Filters
Software
nextcloud nextcloud server
159
nextcloud nextcloud
28
nextcloud desktop
24
nextcloud deck
15
nextcloud talk
14
nextcloud mail
12
nextcloud richdocuments
8
nextcloud calendar
6
nextcloud nextcloud enterprise server
6
nextcloud nextcloud mail
5
nextcloud talk android
5
nextcloud contacts
4
nextcloud user oidc
4
nextcloud circles
3
nextcloud end-to-end encryption
2
nextcloud guests
2
nextcloud nextcloud talk
2
nextcloud notes
2
nextcloud openid connect user backend
2
nextcloud preferred providers
2
nextcloud server
2
nextcloud social
2
nextcloud cookbook
1
nextcloud extract
1
nextcloud files access control
1
nextcloud global site selector
1
nextcloud group folders
1
nextcloud lookup-server
1
nextcloud news
1
nextcloud nextcloud files automated tagging
1
nextcloud officeonline
1
nextcloud password policy
1
nextcloud sso \& saml authentication
1
nextcloud zipper
1
Nextcloud DesktopIn Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server a…
9.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's events information leaked with shared calendars on recurrence exceptions
3.5
First published (updated )
Nextcloud DesktopCode injection in Nextcloud Desktop Client for macOS
7.8
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's users can delete old versions of read-only shared files
5.4
First published (updated )
Nextcloud DeckNextcloud Deck can access comments and attachments of deleted cards
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud Server can reshare read&share only folder with more permissions
8.1
First published (updated )
Nextcloud NotesNextcloud Notes app can be tricked into using a received share created before the user logged in
4.6
First published (updated )
Nextcloud calendarNextcloud Calendar's event create can create attachments that link to other websites
4.6
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's read-only users can restore old versions
4.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Photos' shared albums have no restriction on photo removal
3.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud guestsImproper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist
5.4
EPSS
0.05%
First published (updated )
Nextcloud guestsAll users can reset the allowed apps list for Nextcloud Guest App users
4.3
EPSS
0.05%
First published (updated )
Nextcloud ZipperPermissions bypass in Nextcloud with the files zip app
4.3
EPSS
0.05%
First published (updated )
Nextcloud Nextcloud ServerOAuth2 authorization codes are valid indefinetly in Nextcloud server
3.7
EPSS
0.05%
First published (updated )
Nextcloud Sso \& Saml AuthenticationOpen redirect in user_saml via RelayState parameter in Nextcloud User Saml
6.1
EPSS
0.05%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud DeckCross-site Scripting when sending HTML as a comment in the Nextcloud Deck app
5.4
EPSS
0.05%
First published (updated )
Nextcloud Global Site SelectorNextcloud global site selector authentication bypass
9.8
EPSS
0.10%
First published (updated )
Nextcloud Nextcloud ServerBruteforce protection can be bypassed with misconfigured proxy
9.8
First published (updated )
Nextcloud Nextcloud ServerWorkflows do not require password confirmation on API level
5.4
First published (updated )
Nextcloud NextcloudApp PIN code can be bypassed in Nextcloud Files iOS
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud calendarCalendar app returns full stacktrace when an error happens while editing appointment
6.5
First published (updated )
Nextcloud mailNextcloud Mail app vulnerable to Server-Side Request Forgery
9.8
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF
9.8
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server user_ldap app logs user passwords in the log file on level debug
4.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud Server admins can change authentication details of user configured external storage
2.7
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V
5.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name
5.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server users can make external storage mount points inaccessible for other users
8.5
First published (updated )
Nextcloud calendarInviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud talkPassword of talk conversations can be bruteforced in Nextcloud
4.3
First published (updated )
Nextcloud Nextcloud ServerRate limiter not working reliable when Memcached is installed in Nextcloud
4.3
First published (updated )
Nextcloud Nextcloud ServerOAuth2 client_secret stored in plain text in the Nextcloud database
8.8
First published (updated )
Nextcloud mailRequire strict cookies for image proxy requests in Nextcloud Mail
4.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerMissing password confirmation when creating app passwords
8.1
First published (updated )
Nextcloud Nextcloud ServerUsers can delete external storage mount points
7.7
First published (updated )
Nextcloud Nextcloud ServerText does not respect "Allow download" permissions
4.3
First published (updated )
Nextcloud Nextcloud ServerExistence of calendars and address books can be checked by unauthenticated users
5.3
First published (updated )
Nextcloud Nextcloud ServerMissing brute force protection on password reset token OAuth2 API controller
5.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Talk AndroidPath traversal allows tricking the Talk Android app into writing files into it's root directory
7.8
First published (updated )
Nextcloud NotesNotes attachment render HTML in preview mode
6.1
First published (updated )
Nextcloud User Oidcuser_oidc app stores client secret unencrypted in database
8.1
First published (updated )
Nextcloud User OidcIssuer not verified from obtained token in user_oidc
4.8
First published (updated )
Nextcloud Nextcloud ServerAdvanced permissions not respected when copying entire group folders
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud system addressbooks can be modified by malicious trusted server
8.1
First published (updated )
Nextcloud End-to-End EncryptionEnd-to-End encrypted file-drops can be made inaccessible
6.5
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server password reset endpoint is not brute force protected
9.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to open redirect on "Unsupported browser" warning
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.