|
501
|
8.1 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45281
|
2026-06-4 02:11 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
502
|
8.1 |
HIGH
Network
|
jupyter
|
jupyter_server
|
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-5422
|
2026-06-4 02:09 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
503
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of…
New
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-45282
|
2026-06-4 02:09 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
504
|
7.5 |
HIGH
Network
|
prefect
|
prefect
|
In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication mid…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-3514
|
2026-06-4 02:08 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
505
|
6.5 |
MEDIUM
Network
|
lfprojects
|
mlflow
|
MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlfl…
New
|
CWE-284
Improper Access Control
|
CVE-2026-3198
|
2026-06-4 02:07 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
506
|
4.3 |
MEDIUM
Network
|
elabftw
|
elabftw
|
eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the …
New
|
CWE-200
Information Exposure
|
CVE-2026-28511
|
2026-06-4 02:06 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
507
|
4.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ow…
New
|
CWE-287
Improper Authentication
|
CVE-2026-45283
|
2026-06-4 02:02 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
508
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no addition…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-0085
|
2026-06-4 02:02 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
509
|
8.0 |
HIGH
Adjacent
|
google
|
android
|
In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalati…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-0095
|
2026-06-4 02:00 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
510
|
7.8 |
HIGH
Local
|
google
|
android
|
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalat…
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-0094
|
2026-06-4 02:00 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
