76 matches found
CVE-2025-66510
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
EUVD-2025-201451
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
Bypass group folder quota limit using attachment in text file
None...
PT-2025-21657 · Nextcloud +1 · Nextcloud Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.13 Nextcloud Server versions prior to 29.0.10 Nextcloud Server versions prior to 30.0.3 Nextcloud Enterprise Server versions prior to 28.0.13 Nextcloud Enterprise Server versions prior to 29.0.10...
CVE-2024-52517
Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the...
CVE-2024-52515 Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended...
CVE-2024-52516 Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 o...
CVE-2024-52519 Nextcloud Server's OAuth2 client secrets were stored in a recoverable way
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...
Potential hash collision for background jobs could skip queuing them
None...
User password is available in memory of the PHP process
None...
PT-2024-9159 · Nextcloud +2 · Nextcloud Enterprise Server +3
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.11 Nextcloud Server versions prior to 29.0.8 Nextcloud Server versions prior to 30.0.1 Nextcloud Enterprise Server versions prior to 25.0.13.13 Nextcloud Enterprise Server versions prior to 26.0.13.9...
PT-2024-9158 · Nextcloud +1 · Nextcloud Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 and prior to 29.0.7 Nextcloud Enterprise Server versions prior to 27.1.11.8, prior to 28.0.10, and prior to 29.0.7 Description: The issue is related to the insecure storage of confidential informatio...
PT-2024-9165 · Nextcloud +2 · Nextcloud Enterprise Server +3
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.11 Nextcloud Server versions prior to 23.0.11 Nextcloud Server versions prior to 24.0.6 Nextcloud Enterprise Server versions prior to 22.2.11 Nextcloud Enterprise Server versions prior to 23.0.11...
CVE-2024-37315
Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the filesversions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...
CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions
Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...
CVE-2024-37314
CVE-2024-37314 concerns Nextcloud Photos enabling removal of photos from a registered user’s album. The entry notes remediation by upgrading Nextcloud Server to 25.0.7 or 26.0.2 and Nextcloud Enterprise Server to 25.0.7 or 26.0.2. Connected documents show multiple related Nextcloud vulnerabilitie...
CVE-2024-37313
CVE-2024-37313 corresponds to multiple Nextcloud vulnerabilities surfaced by PT Security and related alerts, detailing improper authentication and credential exposure scenarios. Technical details across connected sources include: 2FA bypass after valid credentials, read-access to external storage...