1082 matches found
CVE-2025-66547 Nextcloud Server users can modify tags on files that do not belong to them
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1...
CVE-2025-66547 Nextcloud Server users can modify tags on files that do not belong to them
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1...
CVE-2025-66547
Nextcloud Server (and Enterprise Server) prior to 31.0.1 contains a vulnerability where non-privileged users can modify tags on files they should not access via bulk tagging. Affected product: Nextcloud Server/Enterprise Server; vulnerable component: file tagging mechanism. Root cause details are...
CVE-2025-66547 Nextcloud Server users can modify tags on files that do not belong to them
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1...
CVE-2025-66512
Nextcloud Server and Server Enterprise before 31.0.12 and 32.0.3 have a missing sanitization that can be exploited to bypass content security policy when a user is tricked into viewing a crafted SVG outside the Nextcloud UI, enabling cross-site scripting. Fedora advisories FEDORA-2025-86c0829159 ...
EUVD-2025-201449
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...
CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...
CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...
CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...
CVE-2025-66510
CVE-2025-66510 affects Nextcloud Server and Nextcloud Enterprise Server where the contact search feature can disclose personal data (emails, names, identifiers) of other users to authenticated users due to improper access control. Affected versions include Nextcloud Server prior to 31.0.10 and 32...
CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
EUVD-2025-201451
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
XSS in SVG images when opened outside of Nextcloud
None...
Calendar attachments of local files are offered to downloaded
None...
admin_audit does not log all actions on files in groupfolders
None...
PT-2025-49268
Name of the Vulnerable Software and Affected Versions Nextcloud Server and Enterprise Server versions prior to 31.0.1 Description Non-privileged users can modify tags on files they should not have access to through bulk tagging. This affects a self-hosted personal cloud system. Recommendations...
PT-2025-49265
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
PT-2025-49267
Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 31.0.12 Nextcloud Server Enterprise versions prior to 31.0.12 Nextcloud Server versions prior to 32.0.3 Nextcloud Server Enterprise versions prior to 32.0.3 Description Nextcloud Server and Server Enterprise...