|
3531
|
7.5 |
HIGH
Network
|
mosaic5g
|
flexric
|
FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id.c compares m0->xapp_id against itself (m…
|
CWE-617
Reachable Assertion
|
CVE-2026-37233
|
2026-06-4 02:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3532
|
7.5 |
HIGH
Network
|
mosaic5g
|
flexric
|
FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is within the…
|
CWE-284
Improper Access Control
|
CVE-2026-37235
|
2026-06-4 02:15 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3533
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config…
|
CWE-22
Path Traversal
|
CVE-2026-45279
|
2026-06-4 02:15 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3534
|
8.1 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45281
|
2026-06-4 02:11 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3535
|
8.1 |
HIGH
Network
|
jupyter
|
jupyter_server
|
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.…
|
CWE-23
Relative Path Traversal
|
CVE-2026-5422
|
2026-06-4 02:09 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3536
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of…
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-45282
|
2026-06-4 02:09 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3537
|
7.5 |
HIGH
Network
|
prefect
|
prefect
|
In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication mid…
|
CWE-863
Incorrect Authorization
|
CVE-2026-3514
|
2026-06-4 02:08 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3538
|
6.5 |
MEDIUM
Network
|
lfprojects
|
mlflow
|
MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlfl…
|
CWE-284
Improper Access Control
|
CVE-2026-3198
|
2026-06-4 02:07 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3539
|
4.3 |
MEDIUM
Network
|
elabftw
|
elabftw
|
eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the …
|
CWE-200
Information Exposure
|
CVE-2026-28511
|
2026-06-4 02:06 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3540
|
4.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ow…
|
CWE-287
Improper Authentication
|
CVE-2026-45283
|
2026-06-4 02:02 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
