Filter
AND

Nextcloud DesktopCode injection in Nextcloud Desktop Client for macOS

7.8
First published (updated )

Nextcloud Nextcloud ServerNextcloud Server can reshare read&share only folder with more permissions

8.1
First published (updated )

Nextcloud Nextcloud ServerNextcloud Server users can make external storage mount points inaccessible for other users

8.5
First published (updated )

Nextcloud Nextcloud ServerOAuth2 client_secret stored in plain text in the Nextcloud database

8.8
First published (updated )

Nextcloud Nextcloud ServerNextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud Nextcloud ServerMissing password confirmation when creating app passwords

8.1
First published (updated )

Nextcloud Nextcloud ServerUsers can delete external storage mount points

7.7
First published (updated )

Nextcloud Talk AndroidPath traversal allows tricking the Talk Android app into writing files into it's root directory

7.8
First published (updated )

Nextcloud User Oidcuser_oidc app stores client secret unencrypted in database

8.1
First published (updated )

Nextcloud Nextcloud ServerNextcloud user scoped external storage can be used to gather credentials of other users

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud Nextcloud ServerNextcloud system addressbooks can be modified by malicious trusted server

8.1
First published (updated )

Nextcloud Nextcloud ServerNextcloud Server's brute force protection allows someone to send more requests than intended

8.7
First published (updated )

Nextcloud Nextcloud ServerNextcloud server is an open source personal cloud implementation. Missing brute-force protection on …

8.1
First published (updated )

NextCloud CookbookNextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection

8.8
First published (updated )

Nextcloud Nextcloud ServerNextcloud server provides a home for data. A regression in the session handling between Nextcloud Se…

7.2
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud Nextcloud ServerNextcloud Server missing brute force protection for passwords of password protected share links

7.5
First published (updated )

Nextcloud Nextcloud ServerUsers can set up workflows using restricted and invisible system tags in Nextcloud

8.8
First published (updated )

Nextcloud Nextcloud ServerNextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch befor…

7.5
First published (updated )

Nextcloud Nextcloud ServerInsecure randomness for default password in nextcloud

7.5
First published (updated )

Nextcloud Nextcloud ServerUnrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud Nextcloud ServerDelete permissions are not saved when creating public share in Nextcloud server

8.1
First published (updated )

Nextcloud Nextcloud ServerMissing brute force protection on password reset token in Nextcloud Server

7.1
First published (updated )

Nextcloud Nextcloud ServerNextcloud Server and Enterprise Server missing brute force protection on password confirmation modal

7.8
First published (updated )

Nextcloud Nextcloud ServerNextcloud download permissions can be changed by resharer

7.5
First published (updated )

Nextcloud Nextcloud ServerDirectory traversal in Nextcloud server

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud DesktopNextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link

8.8
First published (updated )

Nextcloud DesktopNextcloud Desktop vulnerable to code injection via malicious link

7.8
First published (updated )

Nextcloud Nextcloud Enterprise ServerAuthentication headers exposed on by Nextcloud Server

7.5
First published (updated )

Nextcloud NextcloudSQL Injection in FileContentProvider (GHSL-2021-1007)

7.5
First published (updated )

Nextcloud NewsIntent URI permissions manipulation in nextcloud news-android

7.1
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud ServerFile Traversal affecting SVG files on Nextcloud Server

8.8
First published (updated )

Nextcloud Nextcloud ServerRate-limits not working on instances without configured memory cache backend

8.1
First published (updated )

Nextcloud DeckMissing permission check on Deck API

8.1
First published (updated )

Nextcloud Nextcloud ServerBypass of Two Factor Authentication in Nextcloud server

8.1
First published (updated )

Nextcloud RichdocumentsFile Drop can be bypassed using Richdocuments app in nextcloud

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud DesktopUntrusted Search Path in Nextcloud Desktop Client

7.3
First published (updated )

Nextcloud NextcloudEnd-to-end encryption device setup did not verify public key

7.5
First published (updated )

Nextcloud talkNextcloud Talk not properly disassociating users from chats after account deletion

8.1
First published (updated )

Nextcloud Nextcloud ServerLack of ratelimit on public DAV endpoint

7.5
First published (updated )

Nextcloud Nextcloud ServerApplication specific tokens can change their own scope

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud Nextcloud ServerFilenames not escaped by default in controllers using DownloadResponse

8.8
First published (updated )

Nextcloud Nextcloud ServerTrusted servers exchange can be triggered by attacker

8.6
First published (updated )

Nextcloud Nextcloud MailMissing permission check on email metadata retrieval

8.8
First published (updated )

Nextcloud DesktopNextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing valida…

8.8
First published (updated )

Nextcloud Nextcloud ServerA wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when re…

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud SocialMissing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allo…

7.4
First published (updated )

Nextcloud Nextcloud ServerInsufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an att…

8.1
First published (updated )

Nextcloud Nextcloud ServerA logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it wa…

7.5
First published (updated )

Nextcloud DeckImproper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with th…

First published (updated )

Nextcloud DesktopA cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information…

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203