Lucene search
K

4993 matches found

OSV
OSV
added 2025/12/05 5:50 p.m.5 views

CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

3.5CVSS6.6AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/05 5:47 p.m.5 views

EUVD-2025-201462

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.4CVSS6AI score0.00242EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 5:47 p.m.19 views

CVE-2025-66549 Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.4CVSS0.00242EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:47 p.m.1 views

CVE-2025-66549 Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.4CVSS6.2AI score0.00242EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:47 p.m.25 views

CVE-2025-66549

The CVE-2025-66549 entry concerns Nextcloud Desktop (the desktop sync client). Before version 3.16.5, locking a file inside an end-to-end encrypted directory would send the file’s path to the server unencrypted, allowing administrators to see it in logs. The root cause is unencrypted transmission...

2.7CVSS6.2AI score0.00242EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/05 5:47 p.m.5 views

CVE-2025-66549 Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.4CVSS6.5AI score0.00242EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/12/05 5:47 p.m.5 views

CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.7CVSS5.3AI score0.00242EPSS
Exploits0
EUVD
EUVD
added 2025/12/05 5:44 p.m.3 views

EUVD-2025-201463

Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15...

3.5CVSS6.2AI score0.0023EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:44 p.m.16 views

CVE-2025-66545

CVE-2025-66545 affects Nextcloud Groupfolders . A user with read-only permissions could restore a file from the trash bin in group/shared folders, before versions 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2. The issue is resolved in those respective fixed versions. If you use G...

4.3CVSS6.3AI score0.0023EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/12/05 5:44 p.m.22 views

CVE-2025-66545 Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin

Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15...

3.5CVSS0.0023EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:44 p.m.4 views

CVE-2025-66545 Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin

Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15...

3.5CVSS6.3AI score0.0023EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 5:44 p.m.4 views

CVE-2025-66545 Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin

Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15...

3.5CVSS6.6AI score0.0023EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/05 5:37 p.m.23 views

CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

2.7CVSS0.00261EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 5:37 p.m.5 views

EUVD-2025-201457

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

2.7CVSS6.1AI score0.00261EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:37 p.m.3 views

CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

2.7CVSS6.2AI score0.00261EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:37 p.m.19 views

CVE-2025-66515

The CVE describes an authorization flaw in the Nextcloud Approval app where an authenticated user listed as a workflow requester can place another user’s file into the “pending approval” state using the file’s numeric id, without having access to the file. This affects versions prior to 1.3.1 and...

2.7CVSS6.2AI score0.00261EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/05 5:37 p.m.5 views

CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

2.7CVSS6.5AI score0.00261EPSS
Exploits0References6
OSV
OSV
added 2025/12/05 5:32 p.m.8 views

CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

3.5CVSS6.7AI score0.00204EPSS
Exploits0References6
CVE
CVE
added 2025/12/05 5:32 p.m.21 views

CVE-2025-66514

Nextcloud Mail prior to version 5.5.3 contains a stored HTML injection issue in the message list that lets an authenticated user inject HTML into email subjects. The Nextcloud Server content security policy blocks Javascript, which mitigates some risk. The issue is addressed by upgrading to Nextc...

5.4CVSS6.3AI score0.00204EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/05 5:32 p.m.4 views

CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

3.5CVSS6.3AI score0.00204EPSS
Exploits0References4
Rows per page
Query Builder