4993 matches found
CVE-2023-45148
Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgra...
CVE-2023-45149
Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the...
CVE-2023-45150
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...
CVE-2023-45660
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...
CVE-2023-31145
Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account...
CVE-2023-49782
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server richdocumentscode release 23.5.601...
CVE-2023-31128
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
CVE-2019-12739
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...
Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC
An authentication bypass vulnerability was discovered in the ID4me handling in the OIDC implementation. The vulnerability was caused by missing JWT signature verification for user authentication...
GHSA-3RG7-WF37-54RM vulnerabilities
Vulnerabilities for packages: nextcloud-server...
CVE-2025-64500 vulnerabilities
Vulnerabilities for packages: nextcloud-server...
CVE-2025-64500 vulnerabilities
Vulnerabilities for packages: nextcloud-server...
GHSA-3RG7-WF37-54RM vulnerabilities
Vulnerabilities for packages: nextcloud-server...
PT-2026-45472
Name of the Vulnerable Software and Affected Versions Nextcloud versions 0.3.0 through 3.0.x Nextcloud versions 5.0.0 through 5.0.x Nextcloud versions 6.0.0 through 6.3.x Description A missing signature verification in User OIDC allows a malicious ID4me authority to identify as any user. This...
Nextcloud: SVG filter primitives bypass remote image blocking, enabling email tracking without consent.
A vulnerability was discovered in the HTML sanitizer of the Roundcube webmail application. The sanitizer did not properly handle the SVG filter primitive, allowing external resources to be loaded even when the "Block remote images" setting was enabled. This vulnerability could be used to track...
Nextcloud: Valid share tokens allow to access tempory upload files of share owner
A vulnerability was discovered that allowed access to temporary upload files of a share owner using valid share tokens...
Nextcloud: Unauthenticated SSRF via Public Reference API -Sharing Token Bypass
Vulnerability description not provided...
Fedora: Security Advisory (FEDORA-2025-86c0829159)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-519240c972)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 43 Update: nextcloud-32.0.3-1.fc43
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...