[SECURITY] Fedora 42 Update: nextcloud-32.0.6-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

User Impersonation

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to User Impersonation via the actor.name field in webhook payloads. An attacker can gain unauthorized access to direct messages or rooms by spoofing their display name t...

Nextcloud Talk allowlist bypass via actor.name display name spoofing

Summary In affected versions of the optional Nextcloud Talk plugin installed separately; not bundled with the core OpenClaw install, an untrusted webhook field actor.name, display name could be treated as an allowlist identifier. An attacker could change their Nextcloud display name to match an...

GHSA-R5H9-VJQC-HQ3R Nextcloud Talk allowlist bypass via actor.name display name spoofing

Summary In affected versions of the optional Nextcloud Talk plugin installed separately; not bundled with the core OpenClaw install, an untrusted webhook field actor.name, display name could be treated as an allowlist identifier. An attacker could change their Nextcloud display name to match an...

CVE-2019-25368

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...

CVE-2019-25368 OPNsense 19.1 Reflected XSS via diag_backup.php

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...

EUVD-2019-19410

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...

CVE-2019-25368

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...

CVE-2019-25368

OPNsense 19.1 contains cross-site scripting vulnerabilities in the diag_backup.php endpoint. The issue allows injection of malicious scripts via multiple parameters (e.g., GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_password, Nextc...

PT-2026-8240

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive GDriveEmail, GDrive GDriveFolderID, GDrive GDriveBackupCount, Nextcloud url, Nextcloud user, Nextcloud...

ROS-20260209-73-0021

Vulnerability in nextcloud-app-mail caused by failure to take measures to protect web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260209-73-0022

Vulnerability in nextcloud-app-calendar related to authorization bypass through the use of a user-controlled key. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

[SECURITY] Fedora 42 Update: qownnotes-26.1.7-4.fc42

QOwnNotes is the open source notepad with Markdown support and todo list mana ger for GNU/Linux, macOS and Windows, that works together with Nextcloud Notes and ownCloud Notes. You are able to write down your thoughts with QOwnNotes and edit or search for them later from your mobile device, like...

ROS-20260129-73-0050

Vulnerability in nextcloud-app-contacts related to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260129-73-0046

Vulnerability in nextcloud related to flaws in access to personal information. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

ROS-20260129-73-0045

Vulnerability in nextcloud related to bugs in security settings. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260129-73-0047

Vulnerability in nextcloud related to authorization bypass through the use of a user-controlled key. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

ROS-20260129-73-0049

Vulnerability in nextcloud-app-calendar related to the use of insufficiently randomized values. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260129-73-0048

Vulnerability in nextcloud-app-calendar related to improper handling of an unexpected data type. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-66552 vulnerabilities

Vulnerabilities for packages: nextcloud-server...