CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise...

5.4CVSS6.8AI score0.00155EPSS

Exploits0References3

SUSE CVE•added 2024/06/15 2:12 a.m.•1 views

SUSE CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 o...

3.5CVSS6.8AI score0.00526EPSS

Exploits0References3

Nextcloud•added 2024/06/14 2:26 p.m.•34 views

Ability to by-pass second factor

None...

7.5CVSS7.2AI score0.00179EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/12/01 10:2 p.m.•3 views

CVE-2023-48314 Unescaped passing of the request URL in Collabora Online

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server richdocumentscode...

7.1CVSS6.8AI score0.00131EPSS

Exploits0References1

Nextcloud•added 2023/08/10 7:19 a.m.•35 views

Existance of calendars and addressbooks can be checked by unauthenticated users

None...

5.3CVSS5.4AI score0.00824EPSS

Exploits0References2Affected Software1

Nextcloud•added 2023/03/30 8:13 a.m.•28 views

Reference fetch can saturate the server bandwidth for 10 seconds

None...

7.5CVSS7.3AI score0.00505EPSS

Exploits0References2Affected Software1

SUSE CVE•added 2023/02/15 3:37 a.m.•1 views

SUSE CVE-2021-41179

Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as @PublicPage could thus be accessed with a valid user session that isn't...

6.5CVSS6.5AI score0.00512EPSS

Exploits0References4

Nextcloud•added 2022/12/01 9:31 a.m.•25 views

Calendar name length not validated before writing to database

None...

5.3CVSS5.5AI score0.0042EPSS

Exploits0References2Affected Software1

CVE•added 2021/09/07 9:40 p.m.•144 views

CVE-2021-32801

CVE-2021-32801 affects Nextcloud Server and concerns logging of potentially sensitive information in log files due to exception logging. The public records in OpenSUSE/GLSA summaries tie this CVE to Nextcloud Server components and indicate fixes were deployed in updated releases (Nextcloud 20.0.1...

5.5CVSS7.3AI score0.00062EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2017/04/05 12:0 a.m.•2 views

PT-2017-10685 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an authenticated adversary to create empty folders inside a shared folder, despite lacking the necessary permissions, due to a...

4.3CVSS5.2AI score0.00099EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by