Yoyomiski

**Name of the Vulnerable Software and Affected Versions** Nextcloud versions 2.6.0 through 4.2.x **Description** An improper access control issue exists in the Collectives application. When pages within a collective are deleted and the collective is shared with view-only permissions, guests with access to the collective can directly access those deleted pages from the trashbin. **Recommendations** Update to version 4.3.0.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Approval app versions prior to 2.7.2 **Description** A privilege escalation issue exists in the Approval app of the Nextcloud content collaboration platform. This flaw allows a user lacking sharing permissions to force the system to share a file with approvers, leading to an authorization bypass and the unauthorized distribution of restricted files. **Recommendations** Update to version 2.7.2.