Propfind requests for file comments allowed to load comments for other files

None...

Two-Factor Authentication Bypass via Pending Session Token Replay

None...

Tables app allows limited SQLi in ORDER BY with malicious sort order argument for Table Views

None...

Bypass of second factor authentication on DAV endpoints by reusing a pre-2FA session ID

None...

Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share

None...

Information Disclosure of view filter metadata via Broken Sensitive Data Masking in ViewService

None...

SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution

None...

Calendar app leaked user identifiers via attendee suggestion endpoint

None...

Hidden Public Link creation when sharing to a Team External Member

None...

Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner

None...

Valid share tokens allow to access tempory upload files of share owner

None...

Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC

None...

Private circle can be added to another circle via API

None...

View-only guests could see deleted Collectives pages in the trashbin

None...

PIN bypass in PassCodeActivity via back button

None...

Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate

None...

Logged-in user bypasses share password and download restrictions on Text attachments via documentId

None...

Files Lock app allows users to lock and unlock files of other users

None...

Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update

None...

Open Redirect in user_oidc login flow via protocol-relative URL bypass

None...

Limited path traversal via template API if using `{lang}` in config

None...

fileId parameter reveals workflow associations in Nextcloud Approval app

None...

Authorization bypass in approval feature allows unauthorized file sharing with approvers

None...

Missing permission check for reading form submissions

None...

Unauthorized force-mute from missing permission check when using internal signaling

None...

ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames

None...

Remote code execution in Nextcloud Flow via vulnerable Windmill version

None...

Calendar app used predictable proposal participant tokens

None...

XSS in SVG images when opened outside of Nextcloud

None...

Mail stored HTML injection in subject text

None...

Tables app share information not limited to relevant users

None...

Contacts search allowed users to retrieve contact information of other users beyond their contact list

None...

Users with read-only permissions for team folder can restore deleted files from trash bin

None...

Approval app allows users to request approval for other users file

None...

Calendar app allowed booking appointments without the generated token

None...

Users can modify tags on files that do not belong to them

None...

Deck app allows to spoof file extensions by using RTLO characters

None...

Information disclosure via Desktop client when attempting to lock a file inside a end-to-end encrypted directory

None...

Calendar attachments of local files are offered to downloaded

None...

admin_audit does not log all actions on files in groupfolders

None...

Missing ownership check in Tables app allows moving columns into tables of other users

None...

Tables app allowed users to view columns metadata information of any table

None...

Stored XSS in contacts app via organisation and title field

None...

Participants were able to blindly delete poll drafts of other users by ID

None...

Deck app allowed user with "Can share" permission to modify permissions of other non-owners

None...

WebAuthn app was updated based on public key

None...

Development files shipped in files_pdfviewer app

None...

Tables app allowed to include local file via PhpSpreadsheet when importing a table

None...

Insecure temporary file creation, race with write access and permission

None...

Bypass group folder quota limit using attachment in text file

None...