Deck app allows to spoof file extensions by using RTLO characters

None...

Deck app allowed user with "Can share" permission to modify permissions of other non-owners

None...

@deck/app (>=1.0.1 <=1.4.11), octophant (=0.1.0) potentially affected by unknown CVE via rimraf-glob (=0.0.0)

rimraf-glob NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on rimraf-glob and may be impacted: - @deck/app =1.0.1, =1.4.11 - octophant =0.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-32233...

Nextcloud: Deck app allowed user with "Can share" permission to modify permissions of other non-owners

The Deck app in Nextcloud allowed users with "Can share" permission to modify the permissions of other non-owners...

CVE-2021-39225

Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3...

CVE-2024-22213 Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the...

Nextcloud: Possibility to delete files attached to deck cards of other users

Hi everyone, Hope you are well ! I come to report here an IDOR vulnerability on the Deck application of Nextcloud, allowing to delete any attached files on any cards. Nextcloud deck app version : latest stable 1.8.0 Steps To Reproduce: The Nextcloud Deck application now offers the ability to add ...

Possibility for anyone to add a stack with existing tasks on anyone's board in the Deck app

None...

Error in deleting deck cards attachment reveals the full application path

None...