Lucene search
K

4993 matches found

Fedora
Fedora
added 2025/12/21 12:51 a.m.9 views

[SECURITY] Fedora 42 Update: nextcloud-32.0.3-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

6.1CVSS6.9AI score0.00233EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/21 12:0 a.m.5 views

Fedora 43 : nextcloud (2025-86c0829159)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-86c0829159 advisory. 32.0.3 release, fixes RHBZ 2420196 RHBZ 2420197 RHBZ 2420198 RHBZ 2421368 Tenable has extracted the preceding description block directly from the...

6.1CVSS5.5AI score0.00233EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/12/15 12:0 a.m.5 views

Nextcloud Server IDOR Vulnerability (GHSA-h6j9-6xjq-44c4)

Nextcloud Server is prone to an Insecure Direct Object Reference IDOR vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS7AI score0.00237EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/13 12:16 a.m.7 views

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference IDOR in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such...

4.3CVSS6.7AI score0.00237EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/12 6:30 p.m.6 views

EUVD-2025-203106

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference IDOR in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such...

4.3CVSS6.2AI score0.00237EPSS
Exploits1References4
OSV
OSV
added 2025/12/12 5:15 p.m.6 views

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference IDOR in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such...

4.3CVSS6.6AI score
Exploits0References3
Hacker One
Hacker One
added 2025/12/12 2:53 p.m.12 views

Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution

Vulnerability description not provided...

8.2CVSS5.8AI score0.00318EPSS
Exploits0
Cvelist
Cvelist
added 2025/12/12 12:0 a.m.26 views

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference IDOR in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such...

0.00237EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50959

Name of the Vulnerable Software and Affected Versions Nextcloud Server version 30.0.0 Description Nextcloud Server 30.0.0 contains an Insecure Direct Object Reference IDOR issue in the /core/preview endpoint. An authenticated user can access previews of arbitrary files belonging to other users by...

4.3CVSS6.4AI score0.00237EPSS
Exploits1References15
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

Nextcloud Server 安全漏洞

Nextcloud Server is a Nextcloud server program from Nextcloud Open Source. A security vulnerability exists in Nextcloud Server version 30.0.0, which stems from the presence of an insecure direct object reference in the /core/preview endpoint that could lead to unauthorized access to sensitive dat...

4.3CVSS6.3AI score0.00237EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/12 12:0 a.m.4 views

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference IDOR in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such...

6.3AI score0.00237EPSS
Exploits1References3
CVE
CVE
added 2025/12/12 12:0 a.m.18 views

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. An authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter, enabling unauthorized disclosure of sensitive data (text, ...

4.3CVSS6.3AI score0.00237EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/11 5:16 a.m.8 views

CVE-2025-59788

A flaw was found in Nextcloud's PDF Portable Document Format viewer. This vulnerability allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html in the filespdfviewer example directory...

6.4CVSS6.9AI score0.00246EPSS
Exploits1References2
CNVD
CNVD
added 2025/12/10 12:0 a.m.2 views

Nextcloud Calendar Security Feature Issue Vulnerability

Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...

6.5CVSS6.8AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/09 8:27 a.m.17 views

CVE-2025-66514

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

5.4CVSS6.7AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/09 8:27 a.m.9 views

CVE-2025-66558

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

4.3CVSS6.6AI score0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/09 8:27 a.m.6 views

CVE-2025-66556

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2...

4.3CVSS6.7AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/09 8:27 a.m.6 views

CVE-2025-66554

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

5.4CVSS6.6AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/09 8:27 a.m.7 views

CVE-2025-66553

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4...

4.3CVSS6.5AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/09 8:27 a.m.5 views

CVE-2025-66513

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...

5.3CVSS6.5AI score0.0024EPSS
Exploits0References1
Rows per page
Query Builder