Filters

Software

nextcloud nextcloud server
8
nextcloud mail
2
nextcloud calendar
1
nextcloud desktop
1
nextcloud extract
1
nextcloud global site selector
1
nextcloud lookup-server
1
nextcloud nextcloud
1
nextcloud talk
1
nextcloud user oidc
1

Nextcloud DesktopIn Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server a…

critical
9.1
First published (updated )
CVE-2024-46958

Nextcloud Global Site SelectorNextcloud global site selector authentication bypass

critical
9.8
EPSS
0.10%
First published (updated )
CVE-2024-22212

Nextcloud Nextcloud ServerBruteforce protection can be bypassed with misconfigured proxy

critical
9.8
First published (updated )
CVE-2023-49792

Nextcloud mailNextcloud Mail app vulnerable to Server-Side Request Forgery

critical
9.8
First published (updated )
CVE-2023-48307

Nextcloud Nextcloud ServerNextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF

critical
9.8
First published (updated )
CVE-2023-48306

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Nextcloud Nextcloud ServerNextcloud Server password reset endpoint is not brute force protected

critical
9.1
First published (updated )
CVE-2023-35172

Nextcloud User OidcNextcloud user_oidc app is missing brute force protection

critical
9.8
First published (updated )
CVE-2023-32074

Nextcloud Nextcloud ServerScope of workflow operations is not validated in nextcloud server

critical
9.1
First published (updated )
CVE-2023-26482

Nextcloud mailUnauthenticated SSRF in 3rd party module "cerdic/csstidy"

critical
9.8
First published (updated )
CVE-2022-31132

Nextcloud calendarCommand Injection in Appointment Emails for Nextcloud Calendar

critical
9.8
First published (updated )
CVE-2022-24838

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Nextcloud Nextcloud ServerPreview generation used third-party library not suited for user-generated content in Nextcloud server

critical
10
First published (updated )
CVE-2021-32802

Nextcloud Nextcloud ServerWebauthn tokens not removed after user has been deleted

critical
9.8
First published (updated )
CVE-2021-32726

Nextcloud Nextcloud ServerNextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of…

critical
9.8
First published (updated )
CVE-2021-22915

Nextcloud Nextcloud ServerAttacker can obtain write access to any federated share/public link

critical
9.1
First published (updated )
CVE-2021-32654

Nextcloud talkCode Injection

critical
9.9
First published (updated )
CVE-2020-8180

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Nextcloud Lookup-ServerSQL Injection

critical
9.8
First published (updated )
CVE-2019-5476

Nextcloud NextcloudSQL Injection

critical
9.8
First published (updated )
CVE-2019-5454

Nextcloud ExtractOS Command Injection

critical
9
First published (updated )
CVE-2019-12739

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203