Lucene search
K
NextcloudMost viewed

384 matches found

Nextcloud
Nextcloud
•added 2023/02/06 10:13 a.m.•66 views

Mail app temporarily stores cleartext password in database until OAuth2 setup is done

None...

6.5CVSS6.3AI score0.00475EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/10/27 12:46 p.m.•66 views

Exception logging in Sharepoint app reveals clear-text connection details

None...

6.5CVSS6.3AI score0.00464EPSS
Exploits1References3Affected Software1
Nextcloud
Nextcloud
•added 2021/10/25 11:49 a.m.•66 views

File Traversal affecting SVG files on Nextcloud Server

None...

8.8CVSS6.3AI score0.01727EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/10/25 11:2 a.m.•66 views

Missing User Presence Check in Nextcloud WebAuthn login

None...

9.8CVSS8.7AI score0.01743EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2024/11/15 1:8 p.m.•65 views

Potential hash collision for background jobs could skip queuing them

None...

5.3CVSS5.1AI score0.00386EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2024/01/18 8:42 a.m.•65 views

Open redirect in user_saml via RelayState parameter

None...

6.1CVSS6.1AI score0.00454EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/06/02 8:59 a.m.•65 views

Federated editing allows iframing remote servers by default

None...

6.5CVSS6.4AI score0.00572EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/03/08 4:12 p.m.•65 views

User enumeration setting not obeyed in User Status API

None...

5.3CVSS5.5AI score0.01115EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2024/06/14 2:31 p.m.•64 views

Notes app can be tricked into using a received share created before the user logged in

None...

4.6CVSS4.9AI score0.00312EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/11/21 5:24 a.m.•64 views

user_ldap app logs user passwords in the log file on level debug

None...

4.4CVSS4.7AI score0.00246EPSS
Exploits1References3Affected Software1
Nextcloud
Nextcloud
•added 2023/05/25 9:26 a.m.•64 views

Error in calendar when booking an appointment reveals the full path of the website

None...

4.3CVSS4.8AI score0.00438EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/02/24 7:17 a.m.•64 views

Download permissions can be changed by resharer

None...

7.5CVSS7.3AI score0.00946EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2022/08/08 6:56 a.m.•64 views

Missing rate limit when trying to join a password protected Nextcloud Talk conversation

None...

5.3CVSS5.5AI score0.0105EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 6:0 p.m.•64 views

Nextcloud deck sharee search leaks searches to lookupserver by default

None...

6.5CVSS6.4AI score0.01368EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2024/06/14 2:25 p.m.•63 views

ID4me feature of OpenID connect app available even when disabled

None...

6.3CVSS6.4AI score0.00637EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2023/08/10 7:16 a.m.•63 views

Path traversal allows tricking the Talk Android app into writing files into it's root directory

None...

7.8CVSS7AI score0.00328EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/03/30 8:15 a.m.•63 views

App pin of the Android app can be bypassed via thirdparty apps generating deep links

None...

4.4CVSS4.6AI score0.00229EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2024/11/15 1:16 p.m.•62 views

Incomplete sanitization of SVG files allows to embed other images into previews

None...

6.5CVSS5.2AI score0.00652EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2024/01/18 8:37 a.m.•62 views

Self XSS when sending HTML as a comment in the Deck app

None...

5.4CVSS5.5AI score0.00505EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2023/11/21 5:27 a.m.•62 views

Users can make external storage mount points inaccessible for other users

None...

8.5CVSS7.3AI score0.0095EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2023/06/22 1:22 p.m.•62 views

System addressbooks can be modified by malicious trusted server

None...

8.1CVSS7.8AI score0.00805EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/06/22 6:14 a.m.•62 views

Brute force protection allows to send more requests than intended

None...

8.7CVSS7.6AI score0.00872EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/05/24 9:48 a.m.•62 views

Basic auth header on WebDAV requests is not brute-force protected

None...

8.1CVSS6.9AI score0.00697EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/02/13 1:47 p.m.•62 views

IDOR Vulnerability in Nextcloud Mail

None...

5.3CVSS5.6AI score0.0046EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/05/20 8:8 a.m.•62 views

Sensitive files/ data exists post deletion of user account

None...

3.3CVSS4.5AI score0.00363EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2022/05/20 8:4 a.m.•62 views

Error in deleting deck cards attachment reveals the full application path

None...

4.3CVSS4.8AI score0.01013EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/09/06 8:41 a.m.•62 views

Secret Circle can be joined without approval

None...

6.5CVSS6.4AI score0.01202EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2019/11/12 12:0 a.m.•62 views

Login and token disclosure to other Nextcloud services (NC-SA-2019-017)

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...

4CVSS2.5AI score0.01081EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2022/09/15 8:34 a.m.•61 views

Listing folder content blocked by files access control when received as share

None...

4.3CVSS4.9AI score0.0042EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2022/03/09 6:52 a.m.•61 views

High memory usage for generating preview of broken image

None...

6.5CVSS6.3AI score0.01581EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2024/11/15 1:10 p.m.•60 views

Mail auto configurator sends account information to `autoconfig.tld` server when no auto-configuration is possible

None...

8.2CVSS5.2AI score0.00698EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/04/04 7:53 a.m.•60 views

Desktop client does not verify received singed certificate in end-to-end encryption

None...

6.5CVSS6.3AI score0.00388EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/11/25 11:27 a.m.•60 views

Cleartext Transmission of Sensitive Information in user_oidc

None...

4.3CVSS4.8AI score0.0042EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/10/25 11:48 a.m.•60 views

Rate-limits not working on instances without configured memory cache backend

None...

8.1CVSS7.8AI score0.015EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/08/10 7:16 a.m.•59 views

Missing brute force protection on OAuth2 API controller

None...

5.8CVSS5.5AI score0.00577EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/10/27 6:51 a.m.•59 views

Database resource exhaustion for logged-in users via sharee recommendations with circles

None...

4.8CVSS4.8AI score0.00819EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/05/10 12:41 p.m.•59 views

Moderator can enable cam/mic remotely if cam/mic-permission was disabled while user has activated cam/mic

None...

4.3CVSS4.8AI score0.00902EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/09/06 8:37 a.m.•59 views

Lack of ratelimit on Richdocuments OCS endpoint

None...

5.3CVSS5.6AI score0.0138EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/07/12 9:22 a.m.•59 views

Webauthn tokens not removed after user has been deleted

None...

9.8CVSS8.6AI score0.01779EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/03/30 8:18 a.m.•58 views

Scope of workflow operations is not validated

None...

9CVSS8.6AI score0.04176EPSS
Exploits2References1Affected Software1
Nextcloud
Nextcloud
•added 2024/06/14 2:29 p.m.•57 views

Read-only users can restore old versions

None...

4.3CVSS4.8AI score0.00431EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/02/13 1:48 p.m.•57 views

SSRF via filter bypass due to lax checking on IPs

None...

5.3CVSS5.5AI score0.00816EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/09/06 8:36 a.m.•57 views

Nextcloud Text app can disclose existence of folders in "File Drop" link share

None...

5.3CVSS5.5AI score0.01343EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/07/12 9:17 a.m.•57 views

Nextcloud Talk not properly disassociating users from chats after account deletion

None...

8.1CVSS6.4AI score0.01EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2024/11/15 1:8 p.m.•56 views

Custom defined credentials of external storages are sent back to the frontend

None...

6.5CVSS5.1AI score0.0063EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2024/01/18 8:32 a.m.•56 views

Global site selector authentication bypass

None...

9.8CVSS8.7AI score0.00755EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/11/21 5:21 a.m.•56 views

Can enable/disable birthday calendar for any user

None...

4.3CVSS4.7AI score0.00604EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2023/08/10 7:18 a.m.•56 views

Text does not respect "Allow download" permissions

None...

4.3CVSS4.7AI score0.0047EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/03/21 1:37 p.m.•56 views

Missing brute force protection on password confirmation modal

None...

7.8CVSS7.4AI score0.00235EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/02/06 9:46 a.m.•56 views

Self reflected HTML injection in Desktop client

None...

6.1CVSS6AI score0.00682EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities384