Lucene search
K
NextcloudMost viewed

384 matches found

Nextcloud
Nextcloud
•added 2023/01/09 5:50 a.m.•57 views

Passcode bypass on Talk Android app

None...

2.1CVSS4.5AI score0.0056EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/07/12 9:23 a.m.•56 views

XSS in Nextcloud Text application

None...

6.1CVSS6AI score0.01106EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/03/30 8:23 a.m.•55 views

Ability to control the filename when uploading a logo or favicon as admin in the theming settings

None...

8.8CVSS8.1AI score0.00762EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/03/30 8:11 a.m.•55 views

Potential share collision for recipients when caching is enabled

None...

8.8CVSS8.1AI score0.00792EPSS
Exploits1References3Affected Software1
Nextcloud
Nextcloud
•added 2023/01/09 5:47 a.m.•54 views

Possibility to delete files attached to deck cards of other users

None...

4.3CVSS4.9AI score0.00524EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/11/25 11:28 a.m.•54 views

Stored XSS via Authorization Endpoint - Safari-Only

None...

5.4CVSS5.5AI score0.00583EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/09/16 4:52 a.m.•54 views

Last video frame is still sent after video is disabled in a call

None...

5.3CVSS5.5AI score0.00547EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/09/16 4:49 a.m.•54 views

Access to internal files of the Nextcloud Android app from within the Nextcloud Android app

None...

5.5CVSS5.5AI score0.003EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/01/26 7:21 p.m.•54 views

Permission bypass in DiskLruImageCacheFileProvider (GHSL-2021-1008)

None...

5.3CVSS5.6AI score0.00948EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/09/06 8:40 a.m.•54 views

Deck shared with a Circle can be accessed by non-Circle members

None...

6.5CVSS6.4AI score0.01277EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2019/07/26 12:0 a.m.•54 views

SQL injection in Android app content provider (NC-SA-2019-005)

The content provider of the app accepted arbitrary strings in the field list of the returned file list. This allowed an attacker to run harmful queries, destroying the local cache of the android app. The server data however was never in danger, so removing the account and setting it up again can...

7.5CVSS2.7AI score0.02019EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2022/05/20 8:8 a.m.•53 views

Possibility for anyone to add a stack with existing tasks on anyone's board in the Deck app

None...

5CVSS4.8AI score0.00917EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2022/04/27 7:21 a.m.•53 views

Notification implicit PendingIntent in com.nextcloud.client allows to access contacts

None...

3.8CVSS4.7AI score0.00373EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/04/27 7:20 a.m.•53 views

Can bypass the lock protection in Android Files app

None...

2.4CVSS4.5AI score0.00467EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2022/03/08 4:11 p.m.•53 views

Geolocation preview links can be set to arbitrary links

None...

6.1CVSS6.1AI score0.01026EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 6:11 p.m.•53 views

Default settings leak federated cloud ID to lookup server of all users

None...

4CVSS4.4AI score0.01205EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2022/07/04 11:8 a.m.•52 views

SMTP Command Injection in iCalendar Attachments to emails via newlines

None...

5.4CVSS4.7AI score0.02421EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/09/06 8:36 a.m.•52 views

XSS in Nextcloud Circles

None...

5.8CVSS5.6AI score0.00835EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/07/12 9:16 a.m.•52 views

Audit log is not properly logging unsetting of share expiration date

None...

3.3CVSS4.5AI score0.00355EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2024/11/15 1:9 p.m.•51 views

OAuth2 client secrets were stored in a recoverable way

None...

8.2CVSS5.2AI score0.00491EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2022/11/25 11:23 a.m.•51 views

Talk Android broadcast receiver is not protected by broadcastPermission allowing malicious apps to communicate

None...

5.5CVSS5.6AI score0.00267EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/09/01 4:50 a.m.•51 views

Generated passwords are not fully validated by HIBPValidator

None...

2.7CVSS4.5AI score0.00384EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/04/27 7:29 a.m.•51 views

When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL

None...

6.1CVSS6.1AI score0.00897EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/10/25 11:0 a.m.•51 views

File path disclosure of shared files in Richdocuments application

None...

5.3CVSS5.6AI score0.01021EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2020/04/20 12:0 a.m.•51 views

Code injection possible with malformed Nextcloud Talk chat commands (NC-SA-2020-021)

A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator...

6.5CVSS2.6AI score0.01668EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2024/06/14 2:26 p.m.•50 views

Ability to by-pass second factor

None...

7.5CVSS7.2AI score0.00402EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2024/01/18 8:39 a.m.•50 views

OAuth2 authorization codes are valid indefinetly

None...

3.7CVSS4.7AI score0.00452EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/07/06 5:18 p.m.•50 views

Ownership check missing when updating or deleting mail attachments

None...

5.4CVSS4.8AI score0.00723EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/07/12 9:15 a.m.•50 views

Filenames not escaped by default in controllers using DownloadResponse

None...

8.8CVSS8AI score0.0137EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/08/10 7:19 a.m.•49 views

Existance of calendars and addressbooks can be checked by unauthenticated users

None...

5.3CVSS5.4AI score0.00488EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/03/08 4:13 p.m.•49 views

Groupfolders advanced permissions is not obeyed for subfolders

None...

4.3CVSS4.8AI score0.00837EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/10/25 11:50 a.m.•49 views

Two-Factor Authentication not enforced for pages marked as public

None...

6.5CVSS6.3AI score0.01157EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 6:14 p.m.•49 views

Trusted servers exchange can be triggered by attacker

None...

8.6CVSS8AI score0.01841EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2023/10/13 8:9 a.m.•48 views

Improper restriction of excessive authentication attempts on WebDAV endpoint

None...

7.5CVSS7.2AI score0.00575EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/03/31 7:44 a.m.•48 views

User without download rights can download older version of that file

None...

6.5CVSS6.3AI score0.0062EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/09/06 8:37 a.m.•48 views

Exceptions may have logged Encryption-at-Rest key content

None...

5.5CVSS5.5AI score0.00239EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/07/27 8:56 a.m.•48 views

WOPI API not protected by credentials/IP check

None...

4.3CVSS4.9AI score0.00986EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/11/21 5:27 a.m.•47 views

HTML injection in search UI when selecting a circle with HTML in the display name

None...

5.4CVSS5.4AI score0.0064EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2022/11/11 2:56 p.m.•47 views

Desktop client can be tricked into opening/executing local files when clicking a nc://open/ link

None...

7.8CVSS7.4AI score0.00466EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2022/10/27 6:53 a.m.•47 views

Profile of disabled user stays accessible

None...

5.3CVSS5.5AI score0.006EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/09/06 8:38 a.m.•47 views

Bypass of Two Factor Authentication

None...

8.1CVSS7.8AI score0.01798EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2019/07/26 12:0 a.m.•47 views

SQL Injection in lookup-server (NC-SA-2019-010)

Improper sanitation of user input allowed any unauthenticated user to perform SQL injection attacks...

7.5CVSS3.7AI score0.01788EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2023/03/27 10:32 a.m.•46 views

Missing brute force protection on password reset token

None...

7.1CVSS6.9AI score0.00602EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/02/24 7:22 a.m.•47 views

No password length restriction in reset password endpoint

None...

6.5CVSS6.3AI score0.01373EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/10/25 10:59 a.m.•46 views

XSS in Talk

None...

6.4CVSS6.2AI score0.01063EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2020/11/18 12:0 a.m.•46 views

Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)

A missing link validation in Nextcloud Server 20.0.1 allowed to execute a stored XSS attack on Internet Explorer users by saving a javascript url in a Markdown...

3.5CVSS3.3AI score0.00901EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2023/03/30 8:21 a.m.•45 views

Insecure randomness for default password in file sharing when password policy app is disabled

None...

7.5CVSS7.3AI score0.0054EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/07/12 9:20 a.m.•45 views

Bypass of image blocking in Nextcloud Mail

None...

4.3CVSS4.8AI score0.01146EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/07/12 9:19 a.m.•45 views

Lack of ratelimit on public DAV endpoint

None...

7.5CVSS7.2AI score0.01702EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 6:6 p.m.•45 views

Missing permission check on email metadata retrieval

None...

8.8CVSS4.8AI score0.01107EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities384