Lucene search
K

4993 matches found

NVD
NVD
added 2025/12/05 5:16 p.m.12 views

CVE-2025-66546

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS0.00118EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 5:16 p.m.9 views

CVE-2025-66512

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...

6.1CVSS0.00233EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 5:16 p.m.7 views

CVE-2025-66511

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

6.5CVSS0.00246EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 5:16 p.m.8 views

CVE-2025-66510

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

4.9CVSS0.00297EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/05 5:15 p.m.21 views

CVE-2025-66551 Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3...

6.3CVSS0.00206EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:15 p.m.14 views

CVE-2025-66551

Nextcloud Tables contains an ownership-check vulnerability: a malicious user could create a table and move a column into another user’s table due to a missing ownership validation. Affected versions are before 0.8.6 and before 0.9.3. The issue is resolved by upgrading to 0.8.6 or 0.9.3, per multi...

6.3CVSS6.3AI score0.00206EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/05 5:15 p.m.3 views

CVE-2025-66551 Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3...

6.3CVSS6.3AI score0.00206EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 5:15 p.m.5 views

EUVD-2025-201440

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3...

6.3CVSS6.2AI score0.00206EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 5:15 p.m.5 views

CVE-2025-66551 Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3...

6.3CVSS6.7AI score0.00206EPSS
Exploits0References6
OSV
OSV
added 2025/12/05 5:11 p.m.4 views

CVE-2025-66513 Nextcloud Tables app share information not limited to relevant users

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...

4.3CVSS6.5AI score0.0024EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/05 5:11 p.m.17 views

CVE-2025-66513 Nextcloud Tables app share information not limited to relevant users

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...

4.3CVSS0.0024EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:11 p.m.4 views

CVE-2025-66513 Nextcloud Tables app share information not limited to relevant users

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...

4.3CVSS6.1AI score0.0024EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:11 p.m.23 views

CVE-2025-66513

CVE-2025-66513 affects the Nextcloud Tables app. Prior to versions 0.8.9, 0.9.6, and 1.0.1, information about which table (numeric ID) is shared with which groups/users and the corresponding permissions was not restricted to privileged users, enabling an information disclosure scenario. The issue...

5.3CVSS6.1AI score0.0024EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/12/05 5:11 p.m.5 views

EUVD-2025-201441

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...

4.3CVSS6AI score0.0024EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 4:56 p.m.23 views

CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...

5.7CVSS0.00277EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 4:56 p.m.3 views

CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...

5.7CVSS6.2AI score0.00277EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 4:56 p.m.6 views

EUVD-2025-201443

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...

5.7CVSS6.1AI score0.00277EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 4:56 p.m.29 views

CVE-2025-66550

CVE-2025-66550 affects Nextcloud Calendar prior to versions 4.7.17 and 5.2.4. A malicious user could create a calendar event with an attachment that links to a download URL for a file on the same Nextcloud server, causing the file to be downloaded without user confirmation. The issue is resolved ...

5.7CVSS6.2AI score0.00277EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/05 4:56 p.m.10 views

CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...

5.7CVSS6.5AI score0.00277EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/05 4:49 p.m.1 views

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS6.3AI score0.00118EPSS
Exploits0References4
Rows per page
Query Builder