|
1091
|
7.5 |
HIGH
Network
|
mosaic5g
|
flexric
|
FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is within the…
New
|
CWE-284
Improper Access Control
|
CVE-2026-37235
|
2026-06-4 02:15 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1092
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config…
New
|
CWE-22
Path Traversal
|
CVE-2026-45279
|
2026-06-4 02:15 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1093
|
8.1 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45281
|
2026-06-4 02:11 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1094
|
8.1 |
HIGH
Network
|
jupyter
|
jupyter_server
|
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-5422
|
2026-06-4 02:09 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1095
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of…
New
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-45282
|
2026-06-4 02:09 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1096
|
7.5 |
HIGH
Network
|
prefect
|
prefect
|
In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication mid…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-3514
|
2026-06-4 02:08 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1097
|
6.5 |
MEDIUM
Network
|
lfprojects
|
mlflow
|
MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlfl…
New
|
CWE-284
Improper Access Control
|
CVE-2026-3198
|
2026-06-4 02:07 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1098
|
4.3 |
MEDIUM
Network
|
elabftw
|
elabftw
|
eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the …
New
|
CWE-200
Information Exposure
|
CVE-2026-28511
|
2026-06-4 02:06 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1099
|
4.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ow…
New
|
CWE-287
Improper Authentication
|
CVE-2026-45283
|
2026-06-4 02:02 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1100
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no addition…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-0085
|
2026-06-4 02:02 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
