Lucene search
K

4993 matches found

EUVD
EUVD
added 2025/12/05 4:22 p.m.9 views

EUVD-2025-201449

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...

5.4CVSS6.1AI score0.00233EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 4:22 p.m.54 views

CVE-2025-66512

Nextcloud Server and Server Enterprise before 31.0.12 and 32.0.3 have a missing sanitization that can be exploited to bypass content security policy when a user is tricked into viewing a crafted SVG outside the Nextcloud UI, enabling cross-site scripting. Fedora advisories FEDORA-2025-86c0829159 ...

6.1CVSS6.2AI score0.00233EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/12/05 4:18 p.m.23 views

CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

4.5CVSS0.00297EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 4:18 p.m.2 views

CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

4.5CVSS6AI score0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/05 4:18 p.m.5 views

EUVD-2025-201451

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

4.5CVSS5.9AI score0.00297EPSS
Exploits0References3
CVE
CVE
added 2025/12/05 4:18 p.m.17 views

CVE-2025-66510

CVE-2025-66510 affects Nextcloud Server and Nextcloud Enterprise Server where the contact search feature can disclose personal data (emails, names, identifiers) of other users to authenticated users due to improper access control. Affected versions include Nextcloud Server prior to 31.0.10 and 32...

4.9CVSS6AI score0.00297EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/12/05 4:18 p.m.6 views

CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

4.5CVSS6.3AI score0.00297EPSS
Exploits0References5
Nextcloud
Nextcloud
added 2025/12/05 8:7 a.m.14 views

XSS in SVG images when opened outside of Nextcloud

None...

6.1CVSS5.2AI score0.00233EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
added 2025/12/05 8:2 a.m.7 views

Approval app allows users to request approval for other users file

None...

2.7CVSS5.2AI score0.00261EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
added 2025/12/05 8:0 a.m.18 views

Calendar app allowed booking appointments without the generated token

None...

3.3CVSS5.2AI score0.00118EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
added 2025/12/05 7:57 a.m.22 views

Calendar attachments of local files are offered to downloaded

None...

5.7CVSS5.2AI score0.00277EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
added 2025/12/05 7:56 a.m.8 views

admin_audit does not log all actions on files in groupfolders

None...

4.3CVSS5.2AI score0.00265EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.4 views

PT-2025-49299

Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.14.6 Nextcloud Deck versions prior to 1.15.2 Description Nextcloud Deck is a kanban style organization tool for personal and team project management integrated with Nextcloud. A flaw in the permission logic...

5.4CVSS6.3AI score0.00233EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

Nextcloud Talk 安全漏洞

Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. A security vulnerability exists in Nextcloud talk versions prior to 20.1.8 and prior to 21.1.2, which stems from the ability of a participant with chat privileges to delete drafts of other...

4.3CVSS6.2AI score0.00206EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.7 views

Nextcloud Mail 跨站脚本漏洞

Nextcloud Mail is an email from Nextcloud Germany. A cross-site scripting vulnerability exists in versions of Nextcloud Mail prior to 5.5.3, which stems from the presence of stored HTML injection in mailing lists, which could lead to HTML injection attacks...

5.4CVSS6AI score0.00204EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

Nextcloud Calendar 安全漏洞

Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.17 and prior to 5.2.4, which stems from a malicious user being able to create specially crafted attachments that could result in files being...

5.7CVSS6.4AI score0.00277EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.4 views

PT-2025-49267

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 31.0.12 Nextcloud Server Enterprise versions prior to 31.0.12 Nextcloud Server versions prior to 32.0.3 Nextcloud Server Enterprise versions prior to 32.0.3 Description Nextcloud Server and Server Enterprise...

6.4CVSS6.4AI score0.00233EPSS
Exploits0References15
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.4 views

Nextcloud Tables 安全漏洞

Nextcloud Tables is an open source tables application from Nextcloud. A security vulnerability exists in Nextcloud Tables versions prior to 0.8.9, prior to 0.9.6, and prior to 1.0.1, which stems from shared table information that is not restricted from access by privileged users, which could lead...

5.3CVSS6.1AI score0.0024EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.3 views

Nextcloud 授权问题漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an authorization issue vulnerability that originates from a requestor being able to set another person's file to a pending approval...

2.7CVSS6.5AI score0.00261EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

WebAuthn second factor provider for Nextcloud 安全漏洞

WebAuthn second factor provider for Nextcloud is an open source two-factor authentication software from Nextcloud. A security vulnerability exists in WebAuthn second factor provider for Nextcloud versions prior to 1.4.2 and prior to 2.4.1, which stems from a lack of ownership checking and could...

4.3CVSS6.6AI score0.00226EPSS
Exploits0References4
Rows per page
Query Builder