Lucene search
+L

9 matches found

osv
osv
added 2026/06/01 5:9 p.m.3 views

CVE-2026-45691 Nextcloud: Bypass of second factor authentication on DAV endpoints

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS5.9AI score0.0029EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/06/01 4:53 p.m.9 views

CVE-2026-45283

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the fileslock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or...

6.3CVSS5.7AI score0.00211EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/06/01 4:53 p.m.36 views

CVE-2026-45283 Nextcloud: Files Lock app allows users to lock and unlock files of other users

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the fileslock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or...

6.3CVSS0.00211EPSS
Exploits0References3
euvd
euvd
added 2026/06/01 4:52 p.m.15 views

EUVD-2026-33706

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the...

8.1CVSS5.7AI score0.00284EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/01 4:39 p.m.9 views

CVE-2026-45157 Nextcloud: Valid share tokens allow to access tempory upload files of share owner

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS5.7AI score0.00231EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/01 4:37 p.m.36 views

CVE-2026-45153 Nextcloud: PIN bypass in PassCodeActivity via back button

Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud Files app PIN. This issue has been patched in version 33.1.0...

4.6CVSS0.00153EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.25 views

PT-2026-45469

Name of the Vulnerable Software and Affected Versions Nextcloud versions 33.0.0 through 33.0.x Description An issue exists in the Nextcloud Files app for Android where the PIN can be bypassed. After unlocking a locked Android phone, the back-button can be used to circumvent the PIN requirement...

4.6CVSS6.1AI score0.00153EPSS
Exploits0References8
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.12 views

Nextcloud Android app 授权问题漏洞

The Nextcloud Android app is a mobile application developed by the German company Nextcloud, designed for accessing Nextcloud servers on the Android platform. In versions 33.0.0 to 33.1.0 of the Nextcloud Android app, there was an authorization vulnerability. This vulnerability occurred when...

4.6CVSS5.3AI score0.00153EPSS
Exploits0References3
snyk
snyk
added 2026/02/12 10:13 p.m.9 views

Information Exposure

Overview @directus/api is a real-time API and App dashboard for managing SQL database content Affected versions of this package are vulnerable to Information Exposure via the password reset functionality. An attacker can determine the existence of user accounts by measuring response time...

6.9CVSS5.8AI score0.00349EPSS
Exploits0References2
Rows per page
Query Builder