-287
Improper Authentication
|
CVE-2026-45690
|
2026-06-5 01:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2676
|
8.2 |
HIGH
Network
|
nextcloud
|
tables
|
Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker wi…
|
CWE-89
SQL Injection
|
CVE-2026-45545
|
2026-06-5 01:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2677
|
4.3 |
MEDIUM
Network
|
nextcloud
|
tables
|
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. Th…
|
CWE-1230
Exposure of Sensitive Information Through Metadata
|
CVE-2026-45544
|
2026-06-5 01:47 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2678
|
5.3 |
MEDIUM
Network
|
nextcloud
|
forms
|
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the af…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-45543
|
2026-06-5 01:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2679
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characte…
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2026-5078
|
2026-06-5 01:40 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2680
|
- |
|
-
|
-
|
SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using …
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2025-41259
|
2026-06-5 01:40 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
