| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-45284 | Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate | nextcloud | security-advisories | Medium | 4.6 | 2026-06-01 16:57:56 | Deep Dive |
| CVE-2026-45285 | Nextcloud: Hidden Public Link creation when sharing to a Team External Member | nextcloud | security-advisories | Medium | 6.4 | 2026-06-01 16:57:50 | Deep Dive |
| CVE-2026-45283 | Nextcloud: Files Lock app allows users to lock and unlock files of other users | nextcloud | security-advisories | Medium | 6.3 | 2026-06-01 16:53:51 | Deep Dive |
| CVE-2026-45282 | Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access | nextcloud | security-advisories | Medium | 6.5 | 2026-06-01 16:53:19 | Deep Dive |
| CVE-2026-45281 | Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update | nextcloud | security-advisories | High | 8.1 | 2026-06-01 16:52:57 | Deep Dive |
| CVE-2026-45279 | Nextcloud: Limited path traversal via template API if using `{lang}` in config | nextcloud | security-advisories | Medium | 4.4 | 2026-06-01 16:52:19 | Deep Dive |
| CVE-2026-45278 | Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass | nextcloud | security-advisories | Low | 3.3 | 2026-06-01 16:51:55 | Deep Dive |
| CVE-2026-45277 | Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations | nextcloud | security-advisories | Low | 3.3 | 2026-06-01 16:51:34 | Deep Dive |
| CVE-2026-45275 | Nextcloud: Authorization bypass in approval feature allows unauthorized file sharing with approvers | nextcloud | security-advisories | Medium | 6.5 | 2026-06-01 16:51:22 | Deep Dive |
| CVE-2026-10275 | OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow | - | OpenSC | Medium | 5.0 | 2026-06-01 16:45:14 | Deep Dive |
| CVE-2026-45267 | Nextcloud: Missing permission check for from submissions | nextcloud | security-advisories | Medium | 6.5 | 2026-06-01 16:40:19 | Deep Dive |
| CVE-2026-45266 | Nextcloud: Unauthorized force-mute from missing permission check when using internal signaling | nextcloud | security-advisories | Low | 3.5 | 2026-06-01 16:39:57 | Deep Dive |
| CVE-2026-45159 | Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner | nextcloud | security-advisories | Low | 3.5 | 2026-06-01 16:39:39 | Deep Dive |
| CVE-2026-45157 | Nextcloud: Valid share tokens allow to access tempory upload files of share owner | nextcloud | security-advisories | Medium | 6.3 | 2026-06-01 16:39:12 | Deep Dive |
| CVE-2026-45156🧪 | Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC | nextcloud | security-advisories | High | 8.1 | 2026-06-01 16:38:46 | Deep Dive |
| CVE-2026-45155 | Nextcloud: Private circle can be added to another circle via API | nextcloud | security-advisories | Low | 2.6 | 2026-06-01 16:38:33 | Deep Dive |
| CVE-2026-45154 | Nextcloud: Improper Access Control in Collectives | nextcloud | security-advisories | Low | 2.6 | 2026-06-01 16:37:42 | Deep Dive |
| CVE-2026-45153 | Nextcloud: PIN bypass in PassCodeActivity via back button | nextcloud | security-advisories | Medium | 4.6 | 2026-06-01 16:37:12 | Deep Dive |
| CVE-2026-45264 | Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames | nextcloud | security-advisories | Medium | 4.3 | 2026-06-01 16:36:57 | Deep Dive |
| CVE-2026-10274 | indrasishbanerjee aem-mcp-server Axios Request Flow mcp-server.ts getAssetMetadata server-side request forgery | indrasishbanerjee | aem-mcp-server | Medium | 6.3 | 2026-06-01 16:30:11 | Deep Dive |