Lucene search
K

4993 matches found

CNNVD
CNNVD
added 2025/12/05 12:0 a.m.4 views

Nextcloud Calendar 安全漏洞

Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.17 and prior to 5.2.4, which stems from a malicious user being able to create specially crafted attachments that could result in files being...

5.7CVSS6.4AI score0.00277EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.4 views

PT-2025-49265

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

4.5CVSS6.4AI score0.00297EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.7 views

PT-2025-49266

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS6.7AI score0.00246EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49290

Name of the Vulnerable Software and Affected Versions Nextcloud Calendar versions prior to 4.7.17 Nextcloud Calendar versions prior to 5.2.4 Description A malicious user could create a calendar event with a specially crafted attachment that links to a file on the same Nextcloud server. This actio...

5.7CVSS6.3AI score0.00277EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.10 views

PT-2025-49294

Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions prior to 5.5.3 Description A stored HTML injection issue exists in the Mail app's message list, potentially allowing an authenticated user to inject HTML into email subjects. The Nextcloud Server’s content security poli...

5.4CVSS6.5AI score0.00204EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

Deck 安全漏洞

Deck is a Kanban style organization tool open-sourced by Nextcloud. Designed for personal planning and project organization for teams integrating with Nextcloud. A security vulnerability exists in Deck versions prior to 1.12.7, prior to 1.14.4, and prior to 1.15.1, which stems from a file extensi...

5.5CVSS6.4AI score0.00125EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.6 views

Nextcloud Desktop Client 安全漏洞

Nextcloud Desktop Client is an open source file synchronization and sharing tool from Nextcloud GmbH. A security vulnerability exists in Nextcloud Desktop Client versions prior to 3.16.5, which stems from the unencrypted sending of file paths in an end-to-end encrypted directory, which could lead...

2.7CVSS6.1AI score0.00242EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.8 views

PT-2025-49288

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions prior to 0.8.9 Nextcloud Tables versions prior to 0.9.6 Nextcloud Tables versions prior to 1.0.1 Description Nextcloud Tables allows users to create custom tables with defined columns. Before versions 0.8.9, 0.9.6, an...

5.3CVSS6.2AI score0.0024EPSS
Exploits0References8
EUVD
EUVD
added 2025/12/04 9:31 p.m.3 views

EUVD-2025-201255

Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...

8.8CVSS8.1AI score0.72648EPSS
Exploits16References4
RedhatCVE
RedhatCVE
added 2025/12/04 7:22 p.m.5 views

CVE-2025-66208

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

9.8CVSS6.8AI score0.00948EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 7:16 p.m.8 views

CVE-2025-59788

Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...

6.4CVSS0.00246EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/04 12:0 a.m.3 views

CVE-2025-59788

Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...

6.4CVSS8.1AI score0.00246EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/04 12:0 a.m.20 views

CVE-2025-59788

Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...

6.4CVSS0.00246EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.5 views

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from the presence of cross-site scripting in the filespdfviewer example directory, which could lead...

6.4CVSS6.1AI score0.00246EPSS
Exploits1References3
CVE
CVE
added 2025/12/04 12:0 a.m.19 views

CVE-2025-59788

Technical details about CVE-2025-59788 are not publicly available in the connected documents provided. The materials summarize Nextcloud XSS in a reachable files_pdfviewer directory and list affected versions, but no further technical specifics, root cause, impact, or remediation are included her...

6.4CVSS6.2AI score0.00246EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/03 6:25 p.m.15 views

CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

9.2CVSS0.00948EPSS
Exploits0References1
Fedora
Fedora
added 2025/12/03 1:40 a.m.7 views

[SECURITY] Fedora 41 Update: nextcloud-32.0.2-1.fc41

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

7.3CVSS6.9AI score0.01297EPSS
Exploits0
Fedora
Fedora
added 2025/12/03 1:12 a.m.8 views

[SECURITY] Fedora 42 Update: nextcloud-32.0.2-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

7.3CVSS6.9AI score0.01297EPSS
Exploits0
Fedora
Fedora
added 2025/12/03 12:59 a.m.7 views

[SECURITY] Fedora 43 Update: nextcloud-32.0.2-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

7.3CVSS6.9AI score0.01297EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48979

Name of the Vulnerable Software and Affected Versions Collabora Online - Built-in CODE Server versions prior to 25.04.702 Description Collabora Online - Built-in CODE Server, which provides document editing features, contains a configuration-dependent Remote Code Execution RCE issue in the...

9.8CVSS7.1AI score0.00948EPSS
Exploits0References7
Rows per page
Query Builder