Lucene search
K

4993 matches found

EUVD
EUVD
added 2025/12/05 4:49 p.m.6 views

EUVD-2025-201445

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS6.2AI score0.00118EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 4:49 p.m.23 views

CVE-2025-66546

Summary: CVE-2025-66546 affects Nextcloud Calendar. The vulnerability arises from the calendar’s handling of appointment IDs, allowing blind booking of appointments without knowledge of the appointment token. Affected software/versions (as documented): Nextcloud Calendar prior to 4.7.19, prior to...

3.3CVSS6.3AI score0.00118EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/12/05 4:49 p.m.17 views

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS0.00118EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 4:49 p.m.6 views

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS6.6AI score0.00118EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/05 4:42 p.m.5 views

EUVD-2025-201444

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS6.2AI score0.00246EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 4:42 p.m.7 views

CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS6.3AI score0.00246EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 4:42 p.m.6 views

CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS6.7AI score0.00246EPSS
Exploits0References6
CVE
CVE
added 2025/12/05 4:42 p.m.26 views

CVE-2025-66511

The CVE-2025-66511 issue affects Nextcloud Calendar prior to version 6.0.3. It stems from insecure generation of meeting proposal participant tokens (not purely random; based on a hash function), which enables an attacker to compute valid tokens and abuse them to view details and submit dates in ...

6.5CVSS6.3AI score0.00246EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/05 4:36 p.m.12 views

CVE-2025-66552 Nextcloud Server admin_audit does not log all actions on files in groupfolders

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the adminaudit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed ...

4.3CVSS6.2AI score0.00265EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 4:36 p.m.4 views

EUVD-2025-201446

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the adminaudit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed ...

4.3CVSS6.1AI score0.00265EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 4:36 p.m.21 views

CVE-2025-66552 Nextcloud Server admin_audit does not log all actions on files in groupfolders

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the adminaudit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed ...

4.3CVSS0.00265EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 4:36 p.m.6 views

CVE-2025-66552 Nextcloud Server admin_audit does not log all actions on files in groupfolders

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the adminaudit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed ...

4.3CVSS6.5AI score0.00265EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/05 4:32 p.m.23 views

CVE-2025-66547 Nextcloud Server users can modify tags on files that do not belong to them

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1...

4.3CVSS0.00238EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/05 4:32 p.m.1 views

CVE-2025-66547 Nextcloud Server users can modify tags on files that do not belong to them

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1...

4.3CVSS6.3AI score0.00238EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/05 4:32 p.m.5 views

EUVD-2025-201447

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1...

4.3CVSS6.2AI score0.00238EPSS
Exploits0References5
CVE
CVE
added 2025/12/05 4:32 p.m.37 views

CVE-2025-66547

Nextcloud Server (and Enterprise Server) prior to 31.0.1 contains a vulnerability where non-privileged users can modify tags on files they should not access via bulk tagging. Affected product: Nextcloud Server/Enterprise Server; vulnerable component: file tagging mechanism. Root cause details are...

4.3CVSS6.3AI score0.00238EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/12/05 4:32 p.m.5 views

CVE-2025-66547 Nextcloud Server users can modify tags on files that do not belong to them

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1...

4.3CVSS6.6AI score0.00238EPSS
Exploits0References7
OSV
OSV
added 2025/12/05 4:22 p.m.3 views

CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...

5.4CVSS6.5AI score0.00233EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/05 4:22 p.m.17 views

CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...

5.4CVSS0.00233EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 4:22 p.m.2 views

CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...

5.4CVSS6.2AI score0.00233EPSS
Exploits0References4
Rows per page
Query Builder