Lucene search
K

1086 matches found

OSV
OSV
added 2025/05/16 2:9 p.m.4 views

CVE-2025-47791 Nextcloud Server's test remote endpoint is not rate limited

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests...

4.3CVSS6.5AI score0.00314EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/16 2:2 p.m.11 views

CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...

6.4CVSS7.2AI score0.00325EPSS
Exploits0References3
CVE
CVE
added 2025/05/16 2:2 p.m.85 views

CVE-2025-47790

Nextcloud Server and Enterprise Server are affected by a session-handling bug that can skip the second-factor authentication after a successful login when remember_login_cookie_lifetime is set to 0 and the session times out. Affected versions: Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3...

6.4CVSS6.5AI score0.00325EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/05/16 2:2 p.m.46 views

CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...

6.4CVSS0.00325EPSS
Exploits0References3
Nextcloud
Nextcloud
added 2025/05/16 8:11 a.m.15 views

Bypass group folder quota limit using attachment in text file

None...

6.5CVSS5.2AI score0.00662EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
added 2025/05/16 8:7 a.m.14 views

Test remote endpoint is not rate limited

None...

5.3CVSS5.2AI score0.00314EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
added 2025/05/16 8:5 a.m.44 views

Second factor not requested after session timeout

None...

6.4CVSS5.2AI score0.00325EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.7 views

PT-2025-21657 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.13 Nextcloud Server versions prior to 29.0.10 Nextcloud Server versions prior to 30.0.3 Nextcloud Enterprise Server versions prior to 28.0.13 Nextcloud Enterprise Server versions prior to 29.0.10...

4.3CVSS6.3AI score0.00662EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.4 views

PT-2025-21661 · Nextcloud +1 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 30.0.2 Nextcloud Server versions prior to 29.0.9 Nextcloud Server versions prior to 28.0.1 Nextcloud Enterprise Server versions prior to 30.0.2 Nextcloud Enterprise Server versions prior to 29.0.9 Nextcloud...

4.3CVSS6.3AI score0.00662EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.8 views

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of sensitive information in unencrypted form, allowing attackers to gain access to confidential data.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of passwords in an unencrypted form during session data. Exploiting this vulnerability can allow attackers to gain access to confidential information...

1.8CVSS5.5AI score0.00338EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.8 views

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server allows attackers to gain unauthorized access to protected information, thereby enabling them to compromise the security of these systems.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server relates to the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

2.7CVSS5.4AI score0.00491EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.5 views

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the authentication procedures’ deficiencies, which allow attackers to disclose protected information.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...

4.6CVSS5.5AI score0.00529EPSS
Exploits0References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.6 views

The vulnerability of cloud software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insecure management of privileges, which allows attackers to disclose protected information.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insecure management of privileges. Exploiting this vulnerability can allow a malicious actor, operating remotely, to expose protected information...

3CVSS5.4AI score0.00419EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.10 views

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the lack of security measures for website structures, allowing attackers to trigger service failures.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to the lack of protective measures for the website structure. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

6.8CVSS5.4AI score0.00779EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.9 views

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insufficient protection of sensitive data, allowing attackers to influence privacy issues.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to influence the confidentiality of sensitive information...

4.6CVSS5.5AI score0.0063EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/11/25 12:0 a.m.6 views

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution is related to improper access control, allowing attackers to gain access to confidential information.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage solutions is related to improper access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information...

4.1CVSS5.4AI score0.00471EPSS
Exploits0References6Affected Software3
OpenVAS
OpenVAS
added 2024/11/21 12:0 a.m.573 views

Nextcloud Server 28.x < 28.0.11, 29.x < 29.0.8, 30.x < 30.0.1 Multiple Vulnerabilities

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

5.9CVSS5.1AI score0.00589EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/11/21 12:0 a.m.15 views

Nextcloud Server 27.x < 27.1.10, 28.x < 28.0.6, 29.x < 29.0.1 Incomplete Sanitization Vulnerability

Nextcloud Server is prone to an incomplete sanitization vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.7AI score0.00652EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/11/21 12:0 a.m.17 views

Nextcloud Server 27.x < 27.1.9, 28.x < 28.0.5 Access Control Vulnerability

Nextcloud Server is prone to an access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.1CVSS6.6AI score0.00471EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/11/21 12:0 a.m.12 views

Nextcloud Server 28.x < 28.0.9, 29.x < 29.0.5 Access Control Vulnerability

Nextcloud Server is prone to an access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS4.8AI score0.00419EPSS
Exploits0References1
Rows per page
Query Builder