4993 matches found
Nextcloud Calendar 安全漏洞
Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.17 and prior to 5.2.4, which stems from a malicious user being able to create specially crafted attachments that could result in files being...
PT-2025-49265
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
PT-2025-49266
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...
PT-2025-49290
Name of the Vulnerable Software and Affected Versions Nextcloud Calendar versions prior to 4.7.17 Nextcloud Calendar versions prior to 5.2.4 Description A malicious user could create a calendar event with a specially crafted attachment that links to a file on the same Nextcloud server. This actio...
PT-2025-49294
Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions prior to 5.5.3 Description A stored HTML injection issue exists in the Mail app's message list, potentially allowing an authenticated user to inject HTML into email subjects. The Nextcloud Server’s content security poli...
Deck 安全漏洞
Deck is a Kanban style organization tool open-sourced by Nextcloud. Designed for personal planning and project organization for teams integrating with Nextcloud. A security vulnerability exists in Deck versions prior to 1.12.7, prior to 1.14.4, and prior to 1.15.1, which stems from a file extensi...
Nextcloud Desktop Client 安全漏洞
Nextcloud Desktop Client is an open source file synchronization and sharing tool from Nextcloud GmbH. A security vulnerability exists in Nextcloud Desktop Client versions prior to 3.16.5, which stems from the unencrypted sending of file paths in an end-to-end encrypted directory, which could lead...
PT-2025-49288
Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions prior to 0.8.9 Nextcloud Tables versions prior to 0.9.6 Nextcloud Tables versions prior to 1.0.1 Description Nextcloud Tables allows users to create custom tables with defined columns. Before versions 0.8.9, 0.9.6, an...
EUVD-2025-201255
Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...
CVE-2025-66208
Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...
CVE-2025-59788
Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...
CVE-2025-59788
Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...
CVE-2025-59788
Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from the presence of cross-site scripting in the filespdfviewer example directory, which could lead...
CVE-2025-59788
Technical details about CVE-2025-59788 are not publicly available in the connected documents provided. The materials summarize Nextcloud XSS in a reachable files_pdfviewer directory and list affected versions, but no further technical specifics, root cause, impact, or remediation are included her...
CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy
Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...
[SECURITY] Fedora 41 Update: nextcloud-32.0.2-1.fc41
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 42 Update: nextcloud-32.0.2-1.fc42
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 43 Update: nextcloud-32.0.2-1.fc43
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
PT-2025-48979
Name of the Vulnerable Software and Affected Versions Collabora Online - Built-in CODE Server versions prior to 25.04.702 Description Collabora Online - Built-in CODE Server, which provides document editing features, contains a configuration-dependent Remote Code Execution RCE issue in the...