ROS-20241203-08

Vulnerability in Nextcloud cloud storage creation and utilization software Server is related to the ability to download larger-than-expected websites to find Open-Graph data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution lies in the use of a name with an incorrect link, allowing attackers to access confidential information.

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to the use of a name with an incorrect link. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution is related to improper access control, allowing attackers to gain access to confidential information.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage solutions is related to improper access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information...

Nextcloud Access Control Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an Access Control Error vulnerability that stems from the fact that when a file is blocked by access control, users can still copy an...

Nextcloud Information Disclosure Vulnerability (CNVD-2025-11223)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an information disclosure vulnerability that stems from the fact that after setting up user- or administrator-defined external storage...

ROS-20231121-04

Vulnerability in Nextcloud cloud storage creation and utilization software is related to improper access controls. Exploitation of the vulnerability could allow an intruder, acting remotely, to gain access to sensitive information Nextcloud cloud storage creation and utilization software...

Nextcloud Resource Management Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a resource management error vulnerability that stems from the fact that due to a pre-sent HEAD request, the link reference provider...

Nextcloud Information Disclosure Vulnerability (CNVD-2025-11221)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an information disclosure vulnerability that stems from the fact that after storing "global credentials" on the server, the API returns...

Nextcloud Information Disclosure Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an information disclosure vulnerability that originates when a malicious user downloads attachments referenced in a text file without...

Nextcloud Authorization Issues Vulnerability (CNVD-2025-11222)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an authorization issue vulnerability that originates when an attacker gains access to a user or administrator session to create, change...

Nextcloud Server 27.x < 27.1.9, 28.x < 28.0.5 Access Control Vulnerability

Nextcloud Server is prone to an access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server 28.x < 28.0.9, 29.x < 29.0.5 Access Control Vulnerability

Nextcloud Server is prone to an access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server 28.x < 28.0.10, 29.x < 29.0.7 Multiple Vulnerabilities

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Nextcloud Server 27.x < 27.1.10, 28.x < 28.0.6, 29.x < 29.0.1 Incomplete Sanitization Vulnerability

Nextcloud Server is prone to an incomplete sanitization vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server 28.x < 28.0.11, 29.x < 29.0.8, 30.x < 30.0.1 Multiple Vulnerabilities

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Nextcloud Server 28.x < 28.0.12, 29.x < 29.0.9, 30.x < 30.0.2 Multiple Vulnerabilities

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

CVE-2024-52514

Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files...

CVE-2024-52513

Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to...

DEBIAN-CVE-2024-52510

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Deskt...

CVE-2024-52509

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...