Filter
AND
AND
-Infinity
0
Trending
Nextcloud ServerNextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF
9.8
First published (updated )
Nextcloud ServerBruteforce protection can be bypassed with misconfigured proxy
9.8
First published (updated )
Nextcloud ServerScope of workflow operations is not validated in nextcloud server
9.1
First published (updated )
Nextcloud ServerNextcloud Server password reset endpoint is not brute force protected
9.1
First published (updated )
Nextcloud ServerOAuth2 client_secret stored in plain text in the Nextcloud database
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud ServerUnrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server
8.8
First published (updated )
Nextcloud ServerPotential share collision for recipients when caching is enabled in nextcloud server
8.8
First published (updated )
Nextcloud ServerUsers can set up workflows using restricted and invisible system tags in Nextcloud
8.8
First published (updated )
Nextcloud ServerNextcloud user scoped external storage can be used to gather credentials of other users
8.8
First published (updated )
Nextcloud ServerNextcloud Server's brute force protection allows someone to send more requests than intended
8.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud ServerNextcloud Server users can make external storage mount points inaccessible for other users
8.5
First published (updated )
Nextcloud ServerBasic auth header on WebDAV requests is not brute-force protected in Nextcloud
8.1
First published (updated )
Nextcloud ServerNextcloud Server can reshare read&share only folder with more permissions
8.1
First published (updated )
Nextcloud ServerMissing password confirmation when creating app passwords
8.1
First published (updated )
Nextcloud ServerNextcloud system addressbooks can be modified by malicious trusted server
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud ServerNextcloud Server and Enterprise Server missing brute force protection on password confirmation modal
7.8
First published (updated )
Nextcloud ServerUsers can delete external storage mount points
7.7
First published (updated )
Nextcloud ServerNextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint
7.5
First published (updated )
Nextcloud ServerDirectory traversal in Nextcloud server
7.5
First published (updated )
Nextcloud ServerNextcloud download permissions can be changed by resharer
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud ServerInsecure randomness for default password in nextcloud
7.5
First published (updated )
Nextcloud ServerReference fetch can saturate the server bandwidth for 10 seconds in nextcloud server
7.5
First published (updated )
Nextcloud ServerNextcloud Server missing brute force protection for passwords of password protected share links
7.5
First published (updated )
Nextcloud ServerMissing brute force protection on password reset token in Nextcloud Server
7.1
First published (updated )
Nextcloud Servernextcloud vulnerable to Uncontrolled Resource Consumption
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud ServerUser without download rights can download older version of that file in nextcloud server
6.5
First published (updated )
Nextcloud ServerAdvanced permissions not respected when copying entire group folders
6.5
First published (updated )
Nextcloud ServerNextcloud Server's global credentials of external storages are sent back to the frontend
5.9
First published (updated )
Nextcloud ServerMissing brute force protection on password reset token OAuth2 API controller
5.8
First published (updated )
Nextcloud ServerNextcloud Server's users can delete old versions of read-only shared files
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.