|
901
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before …
New
|
CWE-284
Improper Access Control
|
CVE-2026-45264
|
2026-06-2 03:14 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
3.5 |
LOW
Network
|
-
|
-
|
Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-…
New
|
CWE-284
Improper Access Control
|
CVE-2026-45266
|
2026-06-2 03:14 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been p…
New
|
CWE-200
CWE-862
Information Exposure
Missing Authorization
|
CVE-2026-45267
|
2026-06-2 03:14 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security …
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-9999
|
2026-06-2 03:14 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
7.8 |
HIGH
Local
|
-
|
-
|
Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of …
Update
|
CWE-77
Command Injection
|
CVE-2026-38945
|
2026-06-2 03:12 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
7.8 |
HIGH
Local
|
-
|
-
|
Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options.
Update
|
CWE-77
Command Injection
|
CVE-2025-69600
|
2026-06-2 03:12 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are exec…
Update
|
CWE-78
OS Command
|
CVE-2026-9645
|
2026-06-2 03:12 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripting issue exists in URL handling.
Update
|
CWE-80
Basic XSS
|
CVE-2026-9646
|
2026-06-2 03:12 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
4.0 |
MEDIUM
Local
|
-
|
-
|
XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers to cause corrupted application data by sending u…
Update
|
CWE-1286
Improper Validation of Syntactic Correctness of Input
|
CVE-2026-10099
|
2026-06-2 03:12 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
7.2 |
HIGH
Network
|
-
|
-
|
The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containin…
Update
|
CWE-22
Path Traversal
|
CVE-2026-39276
|
2026-06-2 03:12 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
