Filters
Versions
24.0.0
18
25.0.0
18
21.0.0
16
23.0.0
15
26.0.0
13
27.0.0
12
20.0.0
11
10.0.0
10
22.0.0
9
16.0.0
6
15.0.0
5
13.0.0
4
11.0.0
3
14.0.0
3
17.0.0
3
19.0.0
3
22.2.0
3
10.0.2
2
24.0.4
2
28.0.0
2
10.0-rc1
1
10.0.1
1
12.0.0
1
12.0.5
1
14.0.5
1
16.0.1
1
18.0.0
1
19.0.1
1
22.2.10.16
1
23.0.12
1
24.0.0-beta1
1
24.0.0-beta2
1
24.0.0-beta3
1
24.0.0-rc1
1
24.0.0-rc2
1
24.0.0-rc3
1
24.0.12
1
24.0.2
1
24.0.8
1
25.0.13
1
26.0.8
1
27.1.3
1
9.0.51
1
9.0.54
1
Nextcloud Nextcloud ServerNextcloud Server's users can delete old versions of read-only shared files
5.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's read-only users can restore old versions
4.3
First published (updated )
Nextcloud Nextcloud ServerWorkflows do not require password confirmation on API level
5.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server user_ldap app logs user passwords in the log file on level debug
4.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V
5.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name
5.4
First published (updated )
Nextcloud Nextcloud ServerRate limiter not working reliable when Memcached is installed in Nextcloud
4.3
First published (updated )
Nextcloud Nextcloud ServerText does not respect "Allow download" permissions
4.3
First published (updated )
Nextcloud Nextcloud ServerExistence of calendars and address books can be checked by unauthenticated users
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerMissing brute force protection on password reset token OAuth2 API controller
5.8
First published (updated )
Nextcloud Nextcloud ServerAdvanced permissions not respected when copying entire group folders
6.5
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to open redirect on "Unsupported browser" warning
6.1
First published (updated )
Nextcloud Nextcloud ServerFull path of data directory exposed to Nextcloud server users
4.3
First published (updated )
Nextcloud Nextcloud ServerUser without download rights can download older version of that file in nextcloud server
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud Servernextcloud vulnerable to Uncontrolled Resource Consumption
6.5
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs
5.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails
5.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server previews are accessible without a watermark
5.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's disabled download shares still allow download through preview images
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud Server's calendar name length not validated before writing to database
5.3
First published (updated )
Nextcloud Nextcloud Enterprise ServerMissing length validation of user displayname in nextcloud server
6.5
First published (updated )
Nextcloud Nextcloud Enterprise ServerDatabase resource exhaustion for logged-in users via sharee recommendations with circles
4.8
First published (updated )
Nextcloud Nextcloud Enterprise ServerException logging in Sharepoint app reveals clear-text connection details
6.5
First published (updated )
Nextcloud Nextcloud Enterprise ServerProfile of disabled user stays accessible
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud Enterprise ServerServer-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server
5.3
First published (updated )
Nextcloud Nextcloud ServerMissing brute force protection on cloud federation sharing in Nextcloud Server
6.5
First published (updated )
Nextcloud Nextcloud ServerSMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server
5.4
First published (updated )
Nextcloud Nextcloud ServerImproper input-size validation on the user new session name in Nextcloud Server
4.3
First published (updated )
Nextcloud Nextcloud ServerBypass of password requirements when sharing a folder via the Circles app in Nextcloud Server
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerInsufficient Verification of Data Authenticity in Nextcloud Server
4.3
First published (updated )
Nextcloud Nextcloud ServerPossible Injection in Nextcloud Server
First published (updated )
Nextcloud Nextcloud ServerMissing authorization in Nextcloud text
6.5
First published (updated )
Nextcloud Nextcloud ServerHigh memory usage in Nextcloud server
6.5
First published (updated )
Nextcloud Nextcloud ServerAdvanced permissions is not respected for subfolders in Nextcloud server
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerUser enumeration setting not respected in Nextcloud server
5.3
First published (updated )
Nextcloud Nextcloud ServerExceptions may have logged Encryption-at-Rest key content in Nextcloud server
5.5
First published (updated )
Nextcloud Nextcloud ServerNextcloud Text app can disclose existence of folders in "File Drop" link share
5.3
First published (updated )
Nextcloud Nextcloud ServerLack of ratelimit on public share link mount endpoint
5.3
First published (updated )
Nextcloud Nextcloud ServerFile path disclosure of shared files in Nextcloud Text application
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerXSS in Nextcloud Text application
6.1
First published (updated )
Nextcloud Nextcloud ServerDefault share permissions not respected for federated reshares
5.3
First published (updated )
Nextcloud Nextcloud ServerLack of ratelimit on shareinfo endpoint
5.3
First published (updated )
Nextcloud Nextcloud ServerRatelimit not applied on OCS API responses
5.3
First published (updated )
Nextcloud Nextcloud ServerMalicious user could break user administration page
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerDefault settings leak federated cloud ID to lookup server of all users
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage…
6.7
First published (updated )
Nextcloud Nextcloud ServerA missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials f…
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.