tag
Authorization-Bypass
High
RustDesk Relay Session Downgrade and FileTransfer Authorization Scope Bypass
None assigned as of 2026-07-03·
RustDesk (rustdesk/rustdesk) — client relay/session setup and server-side connection dispatcher
unpatched
High
Nextcloud Federated Share OCM Bearer Token Scope Escalation to Sender WebDAV Access
None assigned as of 2026-07-03·
Nextcloud Server — federated file sharing, OCM token exchange, WebDAV bearer authentication
unpatched
High
MyBB 1.8.40 Limited Admin CP User-Manager to Full Administrator Privilege Escalation
None assigned as of 2026-07-03 (see Notes — CVE-2026-45115 identifies a separate, already-patched MyBB issue)·
MyBB forum software, Admin CP add-user flow
unpatched
High
Discourse Scoped API Key Pre-Route Authorization Bypass
None assigned as of 2026-07-03·
Discourse (forum platform)
unpatched
High
Next.js i18n Middleware Bypass (CVE-2026-44573)
CVE-2026-44573·
Next.js Pages Router with i18n configuration
unpatched
High
Next.js App Router Segment-Prefetch Middleware Bypass (CVE-2026-44575)
CVE-2026-44575·
Next.js App Router applications that rely on middleware.ts matchers to protect routes
patched