Medium
CVE-2026-45810
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticate…
Tag: Nextcloud
All CVEs associated with "Nextcloud". Page 1/4 • 389 CVEs.
About “Nextcloud”
A curated feed of “Nextcloud”-related CVEs appears below. We currently track 389 CVEs for this tag (all time). In the last 365 days, 56 were published. Average CVSS is 5.2 (all time; 5.1 over 365d), and 16% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-639 - Authorization Bypass Through User-Controlled Key, CWE-284 - Improper Access Control, CWE-287 - Improper Authentication.
In our taxonomy this topic maps to a MODERATE impact class. CMS and plugins expand attack surface. Patch core, themes, and plugins, remove abandoned extensions, restrict admin access, enable WAF, and keep backups. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: nextcloud
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| 33 | 33.0.5 | |||
| 32 | 32.0.11 | Soon | ||
| 31 | 31.0.14 | Expired | ||
| 30 | 30.0.17 | Expired | ||
| 29 | 29.0.16 | Expired | ||
| 28 | 28.0.14 | Expired | ||
| 27 | 27.1.11 | Expired | ||
| 26 | 26.0.13 | Expired | ||
| 25 | 25.0.13 | Expired | ||
| 24 | 24.0.12 | Expired | ||
| 23 | 23.0.12 | Expired | ||
| 22 | 22.2.10 | Expired | ||
| 21 | 21.0.9 | Expired | ||
| 20 | 20.0.14 | Expired | ||
| 19 | 19.0.13 | Expired | ||
| 18 | 18.0.14 | Expired | ||
| 17 | 17.0.10 | Expired | ||
| 16 | 16.0.11 | Expired | ||
| 15 | 15.0.14 | Expired | ||
| 14 | 14.0.14 | Expired | ||
| 13 | 13.0.12 | Expired | ||
| 12 | 12.0.13 | Expired | ||
| 11 | 11.0.8 | Expired | ||
| 10 | 10.0.6 | Expired | ||
| 9 | 9.1.3 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “Nextcloud” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-06-01
High
CVE-2026-45722
Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the…
Medium
CVE-2026-45691
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful…
Medium
CVE-2026-45690
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed atta…
High
CVE-2026-45545
Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker wi…
Medium
CVE-2026-45544
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. Th…
Medium
CVE-2026-45543
Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the af…
Medium
CVE-2026-45286
Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance…
Medium
CVE-2026-45285
Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes…
Medium
CVE-2026-45284
Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user…
Medium
CVE-2026-45283
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ow…
Medium
CVE-2026-45282
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of…
High
CVE-2026-45281
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an…
Medium
CVE-2026-45279
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config…
Low
CVE-2026-45278
Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses…
Low
CVE-2026-45277
Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can req…
Medium
CVE-2026-45275
Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to f…
Medium
CVE-2026-45267
Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been p…
Low
CVE-2026-45266
Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-…
Medium
CVE-2026-45264
Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before…
Low
CVE-2026-45159
Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with…
Medium
CVE-2026-45157
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of…
High
CVE-2026-45156
Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowe…
Low
CVE-2026-45155
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add u…
Low
CVE-2026-45154
Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests wi…
Medium
CVE-2026-45153
Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud…
2026-05-14
Low
CVE-2026-44515
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (via the web interface or the API). In affected versi…
2026-04-09
Medium
CVE-2026-35624
OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms…
2026-03-31
Medium
CVE-2026-33580
OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach…
2026-03-26
Medium
CVE-2026-28503
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the `SyncViewSet.query_synced_folder()` action in `cookbook/views/api.…
2026-03-19
Medium
CVE-2026-28449
OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and…
2026-03-05
Critical
CVE-2026-28474
OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room al…
2026-02-15
Medium
CVE-2019-25368
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDri…
2025-12-12
Medium
CVE-2025-64011
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other use…
2025-12-05
Low
CVE-2025-66558
Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly…
Medium
CVE-2025-66557
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic a…
Low
CVE-2025-66556
Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conve…
Low
CVE-2025-66554
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation…
Medium
CVE-2025-66553
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app b…
Medium
CVE-2025-66551
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table.…
Low
CVE-2025-66549
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server…
Low
CVE-2025-66548
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be…
Low
CVE-2025-66545
Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permissi…
Low
CVE-2025-66515
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into…
Low
CVE-2025-66514
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML…
Medium
CVE-2025-66513
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the…
Medium
CVE-2025-66552
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to…
Medium
CVE-2025-66550
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the…
Medium
CVE-2025-66547
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bu…
Low
CVE-2025-66546
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. T…
Medium
CVE-2025-66512
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the conten…
Medium
CVE-2025-66511
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid pa…
Medium
CVE-2025-66510
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contac…
2025-12-04
Medium
CVE-2025-59788
Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.…
2025-12-03
Critical
CVE-2025-66208
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online…
2025-10-16
Medium
CVE-2025-58051
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their for…
2025-05-16
Low
CVE-2025-47794
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13,…
Medium
CVE-2025-47793
Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.…
Medium
CVE-2025-47792
Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost…
Medium
CVE-2025-47791
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently u…
Medium
CVE-2025-47790
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.…
2024-11-15
Medium
CVE-2024-52514
Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the inter…
Low
CVE-2024-52513
Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Tex…
Low
CVE-2024-52512
user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It…
Medium
CVE-2024-52511
Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no ac…
Medium
CVE-2024-52510
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if…
Low
CVE-2024-52509
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This…
High
CVE-2024-52508
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support aut…
Low
CVE-2024-52507
Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limite…
Low
CVE-2024-52525
Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved i…
Medium
CVE-2024-52523
Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend…
Low
CVE-2024-52521
Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely bein…
Medium
CVE-2024-52520
Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-…
Low
CVE-2024-52519
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud…
Medium
CVE-2024-52518
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storag…
Medium
CVE-2024-52517
Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain t…
Low
CVE-2024-52516
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously sh…
Medium
CVE-2024-52515
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If t…
2024-09-16
Critical
CVE-2024-46958
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.
2024-06-14
Low
CVE-2024-37887
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.…
Medium
CVE-2024-37886
user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that th…
Low
CVE-2024-37885
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starti…
Low
CVE-2024-37884
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that…
Medium
CVE-2024-37883
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comme…
High
CVE-2024-37882
Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server i…
Medium
CVE-2024-37317
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app w…
Medium
CVE-2024-37316
Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommend…
Low
CVE-2024-37315
Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is reco…
Low
CVE-2024-37314
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud E…
High
CVE-2024-37313
Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommende…
Medium
CVE-2024-37312
user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is availab…
2024-01-18
Medium
CVE-2024-22404
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It…
Medium
CVE-2024-22402
Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed t…
Medium
CVE-2024-22401
Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that wer…
Low
CVE-2024-22403
Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any tim…
Low
CVE-2024-22400
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It…
Low
CVE-2024-22213
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious…
Critical
CVE-2024-22212
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an att…
2023-12-22
Medium
CVE-2023-49792
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions…
Medium
CVE-2023-49791
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions…
Medium
CVE-2023-49790
The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN…
Low
CVE-2023-48308
Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is re…
2023-12-08
High
CVE-2023-49782
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.ph…
2023-12-01
High
CVE-2023-48314
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. T…
2023-11-21
Low
CVE-2023-48307
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the…
Medium
CVE-2023-48306
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in v…
Medium
CVE-2023-48305
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Ent…
Medium
CVE-2023-48304
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in v…
Low
CVE-2023-48303
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Ent…
Low
CVE-2023-48302
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Ent…
Low
CVE-2023-48301
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Ent…
High
CVE-2023-48239
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in v…
2023-10-16
Medium
CVE-2023-45150
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabyt…
Medium
CVE-2023-45149
Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validati…
Medium
CVE-2023-45660
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial…
Medium
CVE-2023-45151
Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially el…
Medium
CVE-2023-45148
Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than…
2023-10-13
Medium
CVE-2023-39960
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server star…
2023-08-10
High
CVE-2023-39963
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9,…
High
CVE-2023-39962
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12…