CVE-2026-45159 Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...

CVE-2024-52513 Nextcloud Server's Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares

Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to...

Nextcloud 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an information disclosure vulnerability that originates when a malicious user downloads attachments referenced in a text file without...

Nextcloud: Attachments folder for Text app is accessible on Files Drop/Password protected shares

The Nextcloud Text app's attachments folder was found to be accessible on Files Drop/Password protected shares...

CVE-2021-32655

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and...

CVE-2021-32655 Files Drop public link can be added as federated share

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and...

Files Drop public link can be added as federated share

None...

PT-2021-19833 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue arises when an attacker converts a Files Drop link to a federated share, causing problems o...

Nextcloud: Files Drop: WebDAV endpoint is leaking existence of resources

The new WebDAV endpoint implementation in 11 is leaking too many informations if one executes a MKCOL or a PUT against an existing item. With Files Drop one should only be able to upload files but not leak any existence of items. Leaking existence using PUT When doing a PUT the expectation is to...