Filters
Software
nextcloud nextcloud server
101
nextcloud nextcloud
20
nextcloud desktop
15
nextcloud deck
13
nextcloud talk
11
nextcloud mail
7
nextcloud richdocuments
7
nextcloud calendar
5
nextcloud nextcloud enterprise server
5
nextcloud contacts
4
nextcloud circles
3
nextcloud nextcloud mail
3
nextcloud end-to-end encryption
2
nextcloud guests
2
nextcloud nextcloud talk
2
nextcloud notes
2
nextcloud openid connect user backend
2
nextcloud preferred providers
2
nextcloud talk android
2
nextcloud user oidc
2
nextcloud files access control
1
nextcloud officeonline
1
nextcloud server
1
nextcloud social
1
nextcloud sso \& saml authentication
1
nextcloud zipper
1
Nextcloud Nextcloud ServerNextcloud Server's users can delete old versions of read-only shared files
5.4
First published (updated )
Nextcloud DeckNextcloud Deck can access comments and attachments of deleted cards
4.3
First published (updated )
Nextcloud NotesNextcloud Notes app can be tricked into using a received share created before the user logged in
4.6
First published (updated )
Nextcloud calendarNextcloud Calendar's event create can create attachments that link to other websites
4.6
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's read-only users can restore old versions
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud guestsImproper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist
5.4
EPSS
0.05%
First published (updated )
Nextcloud guestsAll users can reset the allowed apps list for Nextcloud Guest App users
4.3
EPSS
0.05%
First published (updated )
Nextcloud ZipperPermissions bypass in Nextcloud with the files zip app
4.3
EPSS
0.05%
First published (updated )
Nextcloud Sso \& Saml AuthenticationOpen redirect in user_saml via RelayState parameter in Nextcloud User Saml
6.1
EPSS
0.05%
First published (updated )
Nextcloud DeckCross-site Scripting when sending HTML as a comment in the Nextcloud Deck app
5.4
EPSS
0.05%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerWorkflows do not require password confirmation on API level
5.4
First published (updated )
Nextcloud NextcloudApp PIN code can be bypassed in Nextcloud Files iOS
4.3
First published (updated )
Nextcloud calendarCalendar app returns full stacktrace when an error happens while editing appointment
6.5
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server user_ldap app logs user passwords in the log file on level debug
4.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V
5.4
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name
5.4
First published (updated )
Nextcloud calendarInviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive
4.3
First published (updated )
Nextcloud talkPassword of talk conversations can be bruteforced in Nextcloud
4.3
First published (updated )
Nextcloud Nextcloud ServerRate limiter not working reliable when Memcached is installed in Nextcloud
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud mailRequire strict cookies for image proxy requests in Nextcloud Mail
4.3
First published (updated )
Nextcloud Nextcloud ServerText does not respect "Allow download" permissions
4.3
First published (updated )
Nextcloud Nextcloud ServerExistence of calendars and address books can be checked by unauthenticated users
5.3
First published (updated )
Nextcloud Nextcloud ServerMissing brute force protection on password reset token OAuth2 API controller
5.8
First published (updated )
Nextcloud NotesNotes attachment render HTML in preview mode
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud User OidcIssuer not verified from obtained token in user_oidc
4.8
First published (updated )
Nextcloud Nextcloud ServerAdvanced permissions not respected when copying entire group folders
6.5
First published (updated )
Nextcloud End-to-End EncryptionEnd-to-End encrypted file-drops can be made inaccessible
6.5
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to open redirect on "Unsupported browser" warning
6.1
First published (updated )
Nextcloud calendarCalendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some interna…
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud talkChat poll data can still be queried from API after purging history in Nextcloud talk
4.3
First published (updated )
Nextcloud DesktopNextcloud Desktop client does not verify received singed certificate in end-to-end encryption
6.5
First published (updated )
Nextcloud NextcloudNextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders
6.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud DesktopNextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keys
6.7
First published (updated )
Nextcloud DesktopNextcloud Desktop: Initialization vector reuse in E2EE allows malicious server admin to break, manipulate, access files
6.7
First published (updated )
Nextcloud User OidcCSRF protection on user_oidc login returned the expected token in case of an error
5.4
First published (updated )
Nextcloud Nextcloud ServerFull path of data directory exposed to Nextcloud server users
4.3
First published (updated )
Nextcloud RichdocumentsNextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected…
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerUser without download rights can download older version of that file in nextcloud server
6.5
First published (updated )
Nextcloud NextcloudNextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In ver…
4.4
First published (updated )
Nextcloud NextcloudNextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In ve…
6.8
First published (updated )
Nextcloud Nextcloud TalkNextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs wer…
4.3
First published (updated )
Nextcloud Nextcloud Servernextcloud vulnerable to Uncontrolled Resource Consumption
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs
5.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails
5.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server previews are accessible without a watermark
5.3
First published (updated )
Nextcloud RichdocumentsDocument content of files can be obtained through Collabora for files of other users
5.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.