CVE-2026-45155 - Nextcloud: Private circle can be added to another circle via API
CVE ID :CVE-2026-45155
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by default this is still unlikely to be executable at will, but if access to an ID was available via another source, memberships could be tracked like this. It is recommended that the Nextcloud Server is upgraded to 32.0.7 or 33.0.1. It is recommended that the Nextcloud Enterprise Server is upgraded to 29.0.16.14, 30.0.17.8, 31.0.14.3, 32.0.7 or 33.0.1
Severity: 2.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45155
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by default this is still unlikely to be executable at will, but if access to an ID was available via another source, memberships could be tracked like this. It is recommended that the Nextcloud Server is upgraded to 32.0.7 or 33.0.1. It is recommended that the Nextcloud Enterprise Server is upgraded to 29.0.16.14, 30.0.17.8, 31.0.14.3, 32.0.7 or 33.0.1
Severity: 2.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-45156 - Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC
CVE ID :CVE-2026-45156
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowed a malicious ID4me authority to identify as any user. This issue has been patched in versions 3.1.0, 4.1.0, 5.1.0, 6.4.0 and 8.3.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45156
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowed a malicious ID4me authority to identify as any user. This issue has been patched in versions 3.1.0, 4.1.0, 5.1.0, 6.4.0 and 8.3.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-45157 - Nextcloud: Valid share tokens allow to access tempory upload files of share owner
CVE ID :CVE-2026-45157
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see temporary part files during on going uploads. It is recommended that the Nextcloud Server is upgraded to 32.0.9 or 33.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 26.0.13.26, 27.1.11.25, 28.0.14.17, 29.0.16.16, 30.0.17.9, 31.0.14.5, 32.0.9 or 33.0.3
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45157
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see temporary part files during on going uploads. It is recommended that the Nextcloud Server is upgraded to 32.0.9 or 33.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 26.0.13.26, 27.1.11.25, 28.0.14.17, 29.0.16.16, 30.0.17.9, 31.0.14.5, 32.0.9 or 33.0.3
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-45159 - Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner
CVE ID :CVE-2026-45159
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-end encrypted folders of the share owner. Reading and modifying of other files was not possible. This issue has been patched in versions 1.15.4, 1.16.3, 1.17.1, 1.18.1, and 2.0.0-rc.7.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45159
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-end encrypted folders of the share owner. Reading and modifying of other files was not possible. This issue has been patched in versions 1.15.4, 1.16.3, 1.17.1, 1.18.1, and 2.0.0-rc.7.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-45264 - Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames
CVE ID :CVE-2026-45264
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can rename files in the team folder. This issue has been patched in versions 17.0.15, 18.1.12, 19.1.16, 20.1.11, and 21.0.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45264
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can rename files in the team folder. This issue has been patched in versions 17.0.15, 18.1.12, 19.1.16, 20.1.11, and 21.0.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-45266 - Nextcloud: Unauthorized force-mute from missing permission check when using internal signaling
CVE ID :CVE-2026-45266
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and 23.0.3.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45266
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and 23.0.3.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-45267 - Nextcloud: Missing permission check for from submissions
CVE ID :CVE-2026-45267
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45267
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-45701 - Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens
CVE ID :CVE-2026-45701
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical hash algorithm. This issue has been patched in versions 2.6.23 and 3.0.6.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45701
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical hash algorithm. This issue has been patched in versions 2.6.23 and 3.0.6.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-46243 - smb: client: reject userspace cifs.spnego descriptions
CVE ID :CVE-2026-46243
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-46243
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8501 - CVE-2026-8501
CVE ID :CVE-2026-8501
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit this vulnerability to perform sensitive and privileged operations on the target system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8501
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit this vulnerability to perform sensitive and privileged operations on the target system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8643 - pip can extract console_scripts and gui_scripts outside installation directory
CVE ID :CVE-2026-8643
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8643
Published : June 1, 2026, 5:17 p.m. | 1 hour, 31 minutes ago
Description :pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0089 - PackageInstallerService: Privilege Escalation via Unverified App Installation
CVE ID :CVE-2026-0089
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-0089
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0091 - Microsoft Launcher Privilege Escalation
CVE ID :CVE-2026-0091
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-0091
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0093 - Microsoft Windows Misleading UI Local Privilege Escalation
CVE ID :CVE-2026-0093
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-0093
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0094 - KeyChainActivity: Privilege Escalation via Malicious Certificate Access
CVE ID :CVE-2026-0094
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-0094
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0095 - Broadcom Bluetooth Heap Corruption Leading to Privilege Escalation
CVE ID :CVE-2026-0095
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-0095
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0096 - Google ForgetDeviceDialogFragment UI Tricking Privilege Escalation
CVE ID :CVE-2026-0096
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-0096
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0097 - Bluetooth LE Pair-Unpaired Device Logic Bypass Privilege Escalation
CVE ID :CVE-2026-0097
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-0097
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0098 - Android Shared getCallingPackageName Activity Start Restriction Bypass
CVE ID :CVE-2026-0098
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-0098
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0099 - Android HostEmulationManager Activity Launch Privilege Escalation
CVE ID :CVE-2026-0099
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-0099
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0100 - Android LoadOut Heap Buffer Overflow Local Privilege Escalation
CVE ID :CVE-2026-0100
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-0100
Published : June 1, 2026, 10:16 p.m. | 33 minutes ago
Description :In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...