CVE-2021-32707
CVE-2021-32707 affects Nextcloud Mail prior to version 1.9.6: the privacy filter did not filter images with a background-image CSS attribute, allowing a remote CSS background image to reveal whether an email was read. Images passed through the Nextcloud image proxy, so IP leakage was not reported...