4993 matches found
EUVD-2025-201464
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...
CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...
CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...
CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...
CVE-2025-66557
Affected software: Nextcloud Deck plugin/app. Vulnerability: A bug in the permission logic allowed users with the "Can share" permission to modify the permissions of other recipients (non-owners). Versions impacted: Pre-1.14.6 and pre-1.15.2. Impact (as stated): Users could alter recipient permis...
CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...
EUVD-2025-201465
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...
CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...
CVE-2025-66548
The Nextcloud Deck app allows spoofing file extensions by using RTLO characters, causing a mismatch between the displayed and actual extension. Affected versions are prior to 1.12.7, 1.14.4, and 1.15.1; fixes are in 1.12.7, 1.14.4, and 1.15.1. Exploitation details are not provided in the supplied...
EUVD-2025-201466
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...
CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...
CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...
EUVD-2025-201430
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4...
CVE-2025-66553 Nextcloud Tables app allowed users to view columns metadata information of any table
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4...
CVE-2025-66553 Nextcloud Tables app allowed users to view columns metadata information of any table
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4...
CVE-2025-66553
Summary: Nextcloud Tables prior to 0.8.7 and 0.9.4 allows authenticated users to view column metadata of other tables by altering the numeric ID in a request, causing information disclosure. The issue is fixed in 0.8.7 and 0.9.4. Remediation: upgrade Nextcloud Tables to version 0.8.7 or later, or...
CVE-2025-66553 Nextcloud Tables app allowed users to view columns metadata information of any table
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4...
CVE-2025-66550
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...
CVE-2025-66547
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1...
CVE-2025-66552
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the adminaudit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed ...