|
1351
|
4.3 |
MEDIUM
Network
|
nextcloud
|
calendar
|
Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance …
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-45286
|
2026-06-4 05:35 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1352
|
6.4 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes…
|
CWE-862
Missing Authorization
|
CVE-2026-45285
|
2026-06-4 05:34 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1353
|
8.8 |
HIGH
Network
|
nextcloud
|
user_oidc
|
Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user …
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-45284
|
2026-06-4 05:28 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1354
|
8.6 |
HIGH
Network
|
openairinterface
|
openairinterface5g
|
An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in open…
|
CWE-369
Divide By Zero
|
CVE-2026-37232
|
2026-06-4 05:26 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1355
|
2.7 |
LOW
Network
|
projectcapsule
|
capsule
|
Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate …
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-30963
|
2026-06-4 05:22 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1356
|
7.8 |
HIGH
Local
|
google
|
android_xr
|
In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional executi…
|
CWE-285
Improper Authorization
|
CVE-2026-0072
|
2026-06-4 05:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1357
|
7.5 |
HIGH
Network
|
juliangruber
|
brace-expansion
|
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large num…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-45149
|
2026-06-4 05:13 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1358
|
5.4 |
MEDIUM
Network
|
mozilla
|
firefox
|
Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted wit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9308
|
2026-06-4 05:02 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1359
|
5.4 |
MEDIUM
Network
|
mozilla
|
firefox
|
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These pa…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9309
|
2026-06-4 05:02 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1360
|
7.5 |
HIGH
Network
|
dlink
|
di-7001mini-8g_firmware
|
A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-10270
|
2026-06-4 05:02 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
