Lucene search
K

4993 matches found

EUVD
EUVD
added 2025/12/05 5:32 p.m.4 views

EUVD-2025-201464

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

3.5CVSS6.2AI score0.00204EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 5:32 p.m.20 views

CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

3.5CVSS0.00204EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 5:28 p.m.4 views

CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

5.4CVSS6.6AI score0.00233EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/05 5:28 p.m.22 views

CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

5.4CVSS0.00233EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:28 p.m.15 views

CVE-2025-66557

Affected software: Nextcloud Deck plugin/app. Vulnerability: A bug in the permission logic allowed users with the "Can share" permission to modify the permissions of other recipients (non-owners). Versions impacted: Pre-1.14.6 and pre-1.15.2. Impact (as stated): Users could alter recipient permis...

5.4CVSS6.3AI score0.00233EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/05 5:28 p.m.3 views

CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

5.4CVSS6.3AI score0.00233EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 5:28 p.m.7 views

EUVD-2025-201465

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

5.4CVSS6.2AI score0.00233EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:26 p.m.2 views

CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

3.3CVSS6.4AI score0.00125EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:26 p.m.11 views

CVE-2025-66548

The Nextcloud Deck app allows spoofing file extensions by using RTLO characters, causing a mismatch between the displayed and actual extension. Affected versions are prior to 1.12.7, 1.14.4, and 1.15.1; fixes are in 1.12.7, 1.14.4, and 1.15.1. Exploitation details are not provided in the supplied...

5.5CVSS6.4AI score0.00125EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/12/05 5:26 p.m.4 views

EUVD-2025-201466

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

3.3CVSS6.2AI score0.00125EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 5:26 p.m.21 views

CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

3.3CVSS0.00125EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 5:26 p.m.4 views

CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

3.3CVSS6.7AI score0.00125EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/05 5:18 p.m.6 views

EUVD-2025-201430

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4...

4.3CVSS6AI score0.00231EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:18 p.m.3 views

CVE-2025-66553 Nextcloud Tables app allowed users to view columns metadata information of any table

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4...

4.3CVSS6.1AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 5:18 p.m.18 views

CVE-2025-66553 Nextcloud Tables app allowed users to view columns metadata information of any table

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4...

4.3CVSS0.00231EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:18 p.m.22 views

CVE-2025-66553

Summary: Nextcloud Tables prior to 0.8.7 and 0.9.4 allows authenticated users to view column metadata of other tables by altering the numeric ID in a request, causing information disclosure. The issue is fixed in 0.8.7 and 0.9.4. Remediation: upgrade Nextcloud Tables to version 0.8.7 or later, or...

4.3CVSS6.1AI score0.00231EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/05 5:18 p.m.6 views

CVE-2025-66553 Nextcloud Tables app allowed users to view columns metadata information of any table

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4...

4.3CVSS6.5AI score0.00231EPSS
Exploits0References6
NVD
NVD
added 2025/12/05 5:16 p.m.7 views

CVE-2025-66550

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...

5.7CVSS0.00277EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 5:16 p.m.10 views

CVE-2025-66547

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1...

4.3CVSS0.00238EPSS
Exploits0References5
NVD
NVD
added 2025/12/05 5:16 p.m.8 views

CVE-2025-66552

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the adminaudit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed ...

4.3CVSS0.00265EPSS
Exploits0References4
Rows per page
Query Builder