1086 matches found
CVE-2025-47791 Nextcloud Server's test remote endpoint is not rate limited
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests...
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...
CVE-2025-47790
Nextcloud Server and Enterprise Server are affected by a session-handling bug that can skip the second-factor authentication after a successful login when remember_login_cookie_lifetime is set to 0 and the session times out. Affected versions: Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3...
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...
Bypass group folder quota limit using attachment in text file
None...
Test remote endpoint is not rate limited
None...
Second factor not requested after session timeout
None...
PT-2025-21657 · Nextcloud +1 · Nextcloud Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.13 Nextcloud Server versions prior to 29.0.10 Nextcloud Server versions prior to 30.0.3 Nextcloud Enterprise Server versions prior to 28.0.13 Nextcloud Enterprise Server versions prior to 29.0.10...
PT-2025-21661 · Nextcloud +1 · Nextcloud Enterprise Server +3
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 30.0.2 Nextcloud Server versions prior to 29.0.9 Nextcloud Server versions prior to 28.0.1 Nextcloud Enterprise Server versions prior to 30.0.2 Nextcloud Enterprise Server versions prior to 29.0.9 Nextcloud...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of sensitive information in unencrypted form, allowing attackers to gain access to confidential data.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of passwords in an unencrypted form during session data. Exploiting this vulnerability can allow attackers to gain access to confidential information...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server allows attackers to gain unauthorized access to protected information, thereby enabling them to compromise the security of these systems.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server relates to the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the authentication procedures’ deficiencies, which allow attackers to disclose protected information.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...
The vulnerability of cloud software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insecure management of privileges, which allows attackers to disclose protected information.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insecure management of privileges. Exploiting this vulnerability can allow a malicious actor, operating remotely, to expose protected information...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the lack of security measures for website structures, allowing attackers to trigger service failures.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to the lack of protective measures for the website structure. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insufficient protection of sensitive data, allowing attackers to influence privacy issues.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to influence the confidentiality of sensitive information...
The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution is related to improper access control, allowing attackers to gain access to confidential information.
The vulnerability of cloud-based software for creating and using Nextcloud Server storage solutions is related to improper access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information...
Nextcloud Server 28.x < 28.0.11, 29.x < 29.0.8, 30.x < 30.0.1 Multiple Vulnerabilities
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...
Nextcloud Server 27.x < 27.1.10, 28.x < 28.0.6, 29.x < 29.0.1 Incomplete Sanitization Vulnerability
Nextcloud Server is prone to an incomplete sanitization vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server 27.x < 27.1.9, 28.x < 28.0.5 Access Control Vulnerability
Nextcloud Server is prone to an access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server 28.x < 28.0.9, 29.x < 29.0.5 Access Control Vulnerability
Nextcloud Server is prone to an access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...