Filter
AND
-Infinity
0
Trending
Nextcloud ServerOAuth2 client_secret stored in plain text in the Nextcloud database
8.8
First published (updated )
Nextcloud ServerFilenames not escaped by default in controllers using DownloadResponse
8.8
First published (updated )
Nextcloud ServerImproper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obt…
8.8
First published (updated )
Nextcloud ServerFile Traversal affecting SVG files on Nextcloud Server
8.8
First published (updated )
Nextcloud ServerApplication specific tokens can change their own scope
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud ServerUnrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server
8.8
First published (updated )
Nextcloud ServerPotential share collision for recipients when caching is enabled in nextcloud server
8.8
First published (updated )
Nextcloud ServerUsers can set up workflows using restricted and invisible system tags in Nextcloud
8.8
First published (updated )
Nextcloud ServerNextcloud user scoped external storage can be used to gather credentials of other users
8.8
First published (updated )
Nextcloud ServerNextcloud Server's brute force protection allows someone to send more requests than intended
8.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud ServerTrusted servers exchange can be triggered by attacker
8.6
First published (updated )
Nextcloud ServerNextcloud Server users can make external storage mount points inaccessible for other users
8.5
First published (updated )
Nextcloud ServerNextcloud Server's OAuth2 client secrets were stored in a recoverable way
8.2
First published (updated )
Nextcloud ServerBasic auth header on WebDAV requests is not brute-force protected in Nextcloud
8.1
First published (updated )
Nextcloud ServerNextcloud Server can reshare read&share only folder with more permissions
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud ServerInsufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an att…
8.1
First published (updated )
Nextcloud ServerA bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the…
8.1
First published (updated )
Nextcloud ServerImproper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to…
8.1
First published (updated )
ownCloudNextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer fr…
8.1
First published (updated )
Nextcloud ServerRate-limits not working on instances without configured memory cache backend
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud ServerBypass of Two Factor Authentication in Nextcloud server
8.1
First published (updated )
Nextcloud ServerNextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token en…
8.1
First published (updated )
Nextcloud ServerDelete permissions are not saved when creating public share in Nextcloud server
8.1
First published (updated )
Nextcloud ServerMissing password confirmation when creating app passwords
8.1
First published (updated )
Nextcloud ServerNextcloud system addressbooks can be modified by malicious trusted server
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud ServerNextcloud Server and Enterprise Server missing brute force protection on password confirmation modal
7.8
First published (updated )
Nextcloud ServerAn Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to …
7.7
First published (updated )
Nextcloud ServerUsers can delete external storage mount points
7.7
First published (updated )
Nextcloud ServerNextcloud Server User password is available in memory of the PHP process
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.