Lucene search
K

4993 matches found

NVD
NVD
added 2025/12/05 6:15 p.m.9 views

CVE-2025-66551

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3...

6.3CVSS0.00206EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 6:15 p.m.6 views

CVE-2025-66515

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

2.7CVSS0.00261EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 6:15 p.m.6 views

CVE-2025-66548

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

5.5CVSS0.00125EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 6:15 p.m.14 views

CVE-2025-66513

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...

5.3CVSS0.0024EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 6:15 p.m.8 views

CVE-2025-66514

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

5.4CVSS0.00204EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 6:15 p.m.4 views

UBUNTU-CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.7CVSS5.7AI score0.00242EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/05 6:0 p.m.22 views

CVE-2025-66558 Nextcloud Twofactor WebAuthn app was updated based on public key

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

3.1CVSS0.00226EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 6:0 p.m.5 views

EUVD-2025-201460

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

3.1CVSS6.1AI score0.00226EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 6:0 p.m.14 views

CVE-2025-66558

The issue affects Nextcloud Twofactor WebAuthn (WebAuthn Two-Factor Provider). Before versions 1.4.2 and 2.4.1, a missing ownership check allowed an attacker to remove a victim’s WebAuthn 2FA device by correctly guessing an 80–128 character random string. After a successful guess, the victim was ...

4.3CVSS6.2AI score0.00226EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/05 6:0 p.m.6 views

CVE-2025-66558 Nextcloud Twofactor WebAuthn app was updated based on public key

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

3.1CVSS6.2AI score0.00226EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 6:0 p.m.7 views

CVE-2025-66558 Nextcloud Twofactor WebAuthn app was updated based on public key

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

3.1CVSS6.5AI score0.00226EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/05 5:56 p.m.4 views

CVE-2025-66556 Nextcloud talk allows participants to blindly delete poll drafts of other users by ID

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2...

3.5CVSS6.3AI score0.00206EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:56 p.m.12 views

CVE-2025-66556

Nextcloud Talk contains a vulnerability in which a participant with chat permissions could delete poll drafts belonging to other participants by ID. Affected software is Nextcloud Talk prior to versions 20.1.8 and 21.1.2. The issue is addressed by upgrading to 20.1.8 or 21.1.2 or later. The conne...

4.3CVSS6.3AI score0.00206EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/12/05 5:56 p.m.7 views

EUVD-2025-201458

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2...

3.5CVSS6.2AI score0.00206EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 5:56 p.m.20 views

CVE-2025-66556 Nextcloud talk allows participants to blindly delete poll drafts of other users by ID

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2...

3.5CVSS0.00206EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 5:56 p.m.4 views

CVE-2025-66556 Nextcloud talk allows participants to blindly delete poll drafts of other users by ID

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2...

3.5CVSS6.6AI score0.00206EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/05 5:50 p.m.22 views

CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

3.5CVSS0.00204EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:50 p.m.4 views

CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

3.5CVSS6.3AI score0.00204EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 5:50 p.m.4 views

EUVD-2025-201461

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

3.5CVSS6.1AI score0.00204EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:50 p.m.19 views

CVE-2025-66554

CVE-2025-66554 affects the Nextcloud Contacts app. Multiple sources (NVD, Red Hat, CIRCL, OSV, CVE list, GHSA advisory, and more) describe a Stored XSS vulnerability in which a malicious user could modify the organisation and title fields to load additional CSS files. The issue existed in affecte...

5.4CVSS6.3AI score0.00204EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder