| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23696 | Windmill < 1.603.3 File Ownership Handling SQLi RCE | Windmill Labs | Windmill CE (Community Edition) | Critical | 9.9 | 2026-04-07 16:50:53 | Deep Dive |
| CVE-2026-22683 | Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE | Windmill Labs | Windmill CE (Community Edition) | High | 8.8 | 2026-04-07 16:50:30 | Deep Dive |
| CVE-2026-28474 | OpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name Spoofing | OpenClaw | nextcloud-talk | Critical | 9.8 | 2026-03-05 21:59:50 | Deep Dive |
| CVE-2025-66558 | Nextcloud Twofactor WebAuthn app was updated based on public key | nextcloud | security-advisories | Low | 3.1 | 2025-12-05 18:00:50 | Deep Dive |
| CVE-2025-66556 | Nextcloud talk allows participants to blindly delete poll drafts of other users by ID | nextcloud | security-advisories | Low | 3.5 | 2025-12-05 17:56:44 | Deep Dive |
| CVE-2025-66554 | Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field | nextcloud | security-advisories | Low | 3.5 | 2025-12-05 17:51:00 | Deep Dive |
| CVE-2025-66549 | Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory | nextcloud | security-advisories | Low | 2.4 | 2025-12-05 17:47:01 | Deep Dive |
| CVE-2025-66545 | Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin | nextcloud | security-advisories | Low | 3.5 | 2025-12-05 17:44:13 | Deep Dive |
| CVE-2025-66515 | Nextcloud Approval app allows users to request approval for other users file | nextcloud | security-advisories | Low | 2.7 | 2025-12-05 17:37:07 | Deep Dive |
| CVE-2025-66514 | Nextcloud Mail stored HTML injection in subject text | nextcloud | security-advisories | Low | 3.5 | 2025-12-05 17:32:26 | Deep Dive |
| CVE-2025-66557 | Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners | nextcloud | security-advisories | Medium | 5.4 | 2025-12-05 17:28:49 | Deep Dive |
| CVE-2025-66548 | Nextcloud Deck app allows to spoof file extensions by using RTLO characters | nextcloud | security-advisories | Low | 3.3 | 2025-12-05 17:26:11 | Deep Dive |
| CVE-2025-66553 | Nextcloud Tables app allowed users to view columns metadata information of any table | nextcloud | security-advisories | Medium | 4.3 | 2025-12-05 17:18:10 | Deep Dive |
| CVE-2025-66551 | Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users | nextcloud | security-advisories | Medium | 6.3 | 2025-12-05 17:15:17 | Deep Dive |
| CVE-2025-66513 | Nextcloud Tables app share information not limited to relevant users | nextcloud | security-advisories | Medium | 4.3 | 2025-12-05 17:11:20 | Deep Dive |
| CVE-2025-66550 | Nextcloud Calendar attachments of local files are offered to downloaded | nextcloud | security-advisories | Medium | 5.7 | 2025-12-05 16:56:45 | Deep Dive |
| CVE-2025-66546 | Nextcloud Calendar app allowed booking appointments without the generated token | nextcloud | security-advisories | Low | 3.3 | 2025-12-05 16:49:47 | Deep Dive |
| CVE-2025-66511 | Nextcloud Calendar app used predictable proposal participant tokens | nextcloud | security-advisories | Medium | 4.8 | 2025-12-05 16:42:30 | Deep Dive |
| CVE-2025-66552 | Nextcloud Server admin_audit does not log all actions on files in groupfolders | nextcloud | security-advisories | Medium | 4.3 | 2025-12-05 16:36:40 | Deep Dive |
| CVE-2025-66547 | Nextcloud Server users can modify tags on files that do not belong to them | nextcloud | security-advisories | Medium | 4.3 | 2025-12-05 16:32:17 | Deep Dive |