| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-28834 | Full path of data directory exposed to Nextcloud server users | nextcloud | security-advisories | Low | 3.5 | 2023-04-03 16:19:48 | Deep Dive |
| CVE-2023-28845 | Chat room membership disclosed via autocompletion in Nextcloud talk | nextcloud | security-advisories | Low | 3.5 | 2023-03-31 22:13:44 | Deep Dive |
| CVE-2023-28844 | User without download rights can download older version of that file in nextcloud server | nextcloud | security-advisories | Medium | 5.7 | 2023-03-31 22:10:29 | Deep Dive |
| CVE-2023-28645 | Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments | nextcloud | security-advisories | Medium | 5.7 | 2023-03-31 22:08:15 | Deep Dive |
| CVE-2023-28835 | Insecure randomness for default password in nextcloud | nextcloud | security-advisories | Low | 3.5 | 2023-03-30 18:57:00 | Deep Dive |
| CVE-2023-28833 | Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server | nextcloud | security-advisories | Low | 2.4 | 2023-03-30 18:49:39 | Deep Dive |
| CVE-2023-28644 | Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server | nextcloud | security-advisories | Medium | 5.7 | 2023-03-30 18:36:27 | Deep Dive |
| CVE-2023-28643 | Potential share collision for recipients when caching is enabled in nextcloud server | nextcloud | security-advisories | Medium | 5.5 | 2023-03-30 18:31:32 | Deep Dive |
| CVE-2023-26482 | Scope of workflow operations is not validated in nextcloud server | nextcloud | security-advisories | Critical | 9.0 | 2023-03-30 18:27:17 | Deep Dive |
| CVE-2023-28646 | App lockout in nextcloud Android app can be bypassed via thirdparty apps | nextcloud | security-advisories | Medium | 4.4 | 2023-03-30 18:16:19 | Deep Dive |
| CVE-2023-28647 | App pin of the iOS app can be bypassed in Nextcloud iOS | nextcloud | security-advisories | Medium | 4.4 | 2023-03-30 18:12:25 | Deep Dive |
| CVE-2023-26292 | Forcepoint Cloud Security Gateway 跨站脚本漏洞 | Forcepoint | Cloud Security Gateway (CSG) | Medium | 6.1 | 2023-03-29 16:29:50 | Deep Dive |
| CVE-2023-26291 | Forcepoint Cloud Security Gateway 跨站脚本漏洞 | Forcepoint | Cloud Security Gateway (CSG) | Medium | 6.1 | 2023-03-29 16:29:41 | Deep Dive |
| CVE-2023-26290 | Forcepoint Cloud Security Gateway 跨站脚本漏洞 | Forcepoint | Cloud Security Gateway (CSG) | Medium | 6.1 | 2023-03-29 16:28:47 | Deep Dive |
| CVE-2023-25817 | Delete permissions are not saved when creating public share in Nextcloud server | nextcloud | security-advisories | Low | 3.5 | 2023-03-27 20:04:15 | Deep Dive |
| CVE-2023-25818 | Missing brute force protection on password reset token in Nextcloud Server | nextcloud | security-advisories | Medium | 5.3 | 2023-03-27 20:00:01 | Deep Dive |
| CVE-2023-20107 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability | Cisco | Cisco Adaptive Security Appliance (ASA) Software | 高危 | - | 2023-03-23 00:00:00 | Deep Dive |
| CVE-2023-25820 | Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal | nextcloud | security-advisories | Medium | 4.2 | 2023-03-22 18:22:54 | Deep Dive |
| CVE-2023-25684 | IBM Security Key Lifecycle Manager SQL injection | IBM | Security Key Lifecycle Manager | Medium | 6.5 | 2023-03-21 16:13:23 | Deep Dive |
| CVE-2023-25686 | IBM Security Key Lifecycle Manager information disclosure | IBM | Security Key Lifecycle Manager | Medium | 6.2 | 2023-03-21 15:55:54 | Deep Dive |