4969 matches found
CVE-2026-44515
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL via the web interface or the API. In affected versions, an authenticated attacker could provide a URL pointing to internal/private IP ranges or...
CVE-2026-44515
CVE-2026-44515 : Nextcloud News is vulnerable to blind SSRF in versions prior to 28.3.0-beta.1. An authenticated user can add feeds by URL, including internal/private IPs or localhost, causing the server to perform server-side HTTP requests to attacker-controlled destinations without relaying res...
CVE-2026-44515 Nextcloud News: Authenticated blind SSRF via feed URL
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL via the web interface or the API. In affected versions, an authenticated attacker could provide a URL pointing to internal/private IP ranges or...
CVE-2026-44515 Nextcloud News: Authenticated blind SSRF via feed URL
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL via the web interface or the API. In affected versions, an authenticated attacker could provide a URL pointing to internal/private IP ranges or...
CVE-2026-44515
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL via the web interface or the API. In affected versions, an authenticated attacker could provide a URL pointing to internal/private IP ranges or...
Nextcloud News app 代码问题漏洞
The Nextcloud News app is an RSS/Atom news aggregator developed by Nextcloud as open source. Versions of the Nextcloud News app prior to 28.3.0-beta.1 contained code vulnerabilities. These vulnerabilities stemmed from the lack of verification of the feed URL provided by users, which could lead to...
PT-2026-40964
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL via the web interface or the API. In affected versions, an authenticated attacker could provide a URL pointing to internal/private IP ranges or...
fileId parameter reveals workflow associations in Nextcloud Approval app
None...
[SECURITY] Fedora 43 Update: nextcloud-33.0.3-1.fc43
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 42 Update: nextcloud-33.0.3-1.fc42
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 44 Update: nextcloud-33.0.3-1.fc44
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
Fedora 43 : nextcloud (2026-6599e30e04)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6599e30e04 advisory. 33.0.3 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Fedora 44 : nextcloud (2026-cb5661d883)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cb5661d883 advisory. 33.0.3 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Fedora 42 : nextcloud (2026-2fed8dd674)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2fed8dd674 advisory. 33.0.3 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
GHSA-27QH-8CXX-2CR5 vulnerabilities
Vulnerabilities for packages: nextcloud-server...
GHSA-R854-JRXH-36QX vulnerabilities
Vulnerabilities for packages: nextcloud-server...
GHSA-94G3-G5V7-Q4JG vulnerabilities
Vulnerabilities for packages: nextcloud-server...
CVE-2026-32935 vulnerabilities
Vulnerabilities for packages: nextcloud-server...
CVE-2026-40194 vulnerabilities
Vulnerabilities for packages: nextcloud-server...
GHSA-27QH-8CXX-2CR5 vulnerabilities
Vulnerabilities for packages: nextcloud-server...