Lucene search
K
NextcloudNextcloud Server

189 matches found

CVE
CVE
added 2019/07/30 8:36 p.m.61 views

CVE-2019-5449

CVE-2019-5449 affects Nextcloud Server prior to 15.0.1. A missing check allows leaking calendar event names when adding or modifying confidential or private events. Multiple connected sources confirm an information disclosure vulnerability in Nextcloud Server before 15.0.1. Impact is information ...

4.3CVSS4.6AI score0.00854EPSS
CVE
CVE
added 2017/04/05 8:0 p.m.60 views

CVE-2017-0884

CVE-2017-0884 affects Nextcloud Server prior to versions 9.0.55 and 10.0.2 . A logical error in the file caching layer allows an authenticated attacker who has at least read-only permissions to create empty folders inside a shared folder, i.e., a creation of folders in read-only folders despite l...

4.3CVSS5.1AI score0.00666EPSS
CVE
CVE
added 2018/10/30 9:0 p.m.59 views

CVE-2018-16463

CVE-2018-16463 describes a session-fixation bug in Nextcloud Server, affecting versions prior to 14.0.0, 13.0.3, and 12.0.8, which could allow an attacker to access password-protected shares. Core details provided indicate a vulnerability in Nextcloud Server’s session handling, with the public Ne...

3.6CVSS3.9AI score0.00545EPSS
CVE
CVE
added 2020/10/30 6:11 p.m.59 views

CVE-2020-8236

Nextcloud Server 19.0.1 contains an improper authentication issue where a misconfiguration causes a passwordless WebAuthn PIN to be treated as two-factor authentication, but the PIN is not actually verified. This vulnerability could lead to users believing they have 2FA protection when the system...

6.8CVSS6.6AI score0.00582EPSS
CVE
CVE
added 2023/02/24 11:17 p.m.59 views

CVE-2023-25816

CVE-2023-25816 – Nextcloud resource consumption : The issue affects Nextcloud Server 25.0.0 through versions before 25.0.3, where an extremely long password can cause uncontrolled resource usage during validation. This vulnerability is addressed by upgrading to 25.0.3, as stated in the advisory a...

6.5CVSS5.2AI score0.01373EPSS
CVE
CVE
added 2018/08/12 10:0 p.m.58 views

CVE-2018-3776

CVE-2018-3776 affects Nextcloud Server; an improper input validator in affected versions prior to 12.0.3 and 11.0.5 could allow an attacker’s actions to bypass audit-logging. The vulnerability is documented across multiple sources (including Red Hat and OpenVAS feeds) and is described as a loggin...

5.3CVSS5.1AI score0.01263EPSS
CVE
CVE
added 2018/08/13 7:0 p.m.58 views

CVE-2018-3780

CVE-2018-3780 detail (normal mode): Nextcloud’s autocomplete search results may expose a stored XSS due to missing sanitization in the autocomplete field. The flaw affects Nextcloud Server releases around 13.x (notably 13.0.5 and related updates) and can be triggered by crafted search results con...

5.4CVSS4.9AI score0.00769EPSS
CVE
CVE
added 2020/11/09 2:19 p.m.58 views

CVE-2020-8150

CVE-2020-8150 relates to Nextcloud Server 19.0.1 and describes a cryptographic downgrade where an attacker can degrade the encryption scheme and break the integrity of encrypted files. Public docs indicate this vulnerability affects Nextcloud Server 19.0.1 and is discussed in the NC-SA-2020-039 a...

4.1CVSS4.4AI score0.00286EPSS
CVE
CVE
added 2020/10/30 6:12 p.m.58 views

CVE-2020-8173

CVE-2020-8173 affects Nextcloud Server 18.0.4, where a too-small set of random characters used for encryption enables decryption in less time than intended. The vulnerability’s root cause is insufficient randomness in the encryption key/IV generation. Remediation per connected advisories is to up...

3.5CVSS4.5AI score0.00365EPSS
CVE
CVE
added 2016/09/17 9:0 p.m.57 views

CVE-2016-7419

Affected software and scope: CVE-2016-7419 is an XSS vulnerability in the share.js file of the gallery application used by ownCloud Server < 9.0.4 and Nextcloud Server

5.4CVSS5.1AI score0.01373EPSS
CVE
CVE
added 2017/03/28 2:46 a.m.57 views

CVE-2016-9466

CVE-2016-9466 is a reflected XSS in the Gallery application affecting Nextcloud Server before 10.0.1 and ownCloud Server before 9.0.6, with further versions 9.1.2 affected. The issue arises from the Gallery app not properly sanitizing exception messages generated by the Nextcloud/ownCloud server;...

6.1CVSS5.8AI score0.01656EPSS
CVE
CVE
added 2017/04/05 8:0 p.m.57 views

CVE-2017-0886

CVE-2017-0886 affects Nextcloud Server. The vulnerability stems from an error in the application logic that allows an authenticated adversary to trigger an endless recursion, resulting in a Denial of Service. Impact is described as Denial of Service with potential for persistent unavailability. A...

6.5CVSS6.2AI score0.0123EPSS
CVE
CVE
added 2017/05/08 8:0 p.m.57 views

CVE-2017-0890

Nextcloud Server vulnerability CVE-2017-0890 is a DOM-based XSS in the search dialogue caused by inadequate escaping. Affects Nextcloud Server versions prior to 11.0.3. Exploitation requires a user to input or paste malicious content into the search dialogue. The issue is confirmed through multip...

5.4CVSS5.2AI score0.00739EPSS
CVE
CVE
added 2018/10/30 9:0 p.m.57 views

CVE-2018-16466

CVE-2018-16466 affects Nextcloud Server prior to 14.0.0, 13.0.6, and 12.0.11. The root cause is improper revalidation of permissions, which can cause access restrictions to be bypassed via access tokens. The issue is documented in NC-SA-2018-010 (vendor fix). Affected versions include Nextcloud S...

8.1CVSS7.9AI score0.00957EPSS
CVE
CVE
added 2021/03/03 5:40 p.m.57 views

CVE-2020-8296

Summary of CVE-2020-8296 (Nextcloud Server) : Multiple sources describe Nextcloud Server versions prior to 20.0.0 as storing passwords in a recoverable format even when external storage is not configured. The issue is associated with Nextcloud Server

6.7CVSS6.5AI score0.00512EPSS
CVE
CVE
added 2017/05/08 8:0 p.m.56 views

CVE-2017-0891

Nextcloud Server (before 9.0.58, 10.0.5, and 11.0.3) is vulnerable to an inadequate escaping of error messages that leads to Reflected Cross-Site Scripting in multiple components. The provided documents designate this as CVE-2017-0891 and describe XSS in error handling; exploitation details are n...

5.4CVSS5.4AI score0.00643EPSS
CVE
CVE
added 2019/07/30 8:33 p.m.56 views

CVE-2019-5451

CVE-2019-5451 concerns the Nextcloud Android app prior to version 3.6.1, where bypassing the lock protection allowed access to files by repeatedly opening/closing the app in quick succession. The vulnerability affects the Android client’s ability to enforce device/user authentication for local fi...

4.6CVSS4.6AI score0.00385EPSS
CVE
CVE
added 2020/10/05 1:16 p.m.56 views

CVE-2020-8223

CVE-2020-8223 affects Nextcloud Server 19.0.0 and is described as a logic error enabling privilege escalation by reshare with higher permissions than the attacker’s own. Fedora advisories show a fix in Nextcloud 19.0.3 (NC-SA-2020-029), and OpenVAS/NVD entries corroborate the CVE, but exploitatio...

6.5CVSS6.6AI score0.01468EPSS
CVE
CVE
added 2025/05/16 2:9 p.m.56 views

CVE-2025-47791

The vulnerability CVE-2025-47791 affects Nextcloud Server (self-hosted) and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3. The issue is an improperly protected, currently unused endpoint used to verify a share recipient, which could proxy requests to another server. Affected v...

5.3CVSS4.5AI score0.00314EPSS
CVE
CVE
added 2025/05/16 2:31 p.m.56 views

CVE-2025-47793

The CVE-2025-47793 issue affects Nextcloud Server and the Groupfolders app where, due to missing quota enforcement on attachments, logged-in users could upload files that exceed the group folder quota. Affected versions and fixes are: Nextcloud Server: before 30.0.2, 29.0.9, 28.0.1 Nextcloud Ente...

6.5CVSS4.6AI score0.00662EPSS
CVE
CVE
added 2017/03/28 2:46 a.m.54 views

CVE-2016-9461

CVE-2016-9461 affects Nextcloud Server before 9.0.52 and ownCloud Server before 9.0.4. The vulnerability stems from improper verification of edit permissions on WebDAV COPY actions, where the WebDAV endpoint did not correctly check permissions during COPY. As a result, an authenticated attacker w...

4.3CVSS4.6AI score0.02EPSS
CVE
CVE
added 2017/03/28 2:46 a.m.54 views

CVE-2016-9462

Summary: CVE-2016-9462 affects Nextcloud Server before 9.0.52 and ownCloud Server before 9.0.4. The root cause is inadequate verification of restore privileges during file restoration, allowing a user with read-only access to revert to older versions. Affected components: Nextcloud Server (pre-9....

4.3CVSS4.8AI score0.01874EPSS
CVE
CVE
added 2017/03/28 2:46 a.m.54 views

CVE-2016-9465

CVE-2016-9465 affects Nextcloud Server < 10.0.1 and ownCloud Server

5.4CVSS5.2AI score0.01118EPSS
CVE
CVE
added 2020/11/09 2:25 p.m.53 views

CVE-2020-8133

Nextcloud Server 19.0.1 vulnerability (CVE-2020-8133) arises from incorrect passphrase generation for the encrypted block, enabling an attacker to silently overwrite blocks within a file. Public sources (Nextcloud advisory NC-SA-2020-038) describe MAC-based encryption weaknesses that can be explo...

5.3CVSS5.1AI score0.00716EPSS
CVE
CVE
added 2017/03/28 2:46 a.m.52 views

CVE-2016-9468

CVE-2016-9468 affects Nextcloud Server before 9.0.54 and 10.0.1 and ownCloud Server before 9.0.6 and 9.1.2. The vulnerability is a content spoofing issue in the dav app caused by an exception message that included partially user‑controllable input, potentially leading to misrepresentation of info...

5.3CVSS5.4AI score0.02077EPSS
CVE
CVE
added 2018/10/30 9:0 p.m.52 views

CVE-2018-16464

CVE-2018-16464 affects Nextcloud Server prior to 14.0.0. A missing access check could allow continued access to password-protected link shares after the owner changes the password, enabling unauthorized access to shared resources. Remediation: upgrade to Nextcloud Server 14.0.0 or apply vendor ad...

5.7CVSS5.5AI score0.00891EPSS
CVE
CVE
added 2018/10/30 9:0 p.m.51 views

CVE-2018-16465

Nextcloud Server is affected when used with versions prior to 14.0.0. The issue is a missing state that would have enforced a second factor at login if the 2FA provider failed to load, effectively allowing a 2FA bypass under certain conditions. This vulnerability is described in advisories NC-SA-...

5.3CVSS5.1AI score0.00811EPSS
CVE
CVE
added 2025/05/16 2:35 p.m.49 views

CVE-2025-47794

CVE-2025-47794 affects Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1, and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1. An attacker on a multi-user system may read temporary files from Nextcloud running under a different user account ...

4.3CVSS3.6AI score0.00409EPSS
CVE
CVE
added 2026/06/01 4:52 p.m.44 views

CVE-2026-45281

CVE-2026-45281 affects Nextcloud Server versions 32.0.0–32.0.8 and 33.0.0–33.0.2. The issue stems from improper authorization in the calendar backend, requiring an authenticated attacker who knows another user’s principal URL. An authenticated user could potentially send a request to gain full ac...

8.1CVSS5.7AI score0.00284EPSS
CVE
CVE
added 2026/06/01 4:52 p.m.43 views

CVE-2026-45279

Nextcloud Server versions 31.0.0–31.0.13 and 32.0.0–32.0.3 are affected when {lang} is used in the template directory config value. Non-admin users can in some cases copy arbitrary files into their own Nextcloud directory via a path traversal, depending on Unix permissions. Impact is described as...

6.5CVSS5.9AI score0.00392EPSS
CVE
CVE
added 2026/06/01 4:57 p.m.43 views

CVE-2026-45285

Concretely affected software: Nextcloud server branches 32.x (32.0.0–32.0.8) and 33.x (33.0.0–33.0.2). The vulnerability arises when sharing with a Team that includes an external member; a public link is auto-created for that external member and is not shown in the share UI. The link grants the s...

6.4CVSS5.7AI score0.00293EPSS
CVE
CVE
added 2025/12/05 4:32 p.m.41 views

CVE-2025-66547

Nextcloud Server (and Enterprise Server) prior to 31.0.1 contains a vulnerability where non-privileged users can modify tags on files they should not access via bulk tagging. Affected product: Nextcloud Server/Enterprise Server; vulnerable component: file tagging mechanism. Root cause details are...

4.3CVSS6.3AI score0.00242EPSS
CVE
CVE
added 2026/06/01 4:53 p.m.36 views

CVE-2026-45282

This CVE affects Nextcloud Server versions 32.0.0–32.0.8 and 33.0.0–33.0.2, where an authenticated attacker can access attachments of link shares using a valid share token and a known documentId, bypassing password protection or download restrictions. The vulnerability enables access to attachmen...

6.5CVSS5.7AI score0.00294EPSS
CVE
CVE
added 2026/06/01 5:8 p.m.34 views

CVE-2026-45690

Nextcloud Server versions 32.0.0–32.0.9 and 33.0.0–33.0.3 expose an authentication bypass where, after valid credentials are entered on a 2FA-enabled account, a temporary session token is created before the second factor is enforced. The token can be extracted and replayed via HTTP Basic Authenti...

5.9CVSS5.7AI score0.0029EPSS
CVE
CVE
added 2025/12/04 12:0 a.m.28 views

CVE-2025-59788

Technical details about CVE-2025-59788 are not publicly available in the connected documents provided. The materials summarize Nextcloud XSS in a reachable files_pdfviewer directory and list affected versions, but no further technical specifics, root cause, impact, or remediation are included her...

6.4CVSS6.2AI score0.00255EPSS
CVE
CVE
added 2026/06/01 4:53 p.m.23 views

CVE-2026-45283

In Nextcloud Server, the files_lock app is vulnerable in versions 32.0.0 to before 32.0.2 and 33.0.0 to before 33.0.1. The root cause is improper validation of file ownership when processing DAV lock and unlock requests, allowing an authenticated user to lock or unlock files belonging to other us...

6.3CVSS5.7AI score0.00211EPSS
CVE
CVE
added 2025/12/12 12:0 a.m.18 views

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. An authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter, enabling unauthorized disclosure of sensitive data (text, ...

4.3CVSS6.3AI score0.00237EPSS
Web
CVE
CVE
added 2025/12/05 4:18 p.m.17 views

CVE-2025-66510

CVE-2025-66510 affects Nextcloud Server and Nextcloud Enterprise Server where the contact search feature can disclose personal data (emails, names, identifiers) of other users to authenticated users due to improper access control. Affected versions include Nextcloud Server prior to 31.0.10 and 32...

4.9CVSS6AI score0.00302EPSS
CVE
CVE
added 2025/12/05 4:36 p.m.11 views

CVE-2025-66552

CVE-2025-66552 affects Nextcloud Server and Enterprise Server. The issue is due to incorrect path handling with groupfolders, causing the admin_audit app to fail to log all actions on files and folders inside groupfolders. The vulnerability is fixed in Nextcloud Server and Enterprise Server versi...

4.3CVSS6.2AI score0.00269EPSS
Total number of security vulnerabilities189