CSRF protection on user_oidc login returned the expected token in case of an error

None...

Desktop client does not verify received singed certificate in end-to-end encryption

None...

Full path of data directory exposed to users

None...

Secure view can be bypassed by using internal API endpoint

None...

User without download rights can download older version of that file

None...

Chat room membership disclosed via autocompletion when not a member yourself

None...

Insecure randomness for default password in file sharing when password policy app is disabled

None...

App pin of the iOS app can be bypassed

None...

Reference fetch can saturate the server bandwidth for 10 seconds

None...

No password length restriction in reset password endpoint

None...

Download permissions can be changed by resharer

None...

Potential directory traversal in OC\Files\Node\Folder::getFullPath

None...

SSRF via filter bypass due to lax checking on IPs

None...

Missing rate limiting on password reset functionality allows sending lots of emails

None...

Passcode bypass on Talk Android app

None...

CSRF vulnerability in Nextcloud Desktop Client on Windows when clicking malicious link

None...

nextcloudcmd incorrectly trusts bad TLS certificates

None...

XSS in Desktop Client in call notification popup

None...

Exception logging in Sharepoint app reveals clear-text connection details

None...

Profile of disabled user stays accessible

None...