Filter
AND
AND
Nextcloud Nextcloud ServerNextcloud Server's brute force protection allows someone to send more requests than intended
8.7
First published (updated )
Nextcloud Nextcloud ServerNextcloud user scoped external storage can be used to gather credentials of other users
8.8
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server password reset endpoint is not brute force protected
9.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud system addressbooks can be modified by malicious trusted server
8.1
First published (updated )
Nextcloud Nextcloud ServerMissing password confirmation when creating app passwords
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerMissing brute force protection on password reset token OAuth2 API controller
5.8
First published (updated )
Nextcloud Nextcloud ServerAdvanced permissions not respected when copying entire group folders
6.5
First published (updated )
Nextcloud Nextcloud ServerUsers can delete external storage mount points
7.7
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint
7.5
First published (updated )
Nextcloud Nextcloud ServerRate limiter not working reliable when Memcached is installed in Nextcloud
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerWorkflows do not require password confirmation on API level
5.4
First published (updated )
Nextcloud Nextcloud ServerBruteforce protection can be bypassed with misconfigured proxy
9.8
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's read-only users can restore old versions
4.3
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server has no password length limit when creating a user as an administrator
2.7
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server's calendar name length not validated before writing to database
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud Enterprise ServerMissing length validation of user displayname in nextcloud server
6.5
First published (updated )
Nextcloud Nextcloud ServerMissing brute force protection on cloud federation sharing in Nextcloud Server
6.5
First published (updated )
Nextcloud Nextcloud ServerFederated share accepting/declining is not logged in audit log in Nextcloud Server
2.7
First published (updated )
Nextcloud Nextcloud ServerSMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server
5.4
First published (updated )
Nextcloud Nextcloud ServerBypass of password requirements when sharing a folder via the Circles app in Nextcloud Server
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerPossible Injection in Nextcloud Server
First published (updated )
Nextcloud Nextcloud ServerInsufficient Verification of Data Authenticity in Nextcloud Server
4.3
First published (updated )
Nextcloud Nextcloud ServerHigh memory usage in Nextcloud server
6.5
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server users can make external storage mount points inaccessible for other users
8.5
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF
9.8
First published (updated )
Nextcloud Nextcloud ServerUsers can set up workflows using restricted and invisible system tags in Nextcloud
8.8
First published (updated )
Nextcloud Nextcloud ServerUnrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server
8.8
First published (updated )
Nextcloud Nextcloud ServerInsecure randomness for default password in nextcloud
7.5
First published (updated )
Nextcloud Nextcloud ServerFull path of data directory exposed to Nextcloud server users
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.