CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1082 matches found

OpenVAS•added 2023/12/20 12:0 a.m.•25 views

Nextcloud Server Multiple Vulnerabilities (GHSA-3f8p-6qww-2prr, GHSA-5j2p-q736-hw98)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

9.8CVSS5.8AI score0.01041EPSS

Exploits0References2

Nextcloud•added 2023/12/18 8:27 a.m.•60 views

Bruteforce protection can be bypassed with misconfigured proxy

None...

9.8CVSS8.5AI score0.01041EPSS

Exploits0References2Affected Software1

OpenVAS•added 2023/11/22 12:0 a.m.•23 views

Nextcloud Server < 20.0.14.16, 21.x < 21.0.9.13, 22.x < 22.2.10.15, 23.x < 23.0.12.12, 24.x < 24.0.12.8, 25.x < 25.0.13, 26.x < 26.0.8, 27.x < 27.1.3 Improper Access Control Vulnerability (GHSA-f962-hw26-g267)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.5CVSS7.6AI score0.0095EPSS

Exploits1References1

OpenVAS•added 2023/11/22 12:0 a.m.•22 views

Nextcloud Server < 22.2.10.16, 23.x < 23.0.12.11, 24.x <24.0.12.7, 25.x < 25.0.11, 26.x < 26.0.6, 27.x < 27.1.0 Multiple Vulnerabilities (GHSA-8JWV-C8C8-9FR3, GHSA-8F69-F9JG-4X3V)

9.8CVSS7AI score0.00797EPSS

Exploits2References2

NVD•added 2023/11/21 11:15 p.m.•23 views

CVE-2023-48305

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the userldap app logged user passwords in...

4.4CVSS0.00246EPSS

Exploits1References4

NVD•added 2023/11/21 11:15 p.m.•25 views

CVE-2023-48306

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0...

9.8CVSS0.00797EPSS

Exploits1References3

OSV•added 2023/11/21 10:20 p.m.•22 views

CVE-2023-48306 Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0...

5CVSS9AI score0.00797EPSS

Exploits1References5

Cvelist•added 2023/11/21 10:17 p.m.•53 views

CVE-2023-48305 Nextcloud Server user_ldap app logs user passwords in the log file on level debug

4.2CVSS4.9AI score0.00246EPSS

Exploits1References4

NVD•added 2023/11/21 10:15 p.m.•16 views

CVE-2023-48303

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage...

2.7CVSS0.00671EPSS

Exploits0References3

Prion•added 2023/11/21 10:15 p.m.•19 views

Code injection

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clickin...

4.9CVSS6.9AI score0.0064EPSS

Exploits1References3Affected Software1

Prion•added 2023/11/21 10:15 p.m.•25 views

Code injection

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...

4.9CVSS7AI score0.00571EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/11/21 10:6 p.m.•23 views

CVE-2023-48304 Nextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0...

4.3CVSS5.2AI score0.00604EPSS

Exploits1References3

CVE•added 2023/11/21 10:6 p.m.•83 views

CVE-2023-48304

CVE-2023-48304 affects Nextcloud Server (and Enterprise) where an attacker could enable/disable the birthday calendar for any user on the same server. Patches exist for Nextcloud Server versions 25.0.11, 26.0.6, and 27.1.0, and for Nextcloud Enterprise Server versions 22.2.10.16, 23.0.12.11, 24.0...

4.3CVSS4.4AI score0.00604EPSS

Exploits1References3Affected Software1

Cvelist•added 2023/11/21 9:26 p.m.•29 views

CVE-2023-48301 Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name

3.5CVSS5.6AI score0.0064EPSS

Exploits1References3

OSV•added 2023/11/21 9:2 p.m.•24 views

CVE-2023-48239 Nextcloud Server users can make external storage mount points inaccessible for other users

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8,...

8.5CVSS7AI score0.0095EPSS

Exploits1References5

Vulnrichment•added 2023/11/21 9:2 p.m.•8 views

CVE-2023-48239 Nextcloud Server users can make external storage mount points inaccessible for other users

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8,...

8.5CVSS7.4AI score0.0095EPSS

Exploits1References3

CVE•added 2023/11/21 9:2 p.m.•139 views

CVE-2023-48239

Nextcloud Server vulnerable to an issue where a malicious user could update external storage, rendering it inaccessible for others. Affected: Nextcloud Server 25.0.0–25.0.12.x, 26.0.0–26.0.7.x, 27.0.x up to 27.1.2.x; Nextcloud Enterprise Server versions with corresponding prior branches. Patched ...

8.5CVSS7AI score0.0095EPSS

Exploits1References3Affected Software1

Nextcloud•added 2023/11/21 5:27 a.m.•26 views

HTML injection in search UI when selecting a circle with HTML in the display name

None...

5.4CVSS5.4AI score0.0064EPSS

Exploits1References2Affected Software1

Nextcloud•added 2023/11/21 5:24 a.m.•30 views

Self XSS when pasting HTML into Text app with Ctrl+Shift+V

None...

5.4CVSS5.4AI score0.00571EPSS

Exploits0References2Affected Software1