Filters
Nextcloud Nextcloud ServerNextcloud Server users can make external storage mount points inaccessible for other users
8.5
First published (updated )
Nextcloud Nextcloud ServerMissing password confirmation when creating app passwords
8.1
First published (updated )
Nextcloud Nextcloud ServerUsers can delete external storage mount points
7.7
First published (updated )
Nextcloud Nextcloud ServerNextcloud system addressbooks can be modified by malicious trusted server
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud Server password reset endpoint is not brute force protected
9.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When m…
8.7
First published (updated )
Nextcloud Nextcloud ServerUsers can set up workflows using restricted and invisible system tags in Nextcloud
8.8
First published (updated )
Nextcloud Nextcloud ServerScope of workflow operations is not validated in nextcloud server
9.1
First published (updated )
Nextcloud Nextcloud ServerMissing brute force protection on password reset token in Nextcloud Server
7.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud Server and Enterprise Server missing brute force protection on password confirmation modal
7.8
First published (updated )
Nextcloud Nextcloud ServerDirectory traversal in Nextcloud server
7.5
First published (updated )
Nextcloud Nextcloud ServerSMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server
5.4
First published (updated )
Nextcloud Nextcloud ServerPossible Injection in Nextcloud Server
First published (updated )
Nextcloud Nextcloud ServerMissing authorization in Nextcloud text
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerHigh memory usage in Nextcloud server
6.5
First published (updated )
Nextcloud Nextcloud ServerAdvanced permissions is not respected for subfolders in Nextcloud server
4.3
First published (updated )
Nextcloud Nextcloud ServerUser enumeration setting not respected in Nextcloud server
5.3
First published (updated )
Nextcloud Nextcloud ServerRate-limits not working on instances without configured memory cache backend
8.1
First published (updated )
Nextcloud Nextcloud ServerPreview generation used third-party library not suited for user-generated content in Nextcloud server
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerExceptions may have logged Encryption-at-Rest key content in Nextcloud server
5.5
First published (updated )
Nextcloud Nextcloud ServerBypass of Two Factor Authentication in Nextcloud server
8.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud Text app can disclose existence of folders in "File Drop" link share
5.3
First published (updated )
Nextcloud Nextcloud ServerLack of ratelimit on public share link mount endpoint
5.3
First published (updated )
Nextcloud Nextcloud ServerFile path disclosure of shared files in Nextcloud Text application
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerXSS in Nextcloud Text application
6.1
First published (updated )
Nextcloud Nextcloud ServerWebauthn tokens not removed after user has been deleted
9.8
First published (updated )
Nextcloud Nextcloud ServerDefault share permissions not respected for federated reshares
5.3
First published (updated )
Nextcloud Nextcloud ServerLack of ratelimit on public DAV endpoint
7.5
First published (updated )
Nextcloud Nextcloud ServerLack of ratelimit on shareinfo endpoint
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerApplication specific tokens can change their own scope
8.8
First published (updated )
Nextcloud Nextcloud ServerAudit log is not properly logging unsetting of share expiration date
3.3
First published (updated )
Nextcloud Nextcloud ServerFilenames not escaped by default in controllers using DownloadResponse
8.8
First published (updated )
Nextcloud Nextcloud ServerRatelimit not applied on OCS API responses
5.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of…
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerMalicious user could break user administration page
4.3
First published (updated )
Nextcloud Nextcloud ServerTrusted servers exchange can be triggered by attacker
8.6
First published (updated )
Nextcloud Nextcloud ServerFiles Drop public link can be added as federated share
3.5
First published (updated )
Nextcloud Nextcloud ServerAttacker can obtain write access to any federated share/public link
9.1
First published (updated )
Nextcloud Nextcloud ServerDefault settings leak federated cloud ID to lookup server of all users
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.