PT-2025-49299

Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.14.6 Nextcloud Deck versions prior to 1.15.2 Description Nextcloud Deck is a kanban style organization tool for personal and team project management integrated with Nextcloud. A flaw in the permission logic...

PT-2025-49291

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions prior to 0.8.6 Nextcloud Tables versions prior to 0.9.3 Description A malicious user could create a table and move a column into another user's table. This action was possible in versions before 0.8.6 and 0.9.3...

PT-2025-49288

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions prior to 0.8.9 Nextcloud Tables versions prior to 0.9.6 Nextcloud Tables versions prior to 1.0.1 Description Nextcloud Tables allows users to create custom tables with defined columns. Before versions 0.8.9, 0.9.6, an...

Nextcloud Server 安全漏洞

Nextcloud Server is a Nextcloud server program open-sourced by Nextcloud. A security vulnerability exists in Nextcloud Server that stems from improper handling of group folder paths, which could lead to incomplete logging...

Nextcloud Tables 安全漏洞

Nextcloud Tables is a table application from Nextcloud Open Source. A security vulnerability exists in Nextcloud Tables versions prior to 0.8.6 and prior to 0.9.3, which stems from a malicious user being able to move columns to the victim table, potentially leading to data tampering...

Nextcloud Server 安全漏洞

Nextcloud Server is a Nextcloud server program from Nextcloud Open Source. A security vulnerability exists in versions of Nextcloud Server prior to 31.0.1, which stems from a non-privileged user being able to modify file labels via bulk tagging, potentially resulting in elevated privileges...

PT-2025-49292

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions prior to 0.8.7 Nextcloud Tables versions prior to 0.9.4 Description Authenticated users could view metadata of columns in other tables within the Tables app by manipulating the numeric ID in a request. This allowed...

Nextcloud 跨站脚本漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud versions prior to 5.5.4, prior to 6.0.6, and prior to 7.2.5, which stems from a malicious user bei...

Nextcloud Calendar 安全特征问题漏洞

Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...

PT-2025-49301

Name of the Vulnerable Software and Affected Versions Nextcloud talk versions prior to 20.1.8 Nextcloud talk versions prior to 21.1.2 Description A participant with chat permissions could delete poll drafts of other participants within a conversation by using their numeric ID. This issue affects...

PT-2025-49265

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

Nextcloud Tables 安全漏洞

Nextcloud Tables is an open source tables application from Nextcloud. A security vulnerability exists in Nextcloud Tables versions prior to 0.8.7 and prior to 0.9.4, which stems from an authenticated user being able to view metadata of other forms, potentially leading to information disclosure...

PT-2025-49297

Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.12.7 Nextcloud Deck versions prior to 1.14.4 Nextcloud Deck versions prior to 1.15.1 Description Nextcloud Deck is a kanban style organization tool for personal planning and project organization integrated wi...

Nextcloud Desktop Client 访问控制错误漏洞

Nextcloud Desktop Client is an open source file synchronization and sharing tool from Nextcloud GmbH. An access control error vulnerability exists in Nextcloud Desktop Client versions prior to 1.14.6 and prior to 1.15.2, which stems from an error in the permissions logic and could lead to misuse ...

PT-2025-49266

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

PT-2025-49267

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 31.0.12 Nextcloud Server Enterprise versions prior to 31.0.12 Nextcloud Server versions prior to 32.0.3 Nextcloud Server Enterprise versions prior to 32.0.3 Description Nextcloud Server and Server Enterprise...

Nextcloud Calendar 安全漏洞

Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.19, prior to 5.5.6, and prior to 6.0.1, which stems from the calendar application allowing blind booking of meetings, which could lead to...

PT-2025-49268

Name of the Vulnerable Software and Affected Versions Nextcloud Server and Enterprise Server versions prior to 31.0.1 Description Non-privileged users can modify tags on files they should not have access to through bulk tagging. This affects a self-hosted personal cloud system. Recommendations...

PT-2025-49294

Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions prior to 5.5.3 Description A stored HTML injection issue exists in the Mail app's message list, potentially allowing an authenticated user to inject HTML into email subjects. The Nextcloud Server’s content security poli...

Nextcloud Mail 跨站脚本漏洞

Nextcloud Mail is an email from Nextcloud Germany. A cross-site scripting vulnerability exists in versions of Nextcloud Mail prior to 5.5.3, which stems from the presence of stored HTML injection in mailing lists, which could lead to HTML injection attacks...