Filter
Software
nextcloud nextcloud server
159
nextcloud nextcloud
28
nextcloud desktop
24
nextcloud deck
15
nextcloud talk
14
nextcloud mail
12
nextcloud richdocuments
8
nextcloud calendar
6
nextcloud nextcloud enterprise server
6
nextcloud nextcloud mail
5
nextcloud talk android
5
nextcloud contacts
4
nextcloud user oidc
4
nextcloud circles
3
nextcloud end-to-end encryption
2
nextcloud guests
2
nextcloud nextcloud talk
2
nextcloud notes
2
nextcloud openid connect user backend
2
nextcloud preferred providers
2
nextcloud server
2
nextcloud social
2
nextcloud cookbook
1
nextcloud extract
1
nextcloud files access control
1
nextcloud global site selector
1
nextcloud group folders
1
nextcloud lookup-server
1
nextcloud news
1
nextcloud nextcloud files automated tagging
1
nextcloud officeonline
1
nextcloud password policy
1
nextcloud sso \& saml authentication
1
nextcloud zipper
1
Nextcloud Nextcloud ServerNextcloud Server's brute force protection allows someone to send more requests than intended
8.7
First published (updated )
Nextcloud Nextcloud ServerNextcloud user scoped external storage can be used to gather credentials of other users
8.8
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server password reset endpoint is not brute force protected
9.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server user_ldap app logs user passwords in the log file on level debug
4.4
First published (updated )
Nextcloud calendarCalendar app returns full stacktrace when an error happens while editing appointment
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud DeckNextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache
5.8
First published (updated )
Nextcloud Talk AndroidPasscode bypass on Talk-Android app
2.1
First published (updated )
Nextcloud DesktopNextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link
8.8
First published (updated )
Nextcloud NewsIntent URI permissions manipulation in nextcloud news-android
7.1
First published (updated )
Nextcloud ServerFile Traversal affecting SVG files on Nextcloud Server
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud ServerTwo-Factor Authentication not enforced for pages marked as public
6.5
First published (updated )
Nextcloud Nextcloud ServerRate-limits not working on instances without configured memory cache backend
8.1
First published (updated )
Nextcloud Nextcloud MailBypass of image blocking in Nextcloud Mail
4.3
First published (updated )
Nextcloud Nextcloud MailMissing permission check on email metadata retrieval
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud MailA missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
7
First published (updated )
Nextcloud DeckCross-site Scripting when sending HTML as a comment in the Nextcloud Deck app
5.4
EPSS
0.05%
First published (updated )
Nextcloud Nextcloud ServerNextcloud Server vulnerable to open redirect on "Unsupported browser" warning
6.1
First published (updated )
Nextcloud Nextcloud ServerNextcloud system addressbooks can be modified by malicious trusted server
8.1
First published (updated )
Nextcloud guestsAll users can reset the allowed apps list for Nextcloud Guest App users
4.3
EPSS
0.05%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerNextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name
5.4
First published (updated )
Nextcloud Nextcloud ServerMissing password confirmation when creating app passwords
8.1
First published (updated )
Nextcloud Nextcloud ServerMissing brute force protection on password reset token OAuth2 API controller
5.8
First published (updated )
Nextcloud Nextcloud ServerText does not respect "Allow download" permissions
4.3
First published (updated )
Nextcloud Nextcloud ServerAdvanced permissions not respected when copying entire group folders
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Nextcloud Nextcloud ServerExistence of calendars and address books can be checked by unauthenticated users
5.3
First published (updated )
Nextcloud Talk AndroidPath traversal allows tricking the Talk Android app into writing files into it's root directory
7.8
First published (updated )
Nextcloud NotesNotes attachment render HTML in preview mode
6.1
First published (updated )
Nextcloud Nextcloud ServerUsers can delete external storage mount points
7.7
First published (updated )
Nextcloud User OidcIssuer not verified from obtained token in user_oidc
4.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.