Nextcloud - Page 8 of Nextcloud Most Viewed Vulnerabilities List

NextcloudMost viewed

Recent Most viewed

384 matches found

Nextcloud•added 2026/05/12 8:20 a.m.•11 views

Missing permission check for reading form submissions

None...

6.5CVSS5.8AI score0.00291EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/03/06 10:54 a.m.•11 views

Remote code execution in Nextcloud Flow via vulnerable Windmill version

None...

7.5CVSS5.8AI score0.02584EPSS

Exploits0Affected Software1

Nextcloud•added 2025/12/05 8:6 a.m.•11 views

Mail stored HTML injection in subject text

None...

5.4CVSS5.2AI score0.00204EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 7:52 a.m.•11 views

Deck app allowed user with "Can share" permission to modify permissions of other non-owners

None...

5.4CVSS5.2AI score0.00233EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/05/15 9:41 a.m.•10 views

Two-Factor Authentication Bypass via Pending Session Token Replay

None...

5.9CVSS5.8AI score0.0029EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/05/12 9:13 a.m.•10 views

Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner

None...

3.5CVSS5.8AI score0.00203EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/05/12 9:7 a.m.•10 views

Logged-in user bypasses share password and download restrictions on Text attachments via documentId

None...

6.5CVSS5.8AI score0.00294EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/05/12 9:4 a.m.•10 views

Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update

None...

8.1CVSS5.8AI score0.00284EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/05/12 8:22 a.m.•10 views

Authorization bypass in approval feature allows unauthorized file sharing with approvers

None...

6.5CVSS5.8AI score0.00358EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/05/12 8:12 a.m.•10 views

ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames

None...

4.3CVSS5.8AI score0.00229EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 8:4 a.m.•10 views

Tables app share information not limited to relevant users

None...

5.3CVSS5.2AI score0.0024EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 8:0 a.m.•10 views

Users can modify tags on files that do not belong to them

None...

4.3CVSS5.2AI score0.00238EPSS

Exploits0References3Affected Software1

Nextcloud•added 2026/05/13 6:39 a.m.•9 views

SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution

None...

8.2CVSS5.8AI score0.00318EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/05/12 9:17 a.m.•9 views

Calendar app leaked user identifiers via attendee suggestion endpoint

None...

4.3CVSS5.8AI score0.00281EPSS

Exploits1References3Affected Software1

Nextcloud•added 2026/05/12 9:9 a.m.•9 views

PIN bypass in PassCodeActivity via back button

None...

4.6CVSS5.8AI score0.00153EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/05/12 9:5 a.m.•9 views

Files Lock app allows users to lock and unlock files of other users

None...

6.3CVSS5.8AI score0.00211EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/05/12 8:48 a.m.•9 views

Limited path traversal via template API if using `{lang}` in config

None...

6.5CVSS5.8AI score0.00392EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/05/12 8:15 a.m.•9 views

Unauthorized force-mute from missing permission check when using internal signaling

None...

3.5CVSS5.8AI score0.00203EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 7:54 a.m.•9 views

Stored XSS in contacts app via organisation and title field

None...

5.4CVSS5.2AI score0.00204EPSS

Exploits0References2Affected Software1

Nextcloud•added 2026/05/12 9:10 a.m.•8 views

Private circle can be added to another circle via API

None...

2.6CVSS5.8AI score0.002EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 8:8 a.m.•8 views

Calendar app used predictable proposal participant tokens

None...

6.5CVSS5.2AI score0.00246EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 8:3 a.m.•8 views

Contacts search allowed users to retrieve contact information of other users beyond their contact list

None...

4.9CVSS5.2AI score0.00297EPSS

Exploits0References1Affected Software1

Nextcloud•added 2025/12/05 8:3 a.m.•8 views

Users with read-only permissions for team folder can restore deleted files from trash bin

None...

4.3CVSS5.2AI score0.0023EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 7:56 a.m.•8 views

admin_audit does not log all actions on files in groupfolders

None...

4.3CVSS5.2AI score0.00265EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 7:55 a.m.•8 views

Missing ownership check in Tables app allows moving columns into tables of other users

None...

6.3CVSS5.2AI score0.00206EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 8:2 a.m.•7 views

Approval app allows users to request approval for other users file

None...

2.7CVSS5.2AI score0.00261EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 8:0 a.m.•7 views

Calendar app allowed booking appointments without the generated token

None...

3.3CVSS5.2AI score0.00118EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 7:59 a.m.•7 views

Deck app allows to spoof file extensions by using RTLO characters

None...

5.5CVSS5.2AI score0.00125EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 7:58 a.m.•7 views

Information disclosure via Desktop client when attempting to lock a file inside a end-to-end encrypted directory

None...

2.7CVSS5.2AI score0.00242EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 7:54 a.m.•7 views

Tables app allowed users to view columns metadata information of any table

None...

4.3CVSS5.2AI score0.00231EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 7:50 a.m.•7 views

WebAuthn app was updated based on public key

None...

4.3CVSS5.2AI score0.00226EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/10/16 6:40 a.m.•7 views

Tables app allowed to include local file via PhpSpreadsheet when importing a table

None...

6.5CVSS5.2AI score0.00485EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 7:52 a.m.•6 views

Participants were able to blindly delete poll drafts of other users by ID

None...

4.3CVSS5.2AI score0.00206EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 7:50 a.m.•5 views

Development files shipped in files_pdfviewer app

None...

6.4CVSS5.2AI score0.00246EPSS

Exploits1References2Affected Software1

Total number of security vulnerabilities384