Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-45729 — ThorVG: Null pointer dereference in SVG loader causes crash via 6-byte malformed input

Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes untrusted SVG data to …

Remote | Memory Corruption
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
8.8 HIGH
CVE-2026-45727 — CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve lead…

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path componen…

Remote | Path Traversal
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.1 HIGH
CVE-2026-45722 — Nextcloud: Tables app allows limited SQLi in ORDER BY with malicious sort order argument …

Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the …

Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
5.9 MEDIUM
CVE-2026-45691 — Nextcloud: Bypass of second factor authentication on DAV endpoints

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful …

Remote | Authentication
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
5.9 MEDIUM
CVE-2026-45690 — Nextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed atta…

Remote | Authentication
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
8.2 HIGH
CVE-2026-45545 — Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker wi…

Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
4.3 MEDIUM
CVE-2026-45544 — Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Maskin…

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. Th…

Remote | Information Disclosure
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
5.3 MEDIUM
CVE-2026-45543 — Nextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible …

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the af…

Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
8.2 HIGH
CVE-2026-45302 — Prototype Pollution in parse-nested-form-data via `__proto__` in FormData field names

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData() walks bracket and dot-notation FormData field names into nes…

Remote | Misconfiguration
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
4.3 MEDIUM
CVE-2026-45286 — Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance …

Remote | Information Disclosure
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
6.4 MEDIUM
CVE-2026-45285 — Nextcloud: Hidden Public Link creation when sharing to a Team External Member

Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes…

Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
4.6 MEDIUM
CVE-2026-45284 — Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users …

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user …

Remote | Authentication
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
6.3 MEDIUM
CVE-2026-45283 — Nextcloud: Files Lock app allows users to lock and unlock files of other users

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ow…

Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
6.5 MEDIUM
CVE-2026-45282 — Nextcloud: Logged-in user bypasses share password and download restrictions on Text attac…

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of…

Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
8.1 HIGH
CVE-2026-45281 — Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an…

Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
4.4 MEDIUM
CVE-2026-45279 — Nextcloud: Limited path traversal via template API if using `{lang}` in config

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config…

Remote | Path Traversal
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
3.3 LOW
CVE-2026-45278 — Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses …

| Misconfiguration
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
3.3 LOW
CVE-2026-45277 — Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals …

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can req…

| Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
6.5 MEDIUM
CVE-2026-45275 — Nextcloud: Authorization bypass in approval feature allows unauthorized file sharing with…

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to f…

Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.8 HIGH
CVE-2026-43958 — Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulner…

enterprise_linux enterprise_linux | Memory Corruption
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
Showing 20 of 6990 Results