Filters
Nextcloud Nextcloud ServerNextcloud Server users can make external storage mount points inaccessible for other users
8.5
First published (updated )
Nextcloud Nextcloud ServerMissing password confirmation when creating app passwords
8.1
First published (updated )
Nextcloud Nextcloud ServerUsers can delete external storage mount points
7.7
First published (updated )
Nextcloud Nextcloud ServerNextcloud system addressbooks can be modified by malicious trusted server
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerDirectory traversal in Nextcloud server
7.5
First published (updated )
Nextcloud Nextcloud ServerSMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server
5.4
First published (updated )
Nextcloud Nextcloud ServerLack of ratelimit on public share link mount endpoint
5.3
First published (updated )
Nextcloud Nextcloud ServerFile path disclosure of shared files in Nextcloud Text application
5.3
First published (updated )
Nextcloud Nextcloud ServerXSS in Nextcloud Text application
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerWebauthn tokens not removed after user has been deleted
9.8
First published (updated )
Nextcloud Nextcloud ServerDefault share permissions not respected for federated reshares
5.3
First published (updated )
Nextcloud Nextcloud ServerLack of ratelimit on public DAV endpoint
7.5
First published (updated )
Nextcloud Nextcloud ServerLack of ratelimit on shareinfo endpoint
5.3
First published (updated )
Nextcloud Nextcloud ServerApplication specific tokens can change their own scope
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerAudit log is not properly logging unsetting of share expiration date
3.3
First published (updated )
Nextcloud Nextcloud ServerFilenames not escaped by default in controllers using DownloadResponse
8.8
First published (updated )
Nextcloud Nextcloud ServerRatelimit not applied on OCS API responses
5.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of…
9.8
First published (updated )
Nextcloud Nextcloud ServerMalicious user could break user administration page
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerTrusted servers exchange can be triggered by attacker
8.6
First published (updated )
Nextcloud Nextcloud ServerFiles Drop public link can be added as federated share
3.5
First published (updated )
Nextcloud Nextcloud ServerAttacker can obtain write access to any federated share/public link
9.1
First published (updated )
Nextcloud Nextcloud ServerDefault settings leak federated cloud ID to lookup server of all users
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.