CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

133 matches found

RedhatCVE•added 2026/01/09 10:48 a.m.•6 views

CVE-2022-31119

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...

4.9CVSS7.1AI score0.00381EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:32 a.m.•2 views

CVE-2023-25160

Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for...

5.3CVSS6.8AI score0.00338EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:27 a.m.•9 views

CVE-2023-45660

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

4.3CVSS6.7AI score0.0013EPSS

Exploits0References1

RedhatCVE•added 2025/12/09 8:27 a.m.•6 views

CVE-2025-66514

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

5.4CVSS6.7AI score0.00016EPSS

Exploits0References1

NVD•added 2025/12/05 6:15 p.m.•3 views

CVE-2025-66514

5.4CVSS0.00016EPSS

Exploits0References4

OSV•added 2025/12/05 5:32 p.m.•2 views

CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text

3.5CVSS6.7AI score0.00016EPSS

Exploits0References6

Vulnrichment•added 2025/12/05 5:32 p.m.•2 views

CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text

3.5CVSS6.3AI score0.00016EPSS

Exploits0References4

EUVD•added 2025/12/05 5:32 p.m.•1 views

EUVD-2025-201464

3.5CVSS6.2AI score0.00016EPSS

Exploits0References4

CVE•added 2025/12/05 5:32 p.m.•7 views

CVE-2025-66514

Nextcloud Mail prior to version 5.5.3 contains a stored HTML injection issue in the message list that lets an authenticated user inject HTML into email subjects. The Nextcloud Server content security policy blocks Javascript, which mitigates some risk. The issue is addressed by upgrading to Nextc...

5.4CVSS6.3AI score0.00016EPSS

Exploits0References4Affected Software1

Cvelist•added 2025/12/05 5:32 p.m.•17 views

CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text

3.5CVSS0.00016EPSS

Exploits0References4

Positive Technologies•added 2025/12/05 12:0 a.m.•5 views

PT-2025-49294

Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions prior to 5.5.3 Description A stored HTML injection issue exists in the Mail app's message list, potentially allowing an authenticated user to inject HTML into email subjects. The Nextcloud Server’s content security poli...

5.4CVSS6.5AI score0.00016EPSS

Exploits0References10

CNNVD•added 2025/12/05 12:0 a.m.•2 views

Nextcloud Mail 跨站脚本漏洞

Nextcloud Mail is an email from Nextcloud Germany. A cross-site scripting vulnerability exists in versions of Nextcloud Mail prior to 5.5.3, which stems from the presence of stored HTML injection in mailing lists, which could lead to HTML injection attacks...

5.4CVSS6AI score0.00016EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-19503

Malware in sbrugna...

4.3CVSS4.6AI score0.00323EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-25593

Malware in sbrugna...

3.5CVSS4.6AI score0.00264EPSS

Exploits0References5