Netranger

**Name of the Vulnerable Software and Affected Versions** Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin versions prior to 2.3.6 **Description** The Everest Backup plugin for WordPress allows unauthorized access to data due to a missing capability check on the `everest process status` AJAX action. This allows unauthenticated attackers to retrieve back-up file locations, which can then be accessed and downloaded. This requires a back-up to be running in order for an attacker to retrieve the back-up location. **Recommendations** Update to version 2.3.6 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop Client versions prior to 3.3.1 **Description** The issue is related to the lack of SSL certificate verification when using the "Register with a Provider" flow in the Nextcloud Desktop Client, allowing a remote attacker to impact data integrity. **Recommendations** For versions prior to 3.3.1, update to version 3.3.1 or later to resolve the issue. As a temporary workaround, consider disabling the "Register with a Provider" flow until a patch is available. Restrict access to the affected flow to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 14.0.0 **Description** A missing check in the software could give unauthorized access to the previews of single file password protected shares. **Recommendations** For versions prior to 14.0.0, update to version 14.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 11.0.7 Nextcloud Server versions prior to 12.0.5 **Description** The issue is related to an Authorization Bypass Through User-Controlled Key. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. However, the app passwords themselves were neither disclosed nor could the error be misused to identify as another user. **Recommendations** For Nextcloud Server versions prior to 11.0.7, update to version 11.0.7 or later. For Nextcloud Server versions prior to 12.0.5, update to version 12.0.5 or later.