CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2024/01/18 12:0 a.m.•4 views

Nextcloud Security Breach

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from the presence of a cross-site scripting XSS vulnerability. Affected products and versions: Deck 1.9.0 a...

5.4CVSS6AI score0.00505EPSS

Exploits1References4

CNNVD•added 2024/01/18 12:0 a.m.•2 views

Nextcloud Input Validation Error Vulnerability

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An input validation error vulnerability exists in Nextcloud User Saml that originates from allowing an attacker to turn on redirection in usersaml via the...

6.1CVSS6.8AI score0.00454EPSS

Exploits0References5

CNNVD•added 2024/01/18 12:0 a.m.•4 views

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from improper handling of request URLs, which allows users to load unallowed application pages...

5.4CVSS6.8AI score0.0051EPSS

CNNVD•added 2024/01/18 12:0 a.m.•4 views

Nextcloud Code Issues Vulnerabilities

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in versions of Nextcloud server prior to 28.0.0 that stems from an OAuth2 authorization code that is valid indefinitely,...

3.7CVSS7AI score0.00452EPSS

Positive Technologies•added 2024/01/18 12:0 a.m.•5 views

PT-2024-1285 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.0 Description: The issue concerns the expiration of OAuth codes in Nextcloud Server, a self-hosted personal cloud system. In affected versions, OAuth codes did not expire, allowing an attacker who gains...

9.8CVSS5.8AI score0.01041EPSS

Exploits6References99

Positive Technologies•added 2024/01/18 12:0 a.m.•6 views

PT-2024-19392 · Nextcloud · Nextcloud Guests App

Name of the Vulnerable Software and Affected Versions: Nextcloud Guests app versions prior to 2.4.1 Nextcloud Guests app versions prior to 2.5.1 Nextcloud Guests app versions prior to 3.0.1 Description: The Nextcloud guests app is a utility to create guest users which can only see files shared wi...

4.3CVSS4.4AI score0.00462EPSS

Exploits0References8

CNNVD•added 2024/01/18 12:0 a.m.•5 views

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud files Zip 1.2.0 and later, which originates from an attacker being able to download view-only files by...

4.3CVSS6.8AI score0.00517EPSS

OpenVAS•added 2024/01/18 12:0 a.m.•30 views

Nextcloud Server < 28.0.0 Improper Authorization Vulnerability (GHSA-wppc-f5g8-vx36)

Nextcloud Server is prone to an improper authorization vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

3.7CVSS4.3AI score0.00452EPSS

Hacker One•added 2024/01/10 2:55 p.m.•6 views

Nextcloud: Directory Listing of publicly available assets

The directory listing was configured to publicly display the files in the directory. This configuration is not recommended, as it may expose sensitive or confidential information...

6.8AI score

Hacker One•added 2024/01/08 9:26 a.m.•19 views

Nextcloud: Code injection in Nextcloud Desktop Client for macOS

The Nextcloud Desktop Client for macOS was found to be vulnerable to code injection. The vulnerability allowed untrusted input to be executed as code, potentially leading to a security breach...

7.8CVSS5.7AI score0.0032EPSS

Hacker One•added 2024/01/06 6:13 a.m.•4 views

Nextcloud: Email not verified when changing afterwards on apps.nextcloud.com

The email verification bypass vulnerability was discovered in the web application apps.nextcloud.com. The vulnerability allowed attackers to create accounts with any email address without verification, effectively taking over victim accounts...

6.9AI score

Hacker One•added 2023/12/29 11:33 a.m.•56 views

Nextcloud: xmlrpc.php &wp-cron.php files are enabled, and will used for (DDOS),(DOS) and broutforce users attack.

The xmlrpc.php and wp-cron.php files were found to be enabled on the target website, which could allow attackers to perform denial of service attacks. Username enumeration via the RSS generator identified several valid usernames. The xmlrpc.php file could be used to cause a DDOS attack by sending...

7.1AI score

SUSE CVE•added 2023/12/25 2:11 a.m.•2 views

SUSE CVE-2023-49791

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an...

5.4CVSS6.9AI score0.00608EPSS

SUSE CVE•added 2023/12/25 2:11 a.m.•4 views

SUSE CVE-2023-49792

9.8CVSS7.1AI score0.01041EPSS

NVD•added 2023/12/22 5:15 p.m.•27 views

CVE-2023-49792

9.8CVSS0.01041EPSS

NVD•added 2023/12/22 5:15 p.m.•18 views

CVE-2023-49791

5.4CVSS0.00608EPSS

NVD•added 2023/12/22 5:15 p.m.•45 views

CVE-2023-49790

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workaroun...

4.3CVSS0.00288EPSS