Nextcloud Server Security Vulnerabilities and Issues — Nextcloud Server CVE List

Lucene search

NextcloudNextcloud Server

7 matches found

CVE•added 2021/07/12 8:15 p.m.•161 views

CVE-2021-32726

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fixed...

9.8CVSS8.1AI score0.00165EPSS

CVE•added 2023/03/30 7:15 p.m.•106 views

CVE-2023-26482

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, i...

9CVSS8.6AI score0.63693EPSS

CVE•added 2023/06/23 9:15 p.m.•85 views

CVE-2023-35172

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 2...

9.1CVSS9.1AI score0.00175EPSS

CVE•added 2023/11/21 11:15 p.m.•83 views

CVE-2023-48306

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 o...

9.8CVSS7AI score0.00322EPSS

CVE•added 2023/12/22 5:15 p.m.•79 views

CVE-2023-49792

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as truste...

9.8CVSS7.3AI score0.00154EPSS

CVE•added 2021/06/01 9:15 p.m.•78 views

CVE-2021-32654

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public l...

9.1CVSS8.6AI score0.00148EPSS

CVE•added 2021/06/11 4:15 p.m.•64 views

CVE-2021-22915

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection.

9.8CVSS9.2AI score0.00438EPSS