4993 matches found
EUVD-2025-201449
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...
CVE-2025-66512
Nextcloud Server and Server Enterprise before 31.0.12 and 32.0.3 have a missing sanitization that can be exploited to bypass content security policy when a user is tricked into viewing a crafted SVG outside the Nextcloud UI, enabling cross-site scripting. Fedora advisories FEDORA-2025-86c0829159 ...
CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
EUVD-2025-201451
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
CVE-2025-66510
CVE-2025-66510 affects Nextcloud Server and Nextcloud Enterprise Server where the contact search feature can disclose personal data (emails, names, identifiers) of other users to authenticated users due to improper access control. Affected versions include Nextcloud Server prior to 31.0.10 and 32...
CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
XSS in SVG images when opened outside of Nextcloud
None...
Approval app allows users to request approval for other users file
None...
Calendar app allowed booking appointments without the generated token
None...
Calendar attachments of local files are offered to downloaded
None...
admin_audit does not log all actions on files in groupfolders
None...
PT-2025-49299
Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.14.6 Nextcloud Deck versions prior to 1.15.2 Description Nextcloud Deck is a kanban style organization tool for personal and team project management integrated with Nextcloud. A flaw in the permission logic...
Nextcloud Talk 安全漏洞
Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. A security vulnerability exists in Nextcloud talk versions prior to 20.1.8 and prior to 21.1.2, which stems from the ability of a participant with chat privileges to delete drafts of other...
Nextcloud Mail 跨站脚本漏洞
Nextcloud Mail is an email from Nextcloud Germany. A cross-site scripting vulnerability exists in versions of Nextcloud Mail prior to 5.5.3, which stems from the presence of stored HTML injection in mailing lists, which could lead to HTML injection attacks...
Nextcloud Calendar 安全漏洞
Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.17 and prior to 5.2.4, which stems from a malicious user being able to create specially crafted attachments that could result in files being...
PT-2025-49267
Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 31.0.12 Nextcloud Server Enterprise versions prior to 31.0.12 Nextcloud Server versions prior to 32.0.3 Nextcloud Server Enterprise versions prior to 32.0.3 Description Nextcloud Server and Server Enterprise...
Nextcloud Tables 安全漏洞
Nextcloud Tables is an open source tables application from Nextcloud. A security vulnerability exists in Nextcloud Tables versions prior to 0.8.9, prior to 0.9.6, and prior to 1.0.1, which stems from shared table information that is not restricted from access by privileged users, which could lead...
Nextcloud 授权问题漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an authorization issue vulnerability that originates from a requestor being able to set another person's file to a pending approval...
WebAuthn second factor provider for Nextcloud 安全漏洞
WebAuthn second factor provider for Nextcloud is an open source two-factor authentication software from Nextcloud. A security vulnerability exists in WebAuthn second factor provider for Nextcloud versions prior to 1.4.2 and prior to 2.4.1, which stems from a lack of ownership checking and could...