Filter
AND

Nextcloud Nextcloud ServerNextcloud Server's users can delete old versions of read-only shared files

First published (updated )

Nextcloud DeckNextcloud Deck can access comments and attachments of deleted cards

First published (updated )

Nextcloud NotesNextcloud Notes app can be tricked into using a received share created before the user logged in

First published (updated )

Nextcloud calendarNextcloud Calendar's event create can create attachments that link to other websites

First published (updated )

Nextcloud Nextcloud ServerNextcloud Server's read-only users can restore old versions

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud guestsImproper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist

EPSS
0.05%
First published (updated )

Nextcloud guestsAll users can reset the allowed apps list for Nextcloud Guest App users

EPSS
0.05%
First published (updated )

Nextcloud ZipperPermissions bypass in Nextcloud with the files zip app

EPSS
0.05%
First published (updated )

Nextcloud Sso \& Saml AuthenticationOpen redirect in user_saml via RelayState parameter in Nextcloud User Saml

EPSS
0.05%
First published (updated )

Nextcloud DeckCross-site Scripting when sending HTML as a comment in the Nextcloud Deck app

EPSS
0.05%
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud Nextcloud ServerWorkflows do not require password confirmation on API level

First published (updated )

Nextcloud NextcloudApp PIN code can be bypassed in Nextcloud Files iOS

First published (updated )

Nextcloud calendarCalendar app returns full stacktrace when an error happens while editing appointment

First published (updated )

Nextcloud Nextcloud ServerNextcloud Server user_ldap app logs user passwords in the log file on level debug

First published (updated )

Nextcloud Nextcloud ServerNextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud Nextcloud ServerNextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V

First published (updated )

Nextcloud Nextcloud ServerNextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name

First published (updated )

Nextcloud calendarInviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive

First published (updated )

Nextcloud talkPassword of talk conversations can be bruteforced in Nextcloud

First published (updated )

Nextcloud Nextcloud ServerRate limiter not working reliable when Memcached is installed in Nextcloud

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud mailRequire strict cookies for image proxy requests in Nextcloud Mail

First published (updated )

Nextcloud Nextcloud ServerText does not respect "Allow download" permissions

First published (updated )

Nextcloud Nextcloud ServerExistence of calendars and address books can be checked by unauthenticated users

First published (updated )

Nextcloud Nextcloud ServerMissing brute force protection on password reset token OAuth2 API controller

First published (updated )

Nextcloud NotesNotes attachment render HTML in preview mode

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Nextcloud User OidcIssuer not verified from obtained token in user_oidc

First published (updated )

Nextcloud Nextcloud ServerAdvanced permissions not respected when copying entire group folders

First published (updated )

Nextcloud End-to-End EncryptionEnd-to-End encrypted file-drops can be made inaccessible

First published (updated )

Nextcloud Nextcloud ServerNextcloud Server vulnerable to open redirect on "Unsupported browser" warning

First published (updated )

Nextcloud calendarCalendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some interna…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203