Lucene search
+L
NextcloudNextcloud Server31.0.0

14 matches found

CVE
CVE
added 2026/06/01 5:9 p.m.98 views

CVE-2026-45691

Summary: CVE-2026-45691 affects Nextcloud Server prior to 32.0.9 and 33.0.3, where a pre-2FA session cookie created after password auth but before TOTP could be reused as a Bearer token to access DAV endpoints, bypassing mandatory two-factor authentication and granting read/write access. Impact: ...

5.9CVSS5.7AI score0.0029EPSS
CVE
CVE
added 2025/05/16 2:2 p.m.92 views

CVE-2025-47790

Nextcloud Server and Enterprise Server are affected by a session-handling bug that can skip the second-factor authentication after a successful login when remember_login_cookie_lifetime is set to 0 and the session times out. Affected versions: Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3...

6.4CVSS6.5AI score0.00325EPSS
CVE
CVE
added 2025/12/05 4:22 p.m.73 views

CVE-2025-66512

Nextcloud Server and Server Enterprise before 31.0.12 and 32.0.3 have a missing sanitization that can be exploited to bypass content security policy when a user is tricked into viewing a crafted SVG outside the Nextcloud UI, enabling cross-site scripting. Fedora advisories FEDORA-2025-86c0829159 ...

6.1CVSS6.2AI score0.00237EPSS
CVE
CVE
added 2026/06/01 5:13 p.m.69 views

CVE-2026-45810

Summary: CVE-2026-45810 affects Nextcloud Server, where a missing relation check allows authenticated users with access to any file comment to read the content of all comments. Affected versions are 31.0.0–31.0.11 and 32.0.0–32.0.2; fixed in 31.0.12 and 32.0.3. Enterprise Server upgrades are prov...

6.8CVSS5.7AI score0.00252EPSS
CVE
CVE
added 2025/05/16 2:35 p.m.52 views

CVE-2025-47794

CVE-2025-47794 affects Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1, and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1. An attacker on a multi-user system may read temporary files from Nextcloud running under a different user account ...

4.3CVSS3.6AI score0.00409EPSS
CVE
CVE
added 2026/06/01 4:52 p.m.47 views

CVE-2026-45279

Nextcloud Server versions 31.0.0–31.0.13 and 32.0.0–32.0.3 are affected when {lang} is used in the template directory config value. Non-admin users can in some cases copy arbitrary files into their own Nextcloud directory via a path traversal, depending on Unix permissions. Impact is described as...

6.5CVSS5.9AI score0.00392EPSS
CVE
CVE
added 2026/06/01 4:52 p.m.47 views

CVE-2026-45281

CVE-2026-45281 affects Nextcloud Server versions 32.0.0–32.0.8 and 33.0.0–33.0.2. The issue stems from improper authorization in the calendar backend, requiring an authenticated attacker who knows another user’s principal URL. An authenticated user could potentially send a request to gain full ac...

8.1CVSS5.7AI score0.00284EPSS
CVE
CVE
added 2025/12/05 4:32 p.m.44 views

CVE-2025-66547

Nextcloud Server (and Enterprise Server) prior to 31.0.1 contains a vulnerability where non-privileged users can modify tags on files they should not access via bulk tagging. Affected product: Nextcloud Server/Enterprise Server; vulnerable component: file tagging mechanism. Root cause details are...

4.3CVSS6.3AI score0.00242EPSS
CVE
CVE
added 2026/06/01 4:53 p.m.43 views

CVE-2026-45282

This CVE affects Nextcloud Server versions 32.0.0–32.0.8 and 33.0.0–33.0.2, where an authenticated attacker can access attachments of link shares using a valid share token and a known documentId, bypassing password protection or download restrictions. The vulnerability enables access to attachmen...

6.5CVSS5.7AI score0.00294EPSS
CVE
CVE
added 2026/06/01 5:8 p.m.37 views

CVE-2026-45690

Nextcloud Server versions 32.0.0–32.0.9 and 33.0.0–33.0.3 expose an authentication bypass where, after valid credentials are entered on a 2FA-enabled account, a temporary session token is created before the second factor is enforced. The token can be extracted and replayed via HTTP Basic Authenti...

5.9CVSS5.7AI score0.0029EPSS
CVE
CVE
added 2025/12/04 12:0 a.m.31 views

CVE-2025-59788

Technical details about CVE-2025-59788 are not publicly available in the connected documents provided. The materials summarize Nextcloud XSS in a reachable files_pdfviewer directory and list affected versions, but no further technical specifics, root cause, impact, or remediation are included her...

6.4CVSS6.2AI score0.00255EPSS
CVE
CVE
added 2026/06/01 4:53 p.m.29 views

CVE-2026-45283

In Nextcloud Server, the files_lock app is vulnerable in versions 32.0.0 to before 32.0.2 and 33.0.0 to before 33.0.1. The root cause is improper validation of file ownership when processing DAV lock and unlock requests, allowing an authenticated user to lock or unlock files belonging to other us...

6.3CVSS5.7AI score0.00211EPSS
CVE
CVE
added 2025/12/05 4:18 p.m.25 views

CVE-2025-66510

CVE-2025-66510 affects Nextcloud Server and Nextcloud Enterprise Server where the contact search feature can disclose personal data (emails, names, identifiers) of other users to authenticated users due to improper access control. Affected versions include Nextcloud Server prior to 31.0.10 and 32...

4.9CVSS6AI score0.00302EPSS
CVE
CVE
added 2025/12/05 4:36 p.m.18 views

CVE-2025-66552

CVE-2025-66552 affects Nextcloud Server and Enterprise Server. The issue is due to incorrect path handling with groupfolders, causing the admin_audit app to fail to log all actions on files and folders inside groupfolders. The vulnerability is fixed in Nextcloud Server and Enterprise Server versi...

4.3CVSS6.2AI score0.00269EPSS