Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4969 matches found

Prion
Prionadded 2021/09/07 9:15 p.m.15 views

Design/Logic Flaw

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...

5CVSS5.2AI score0.01336EPSS
Exploits0References3Affected Software1
Prion
Prionadded 2021/09/07 9:15 p.m.18 views

Design/Logic Flaw

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features "Upload Only" public link shares in Nextcloud can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended th...

5CVSS7.4AI score0.02023EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2021/09/07 9:5 p.m.108 views

CVE-2021-32766

CVE-2021-32766 affects Nextcloud Text (bundled with Nextcloud Server). The issue: in affected versions, error messages differ based on whether a folder exists in a public File Drop share, allowing an attacker with a valid File Drop link to enumerate folders/files. Impact is information disclosure...

5.3CVSS7AI score0.013EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2021/09/07 9:5 p.m.19 views

CVE-2021-32766 Nextcloud Text app can disclose existence of folders in "File Drop" link share

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link sha...

5.3CVSS7.3AI score0.013EPSS
Exploits0References3
CVE
CVEadded 2021/09/07 8:25 p.m.55 views

CVE-2021-37629

CVE-2021-37629 affects Nextcloud Richdocuments. The vulnerability arises from a lack of rate limiting on the Richdocuments OCS endpoint, enabling enumeration of potentially valid share tokens in affected versions. Upgrading the Richdocuments app to 3.8.4 or 4.2.1 resolves the issue; for users who...

5.3CVSS5.1AI score0.01336EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2021/09/07 8:25 p.m.18 views

CVE-2021-37629 Lack of ratelimit on Richdocuments OCS endpoint in nextcloud

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...

5.3CVSS5.4AI score0.01336EPSS
Exploits0References3
Cvelist
Cvelistadded 2021/09/07 8:15 p.m.20 views

CVE-2021-37628 File Drop can be bypassed using Richdocuments app in nextcloud

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features "Upload Only" public link shares in Nextcloud can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended th...

7.5CVSS7.6AI score0.02023EPSS
Exploits0References3
CVE
CVEadded 2021/09/07 8:15 p.m.71 views

CVE-2021-37628

The CVE-2021-37628 affects Nextcloud Richdocuments, an open-source collaborative office suite, where the File Drop feature (Upload Only public link shares) can be bypassed via the Richdocuments app. An attacker could read arbitrary files in such a share, indicating a serious information-disclosur...

7.5CVSS7.4AI score0.02023EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2021/09/07 8:15 p.m.14 views

CVE-2021-32782

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...

5.8CVSS0.00808EPSS
Exploits0References3
NVD
NVDadded 2021/09/07 8:15 p.m.14 views

CVE-2021-37631

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access t...

6.5CVSS0.01236EPSS
Exploits0References4
NVD
NVDadded 2021/09/07 8:15 p.m.15 views

CVE-2021-37630

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...

6.5CVSS0.01163EPSS
Exploits0References3
OSV
OSVadded 2021/09/07 8:15 p.m.14 views

CVE-2021-37630

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...

6.5CVSS6.7AI score
Exploits0References3
OSV
OSVadded 2021/09/07 8:15 p.m.14 views

CVE-2021-37631

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access t...

6.5CVSS7.1AI score
Exploits0References4
OSV
OSVadded 2021/09/07 8:15 p.m.12 views

CVE-2021-32782

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...

5.4CVSS5.5AI score
Exploits0References3
Prion
Prionadded 2021/09/07 8:15 p.m.21 views

Cross site scripting

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...

3.5CVSS5.1AI score0.00808EPSS
Exploits0References3Affected Software1
Prion
Prionadded 2021/09/07 8:15 p.m.14 views

Design/Logic Flaw

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access t...

4CVSS6.6AI score0.01236EPSS
Exploits0References4Affected Software1
Prion
Prionadded 2021/09/07 8:15 p.m.19 views

Design/Logic Flaw

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...

4CVSS6.4AI score0.01163EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2021/09/07 8:0 p.m.57 views

CVE-2021-32782

CVE-2021-32782 pertains to Nextcloud Circles and is a stored Cross-Site Scripting (XSS) vulnerability. The issue affects Nextcloud Circles and is mitigated in modern browsers that enforce Content-Security-Policy (CSP); exploitation is noted as not feasible on CSP-compliant browsers, but it remain...

5.8CVSS5.1AI score0.00808EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2021/09/07 8:0 p.m.20 views

CVE-2021-32782 Cross-Site Scripting in Nextcloud Circles

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...

5.8CVSS5.4AI score0.00808EPSS
Exploits0References3
Cvelist
Cvelistadded 2021/09/07 8:0 p.m.17 views

CVE-2021-37630 Secret Circle can be joined without approval in Nextcloud Circles

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...

6.5CVSS6.6AI score0.01163EPSS
Exploits0References3
Rows per page
Query Builder