| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-45279 | Nextcloud: Limited path traversal via template API if using `{lang}` in config | nextcloud | security-advisories | Medium | 4.4 | 2026-06-01 16:52:19 | Deep Dive |
| CVE-2026-45278 | Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass | nextcloud | security-advisories | Low | 3.3 | 2026-06-01 16:51:55 | Deep Dive |
| CVE-2026-45277 | Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations | nextcloud | security-advisories | Low | 3.3 | 2026-06-01 16:51:34 | Deep Dive |
| CVE-2026-45275 | Nextcloud: Authorization bypass in approval feature allows unauthorized file sharing with approvers | nextcloud | security-advisories | Medium | 6.5 | 2026-06-01 16:51:22 | Deep Dive |
| CVE-2026-10275 | OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow | - | OpenSC | Medium | 5.0 | 2026-06-01 16:45:14 | Deep Dive |
| CVE-2026-45267 | Nextcloud: Missing permission check for from submissions | nextcloud | security-advisories | Medium | 6.5 | 2026-06-01 16:40:19 | Deep Dive |
| CVE-2026-45266 | Nextcloud: Unauthorized force-mute from missing permission check when using internal signaling | nextcloud | security-advisories | Low | 3.5 | 2026-06-01 16:39:57 | Deep Dive |
| CVE-2026-45159 | Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner | nextcloud | security-advisories | Low | 3.5 | 2026-06-01 16:39:39 | Deep Dive |
| CVE-2026-45157 | Nextcloud: Valid share tokens allow to access tempory upload files of share owner | nextcloud | security-advisories | Medium | 6.3 | 2026-06-01 16:39:12 | Deep Dive |
| CVE-2026-45156 | Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC | nextcloud | security-advisories | High | 8.1 | 2026-06-01 16:38:46 | Deep Dive |
| CVE-2026-45155 | Nextcloud: Private circle can be added to another circle via API | nextcloud | security-advisories | Low | 2.6 | 2026-06-01 16:38:33 | Deep Dive |
| CVE-2026-45154 | Nextcloud: Improper Access Control in Collectives | nextcloud | security-advisories | Low | 2.6 | 2026-06-01 16:37:42 | Deep Dive |
| CVE-2026-45153 | Nextcloud: PIN bypass in PassCodeActivity via back button | nextcloud | security-advisories | Medium | 4.6 | 2026-06-01 16:37:12 | Deep Dive |
| CVE-2026-45264 | Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames | nextcloud | security-advisories | Medium | 4.3 | 2026-06-01 16:36:57 | Deep Dive |
| CVE-2026-10274 | indrasishbanerjee aem-mcp-server Axios Request Flow mcp-server.ts getAssetMetadata server-side request forgery | indrasishbanerjee | aem-mcp-server | Medium | 6.3 | 2026-06-01 16:30:11 | Deep Dive |
| CVE-2026-8501 | CVE-2026-8501 | Symantec | PC Tools Internet Security | - | - | 2026-06-01 16:25:12 | Deep Dive |
| CVE-2026-46243 | smb: client: reject userspace cifs.spnego descriptions | Linux | Linux | - | - | 2026-06-01 16:22:29 | Deep Dive |
| CVE-2026-10273 | php-censor Webhook Endpoint GitBuild.php os command injection | - | php-censor | High | 7.3 | 2026-06-01 16:15:10 | Deep Dive |
| CVE-2026-45131 | CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests | CloudPirates-io | helm-charts | Critical | 10.0 | 2026-06-01 16:13:48 | Deep Dive |
| CVE-2026-45132 | CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling | CloudPirates-io | helm-charts | Critical | 10.0 | 2026-06-01 16:13:37 | Deep Dive |