CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

RedhatCVE•added 2026/01/09 11:20 a.m.•6 views

CVE-2021-22913

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...

6.5CVSS6.3AI score0.00652EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-15057

Malware in sbrugna...

9.8CVSS9.2AI score0.00564EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-10034

Malware in sbrugna...

6.5CVSS6.5AI score0.00652EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-10042

Malware in sbrugna...

6.5CVSS6.5AI score0.00652EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 7:55 a.m.•11 views

CVE-2019-5476

An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...

9.8CVSS8.4AI score0.00564EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 4:8 a.m.•1 views

SUSE CVE-2019-15623

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

5.3CVSS5.3AI score0.00322EPSS

Exploits1References5

OSV•added 2021/06/11 4:15 p.m.•9 views

CVE-2021-22905

Nextcloud Android App com.nextcloud.client before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user...

6.5CVSS6.2AI score

Exploits0References2

Prion•added 2021/06/11 4:15 p.m.•14 views

Information disclosure

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user...

4.3CVSS5.9AI score0.00652EPSS

Exploits1References2Affected Software1

Prion•added 2021/06/11 4:15 p.m.•14 views

Information disclosure

4.3CVSS6.2AI score0.00652EPSS

Exploits0References2Affected Software1

CNNVD•added 2021/06/04 12:0 a.m.•1 views

Nextcloud 信息泄露漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in the Nextcloud Android App that stems from performing a shared search on a lookup server by default, which...

6.5CVSS6.5AI score0.00652EPSS

Exploits1References3

CNNVD•added 2021/06/04 12:0 a.m.•1 views

Deck 信息泄露漏洞

Deck is a Kanban style organization tool. Designed for personal planning and project organization for teams integrated with Nextcloud. An information disclosure vulnerability exists in Deck that stems from allowing shared searches to be performed on the lookup server by default. A remote attacker...

6.5CVSS6.5AI score0.00652EPSS

Exploits0References3

OSV•added 2021/06/01 8:15 p.m.•11 views

CVE-2021-32653

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workaroun...

2.7CVSS6.6AI score

Exploits0References3

NVD•added 2021/06/01 8:15 p.m.•16 views

CVE-2021-32653

4CVSS0.0038EPSS

Exploits0References3

Prion•added 2021/06/01 8:15 p.m.•13 views

Code injection

4CVSS4.1AI score0.0038EPSS

Exploits0References3Affected Software1

Cvelist•added 2021/06/01 7:50 p.m.•15 views

CVE-2021-32653 Default settings leak federated cloud ID to lookup server of all users

2.7CVSS6.6AI score0.0038EPSS

Exploits0References3

Nextcloud•added 2021/06/01 6:11 p.m.•31 views

Default settings leak federated cloud ID to lookup server of all users

None...

4CVSS4.4AI score0.0038EPSS

Exploits0References1Affected Software1

Nextcloud•added 2021/06/01 6:0 p.m.•28 views

Nextcloud deck sharee search leaks searches to lookupserver by default

None...

6.5CVSS6.4AI score0.00652EPSS

Exploits0References1Affected Software1

CNNVD•added 2021/06/01 12:0 a.m.•1 views

Nextcloud 安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that can be exploited by an attacker to send a user ID to a lookup server when the user is not set to a...

4CVSS5.6AI score0.0038EPSS

Exploits0References4

Positive Technologies•added 2021/06/01 12:0 a.m.•2 views

PT-2021-19831 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue affects Nextcloud Server, a package handling data storage. It sends user IDs to the lookup...

10CVSS5.8AI score0.03114EPSS

Exploits2References39

Hacker One•added 2021/04/23 7:30 p.m.•48 views

Nextcloud: Default settings leak federated cloud id to lookup server of all users

So with the default settings Nextcloud still sends requests to the lookup server if users update their profile. Even if none of the fields are set to 'published'. I must admit this is somewhat of a surprise as there is no reason for this. As long as the visibility of none of the fields change and...

4CVSS0.1AI score0.0038EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by