|
301
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed atta…
New
|
CWE-287
Improper Authentication
|
CVE-2026-45690
|
2026-06-2 23:00 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful …
New
|
CWE-287
Improper Authentication
|
CVE-2026-45691
|
2026-06-2 23:00 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303
|
7.1 |
HIGH
Network
|
-
|
-
|
Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the …
New
|
CWE-89
SQL Injection
|
CVE-2026-45722
|
2026-06-2 23:00 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticate…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45810
|
2026-06-2 23:00 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305
|
8.8 |
HIGH
Network
|
bentoml
|
bentoml
|
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 in…
Update
|
CWE-78
OS Command
|
CVE-2026-44345
|
2026-06-2 22:59 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306
|
4.3 |
MEDIUM
Network
|
-
|
-
|
eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the …
New
|
CWE-200
Information Exposure
|
CVE-2026-28511
|
2026-06-2 22:56 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper w…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-23638
|
2026-06-2 22:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308
|
8.2 |
HIGH
Network
|
-
|
-
|
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitra…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-24751
|
2026-06-2 22:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309
|
8.2 |
HIGH
Network
|
-
|
-
|
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitra…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-24752
|
2026-06-2 22:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-24753
|
2026-06-2 22:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
