Lucene search
K
NextcloudMost viewed

384 matches found

Nextcloud
Nextcloud
•added 2023/05/25 9:25 a.m.•583 views

Contacts - PHOTO svg only sanitized if mime type is all lower case

None...

4.3CVSS4.8AI score0.00848EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/04/11 1:51 p.m.•461 views

Command Injection in Appointment Emails for Calendar

None...

9.8CVSS8.6AI score0.32348EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/08/04 6:29 a.m.•287 views

Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

None...

9.8CVSS8.7AI score0.00616EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 6:13 p.m.•212 views

Attacker can obtain write access to any federated share/public link

None...

9.1CVSS8.4AI score0.01849EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2023/02/22 8:33 a.m.•154 views

Potential directory traversal in OC\Files\Node\Folder::getFullPath

None...

7.5CVSS7.3AI score0.00505EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/07/12 9:22 a.m.•152 views

Default share permissions not respected for federated reshares

None...

5.3CVSS5.5AI score0.01213EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2024/06/14 2:37 p.m.•145 views

Can reshare read&share only folder with more permissions

None...

8.1CVSS7.8AI score0.00538EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/02/06 9:47 a.m.•134 views

Blind SSRF via server URL input in the Nextcloud Mail app

None...

5CVSS5AI score0.00919EPSS
Exploits1References4Affected Software1
Nextcloud
Nextcloud
•added 2021/07/12 9:16 a.m.•109 views

Application specific tokens can change their own scope

None...

8.8CVSS8AI score0.02309EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/03/30 8:17 a.m.•107 views

App pin of the iOS app can be bypassed

None...

6.8CVSS6.5AI score0.00278EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/11/21 5:19 a.m.•101 views

DNS pin middleware can be tricked into DNS rebinding allowing SSRF

None...

9.8CVSS8.5AI score0.00797EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2023/08/10 7:9 a.m.•99 views

Issuer not verified from obtained token in user_oidc

None...

4.8CVSS5AI score0.00446EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/03/10 1:8 p.m.•97 views

Folder names of "File Drop" share accessible

None...

6.5CVSS5.5AI score0.00776EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/04/26 7:51 a.m.•90 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Server

None...

9.8CVSS8.7AI score0.02369EPSS
Exploits0References4Affected Software1
Nextcloud
Nextcloud
•added 2023/05/25 9:26 a.m.•87 views

Blind SSRF in the Mail app on avatar endpoint

None...

5.3CVSS5.5AI score0.00529EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/01/09 5:49 a.m.•87 views

CSRF vulnerability in Nextcloud Desktop Client on Windows when clicking malicious link

None...

8.8CVSS8.1AI score0.00204EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2020/10/20 12:0 a.m.•87 views

XSS through image upload on contacts using svg file with png extension (NC-SA-2020-044)

A missing file type check in Nextcloud Contacts 3.4.0 allowed a malicious user to upload SVG files as PNG files to perform XSS attacks...

3.5CVSS1.9AI score0.00634EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2023/08/10 7:20 a.m.•86 views

Missing password confirmation when creating app passwords

None...

8.1CVSS7.6AI score0.00242EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/08/10 7:8 a.m.•84 views

Advanced permissions not respected when copying entire group folders

None...

6.5CVSS6.2AI score0.00809EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2023/04/04 7:55 a.m.•84 views

Desktop clients misbehaves with end-to-end encryption when the server returns an empty list of metadata keys

None...

6.7CVSS6.2AI score0.00679EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2023/01/09 5:41 a.m.•84 views

Suspicious login app ships old league/flysystem version

None...

9.8CVSS8.5AI score0.03486EPSS
Exploits2References3Affected Software1
Nextcloud
Nextcloud
•added 2022/09/15 8:30 a.m.•83 views

Authentication header is passed on by Nextcloud Server due to a vulnerable GuzzleHTTP version

None...

7.5CVSS7.3AI score0.00606EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/06/22 6:17 a.m.•81 views

Password reset endpoint is not brute force protected

None...

9.1CVSS8.4AI score0.00918EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/01/09 5:45 a.m.•81 views

Deck card reference caching can leak data to unauthorized users

None...

5.8CVSS4.9AI score0.00687EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/08/18 2:45 p.m.•81 views

Untrusted Search Path in Nextcloud Desktop Client

None...

7.3CVSS7.3AI score0.00474EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/03/31 9:24 a.m.•79 views

Secure view can be bypassed by using internal API endpoint

None...

6.5CVSS6.3AI score0.00745EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/02/08 2:35 p.m.•79 views

Document content of files can be obtained through Collabora for files of other users

None...

5.8CVSS5.7AI score0.00735EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2020/03/18 12:0 a.m.•79 views

XSS in Files PDF viewer (NC-SA-2020-019)

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...

3.5CVSS2.2AI score0.01138EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2021/06/15 8:52 p.m.•79 views

Session Fixation in Nextcloud Talk

None...

6.5CVSS6.4AI score0.00953EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2024/11/15 1:7 p.m.•75 views

User password is available in memory of the PHP process

None...

7.5CVSS5.1AI score0.00338EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2023/04/04 8:3 a.m.•75 views

CSRF protection on user_oidc login returned the expected token in case of an error

None...

5.4CVSS5.5AI score0.00333EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2022/04/27 7:27 a.m.•74 views

Force an admin to install recommended applications

None...

4.3CVSS4.8AI score0.00628EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/09/06 8:39 a.m.•74 views

File Drop can be bypassed using Richdocuments app

None...

7.5CVSS7.4AI score0.0209EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/06/22 6:15 a.m.•73 views

Open redirect on "Unsupported browser" warning

None...

6.1CVSS6AI score0.00593EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2023/06/22 6:13 a.m.•73 views

End-to-End encrypted file-drops can be made inaccessible

None...

6.5CVSS6.4AI score0.00493EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/03/08 4:9 p.m.•73 views

Talk app did allow access to sensitive chat messages on lockscreen

None...

2.4CVSS4.5AI score0.00304EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2024/06/14 2:36 p.m.•70 views

Events information leaked with shared calendars on recurrence exceptions

None...

3.5CVSS4.8AI score0.00381EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/12/18 8:27 a.m.•70 views

Bruteforce protection can be bypassed with misconfigured proxy

None...

9.8CVSS8.5AI score0.01041EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/08/10 7:11 a.m.•70 views

Notes attachment render HTML in preview mode

None...

6.1CVSS6.1AI score0.0048EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/09/16 4:51 a.m.•69 views

Server-Side Request Forgery (SSRF) via potential filter bypass with too lax local domain checking

None...

5.3CVSS5.5AI score0.00739EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2022/08/04 6:22 a.m.•68 views

Password disclosure in log file when providing incorrect additional data on initial setup of Mail App

None...

4.9CVSS5.1AI score0.00643EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2022/05/20 8:9 a.m.•68 views

Bypass of password requirements when sharing a folder via the Circles app

None...

4.3CVSS4.8AI score0.01015EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2021/09/06 8:41 a.m.•68 views

Preview generation used third-party library not suited for user-generated content

None...

10CVSS8.6AI score0.02604EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2025/05/16 8:5 a.m.•67 views

Second factor not requested after session timeout

None...

6.4CVSS5.2AI score0.00325EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/05/24 9:45 a.m.•67 views

User session not correctly destroyed on logout

None...

7.2CVSS6.4AI score0.00209EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2023/05/24 9:43 a.m.•67 views

user_oidc app is missing bruteforce protection

None...

9.8CVSS8.7AI score0.00854EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/04/17 8:13 a.m.•67 views

Chat poll data can still be queried from API after purging history of a chat converstion

None...

4.3CVSS4.9AI score0.00656EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/02/13 1:47 p.m.•67 views

Previews are accessible without a watermark

None...

5.3CVSS5.5AI score0.00455EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2022/04/27 7:23 a.m.•67 views

Control character filtering misses leading and trailing whitespace in file and folder names

None...

5CVSS4.8AI score0.01229EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/03/31 7:44 a.m.•66 views

Chat room membership disclosed via autocompletion when not a member yourself

None...

3.5CVSS4.8AI score0.00445EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities384