CVE-2025-66547 vulnerabilities

Vulnerabilities for packages: nextcloud-server...

[SECURITY] Fedora 43 Update: qownnotes-26.1.7-4.fc43

QOwnNotes is the open source notepad with Markdown support and todo list mana ger for GNU/Linux, macOS and Windows, that works together with Nextcloud Notes and ownCloud Notes. You are able to write down your thoughts with QOwnNotes and edit or search for them later from your mobile device, like...

Nextcloud: View-only guests could see deleted Collectives pages in the trashbin

A vulnerability was discovered where view-only guests could see deleted Collectives pages in the trashbin...

Nextcloud: IDOR on ██████ via direct photo URL leads to unauthorized access to deleted and other users' photos

Summary: An Insecure Direct Object Reference IDOR vulnerability exists in the application that allows unauthorized access to photos belonging to other users. The application does not properly validate whether the logged-in user is authorized to access a photo when accessing it via direct URL. Thi...

PT-2026-23549

Name of the Vulnerable Software and Affected Versions OpenClaw Nextcloud Talk plugin versions prior to 2026.2.6 Description The Nextcloud Talk plugin allows attackers to bypass direct message DM and room allowlists. The plugin incorrectly uses the mutable actor.name field for allowlist validation...

Nextcloud: Private circle can be added to another circle via API despite visibility restriction

A vulnerability was discovered where private circles could be added to other circles via the API, despite visibility restrictions...

CVE-2025-14761 vulnerabilities

Vulnerabilities for packages: nextcloud-server...

GHSA-X8CP-JF6F-R4XH vulnerabilities

Vulnerabilities for packages: nextcloud-server...

CVE-2025-14761 vulnerabilities

Vulnerabilities for packages: nextcloud-server...

GHSA-X8CP-JF6F-R4XH vulnerabilities

Vulnerabilities for packages: nextcloud-server...

CVE-2021-22912

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user...

CVE-2021-22913

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...

CVE-2022-31119

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...

CVE-2022-35932

Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is...

CVE-2023-25816

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround ...

CVE-2023-25160

Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for...

CVE-2023-25821

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

CVE-2023-45148

Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgra...

CVE-2023-45149

Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the...

CVE-2023-45150

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...