Filters
Versions
25.0.0
43
24.0.0
41
21.0.0
40
23.0.0
36
26.0.0
28
20.0.0
26
22.0.0
24
27.0.0
21
10.0.0
12
16.0.0
8
13.0.0
7
19.0.0
6
15.0.0
5
22.2.0
5
11.0.0
4
14.0.0
4
17.0.0
4
18.0.0
4
28.0.0
4
24.0.4
3
10.0.2
2
14.0.0-beta1
2
14.0.0-beta2
2
14.0.0-beta3
2
14.0.0-beta4
2
14.0.0-rc1
2
14.0.0-rc2
2
10.0-rc1
1
10.0.1
1
12.0.0
1
12.0.5
1
14.0.5
1
14.0.6
1
16.0.1
1
19.0.1
1
22.2.10.16
1
23.0.12
1
24.0.0-beta1
1
24.0.0-beta2
1
24.0.0-beta3
1
24.0.0-rc1
1
24.0.0-rc2
1
24.0.0-rc3
1
24.0.12
1
24.0.2
1
24.0.8
1
25.0.13
1
25.0.2
1
26.0.8
1
27.1.3
1
28.0.6
1
29.0.0
1
9.0.51
1
9.0.54
1
Nextcloud Nextcloud ServerNextcloud Server's events information leaked with shared calendars on recurrence exceptions
3.5
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's users can delete old versions of read-only shared files
5.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server can reshare read&share only folder with more permissions
8.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's read-only users can restore old versions
4.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Photos' shared albums have no restriction on photo removal
3.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerOAuth2 authorization codes are valid indefinetly in Nextcloud server
3.7
EPSS
0.05%
First published (updated )
Nextcloud Nextcloud ServerBruteforce protection can be bypassed with misconfigured proxy
9.8
First published (updated )
Nextcloud Nextcloud ServerWorkflows do not require password confirmation on API level
5.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF
9.8
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server user_ldap app logs user passwords in the log file on level debug
4.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user
4.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server admins can change authentication details of user configured external storage
2.7
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V
5.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name
5.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server users can make external storage mount points inaccessible for other users
8.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerRate limiter not working reliable when Memcached is installed in Nextcloud
4.3
First published (updated )
Nextcloud Nextcloud ServerOAuth2 client_secret stored in plain text in the Nextcloud database
8.8
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint
7.5
First published (updated )
Nextcloud Nextcloud ServerMissing password confirmation when creating app passwords
8.1
First published (updated )
Nextcloud Nextcloud ServerUsers can delete external storage mount points
7.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerText does not respect "Allow download" permissions
4.3
First published (updated )
Nextcloud Nextcloud ServerExistence of calendars and address books can be checked by unauthenticated users
5.3
First published (updated )
Nextcloud Nextcloud ServerMissing brute force protection on password reset token OAuth2 API controller
5.8
First published (updated )
Nextcloud Nextcloud ServerAdvanced permissions not respected when copying entire group folders
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud system addressbooks can be modified by malicious trusted server
8.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server password reset endpoint is not brute force protected
9.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to open redirect on "Unsupported browser" warning
6.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When m…
8.7
First published (updated )
Nextcloud Nextcloud ServerNextcloud server is an open source personal cloud implementation. Missing brute-force protection on …
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud server provides a home for data. A regression in the session handling between Nextcloud Se…
7.2
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server missing brute force protection for passwords of password protected share links
7.5
First published (updated )
Nextcloud Nextcloud ServerUsers can set up workflows using restricted and invisible system tags in Nextcloud
8.8
First published (updated )
Nextcloud Nextcloud ServerFull path of data directory exposed to Nextcloud server users
4.3
First published (updated )
Nextcloud Nextcloud ServerUser without download rights can download older version of that file in nextcloud server
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud server is an open source home cloud implementation. In affected versions when a recipient …
First published (updated )
Nextcloud Nextcloud ServerNextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch befor…
7.5
First published (updated )
Nextcloud Nextcloud ServerInsecure randomness for default password in nextcloud
7.5
First published (updated )
Nextcloud Nextcloud ServerUnrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server
8.8
First published (updated )
Nextcloud Nextcloud ServerScope of workflow operations is not validated in nextcloud server
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerDelete permissions are not saved when creating public share in Nextcloud server
8.1
First published (updated )
Nextcloud Nextcloud ServerMissing brute force protection on password reset token in Nextcloud Server
7.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server and Enterprise Server missing brute force protection on password confirmation modal
7.8
First published (updated )
Nextcloud Nextcloud ServerNextcloud download permissions can be changed by resharer
7.5
First published (updated )
Nextcloud Nextcloud Servernextcloud vulnerable to Uncontrolled Resource Consumption
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerDirectory traversal in Nextcloud server
7.5
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs
5.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails
5.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server previews are accessible without a watermark
5.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's disabled download shares still allow download through preview images
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.