4969 matches found
CVE-2025-66551
Nextcloud Tables contains an ownership-check vulnerability: a malicious user could create a table and move a column into another user’s table due to a missing ownership validation. Affected versions are before 0.8.6 and before 0.9.3. The issue is resolved by upgrading to 0.8.6 or 0.9.3, per multi...
CVE-2025-66551 Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3...
EUVD-2025-201440
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3...
CVE-2025-66551 Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3...
CVE-2025-66551 Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3...
CVE-2025-66513 Nextcloud Tables app share information not limited to relevant users
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...
EUVD-2025-201441
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...
CVE-2025-66513 Nextcloud Tables app share information not limited to relevant users
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...
CVE-2025-66513
CVE-2025-66513 affects the Nextcloud Tables app. Prior to versions 0.8.9, 0.9.6, and 1.0.1, information about which table (numeric ID) is shared with which groups/users and the corresponding permissions was not restricted to privileged users, enabling an information disclosure scenario. The issue...
CVE-2025-66513 Nextcloud Tables app share information not limited to relevant users
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...
CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...
CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...
CVE-2025-66550
CVE-2025-66550 affects Nextcloud Calendar prior to versions 4.7.17 and 5.2.4. A malicious user could create a calendar event with an attachment that links to a download URL for a file on the same Nextcloud server, causing the file to be downloaded without user confirmation. The issue is resolved ...
EUVD-2025-201443
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...
CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...
CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...
CVE-2025-66546
Summary: CVE-2025-66546 affects Nextcloud Calendar. The vulnerability arises from the calendar’s handling of appointment IDs, allowing blind booking of appointments without knowledge of the appointment token. Affected software/versions (as documented): Nextcloud Calendar prior to 4.7.19, prior to...
CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...
EUVD-2025-201445
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...
CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...