CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

EUVD-2025-201451

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

XSS in SVG images when opened outside of Nextcloud

None...

Approval app allows users to request approval for other users file

None...

Calendar app allowed booking appointments without the generated token

None...

Calendar attachments of local files are offered to downloaded

None...

admin_audit does not log all actions on files in groupfolders

None...

Nextcloud Tables 安全漏洞

Nextcloud Tables is an open source tables application from Nextcloud. A security vulnerability exists in Nextcloud Tables versions prior to 0.8.9, prior to 0.9.6, and prior to 1.0.1, which stems from shared table information that is not restricted from access by privileged users, which could lead...

PT-2025-49302

Name of the Vulnerable Software and Affected Versions Nextcloud Twofactor WebAuthn versions prior to 1.4.2 Nextcloud Twofactor WebAuthn versions prior to 2.4.1 Description A missing ownership check allows an attacker to remove a user's WebAuthn two-factor authentication device by correctly guessi...

WebAuthn second factor provider for Nextcloud 安全漏洞

WebAuthn second factor provider for Nextcloud is an open source two-factor authentication software from Nextcloud. A security vulnerability exists in WebAuthn second factor provider for Nextcloud versions prior to 1.4.2 and prior to 2.4.1, which stems from a lack of ownership checking and could...

PT-2025-49290

Name of the Vulnerable Software and Affected Versions Nextcloud Calendar versions prior to 4.7.17 Nextcloud Calendar versions prior to 5.2.4 Description A malicious user could create a calendar event with a specially crafted attachment that links to a file on the same Nextcloud server. This actio...

Nextcloud Desktop Client 安全漏洞

Nextcloud Desktop Client is an open source file synchronization and sharing tool from Nextcloud GmbH. A security vulnerability exists in Nextcloud Desktop Client versions prior to 3.16.5, which stems from the unencrypted sending of file paths in an end-to-end encrypted directory, which could lead...

Nextcloud Server 安全漏洞

Nextcloud Server is a Nextcloud server program open-sourced by Nextcloud. A security vulnerability exists in Nextcloud Server that stems from improper access control of the contact search feature, which could lead to information disclosure...

Team folders 安全漏洞

Team folders is a file sharing software from Nextcloud open source. A security vulnerability exists in Team folders versions prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, which stems from a read-only privileged user being able to restore files from the recycle bin,...

Deck 安全漏洞

Deck is a Kanban style organization tool open-sourced by Nextcloud. Designed for personal planning and project organization for teams integrating with Nextcloud. A security vulnerability exists in Deck versions prior to 1.12.7, prior to 1.14.4, and prior to 1.15.1, which stems from a file extensi...

PT-2025-49269

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 30.0.9 Nextcloud Server versions prior to 31.0.1 Description An issue exists in Nextcloud Server and Enterprise Server related to incorrect path handling with groupfolders. This resulted in the admin audit ap...

PT-2025-49295

Name of the Vulnerable Software and Affected Versions Nextcloud Approval app versions prior to 1.3.1 Nextcloud Approval app versions prior to 2.5.0 Description The Nextcloud Approval app has an issue where an authenticated user, listed as a requester in a workflow, can set another user’s file to...

Nextcloud Server 安全漏洞

Nextcloud Server is a Nextcloud server program open-sourced by Nextcloud. A security vulnerability exists in Nextcloud Server versions prior to 31.0.12 and prior to 32.0.3, which stems from insufficient cleanup and could lead to content security policy bypass...

Nextcloud Calendar 安全漏洞

Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.17 and prior to 5.2.4, which stems from a malicious user being able to create specially crafted attachments that could result in files being...