Tables Security Vulnerabilities and Issues — Tables CVE List

NextcloudTables

8 matches found

CVE•added 2024/11/15 5:22 p.m.•63 views

CVE-2024-52511

CVE-2024-52511 affects the Nextcloud Tables app. The issue is an authorization bypass where a user can blindly insert new rows by directly specifying the ID of a table or view, allowing writes to tables to which they should not have access. The vulnerability is rooted in requesting access-control...

6.5CVSS6.2AI score0.00448EPSS

CVE•added 2024/11/15 5:24 p.m.•60 views

CVE-2024-52507

Nextcloud Tables is affected by CVE-2024-52507: prior to version 0.8.1, the app improperly exposes which tables (identified by numeric IDs) are shared with specific groups/users and their permissions, not restricting this information to affected users. This constitutes an access-control/authoriza...

4.3CVSS3.7AI score0.00409EPSS

CVE•added 2026/06/01 5:5 p.m.•29 views

CVE-2026-45545

Summary of CVE-2026-45545 (Nextcloud Tables SQL Injection) : An authenticated attacker with access to the Nextcloud Tables app could trigger a stored SQL injection that accepts arbitrary inputs up to 20 bytes and can break out of the length limit. This allows extraction or modification of databas...

8.2CVSS6AI score0.00318EPSS

CVE•added 2025/12/05 5:18 p.m.•22 views

CVE-2025-66553

Summary: Nextcloud Tables prior to 0.8.7 and 0.9.4 allows authenticated users to view column metadata of other tables by altering the numeric ID in a request, causing information disclosure. The issue is fixed in 0.8.7 and 0.9.4. Remediation: upgrade Nextcloud Tables to version 0.8.7 or later, or...

4.3CVSS6.1AI score0.00231EPSS

CVE•added 2025/12/05 5:11 p.m.•21 views

CVE-2025-66513

CVE-2025-66513 affects the Nextcloud Tables app. Prior to versions 0.8.9, 0.9.6, and 1.0.1, information about which table (numeric ID) is shared with which groups/users and the corresponding permissions was not restricted to privileged users, enabling an information disclosure scenario. The issue...

5.3CVSS6.1AI score0.0024EPSS

CVE•added 2026/06/01 5:11 p.m.•20 views

CVE-2026-45722

In Nextcloud, the Tables app contains a failing input sanitization that enables a limited SQL injection in the ORDER BY clause for affected versions. Specifically, vulnerable versions range from 0.9.0 up to before 0.9.7 and 1.0.0 up to before 1.0.2, allowing a user with access to Tables to influe...

7.1CVSS5.8AI score0.00301EPSS

CVE•added 2026/06/01 5:3 p.m.•19 views

CVE-2026-45544

CVE-2026-45544 affects Nextcloud Tables, part of the Nextcloud platform. From version 0.8.0 to before 1.0.4, the view filter criteria was exposed to users with read‑only permissions, enabling potential disclosure of metadata through the table view. The issue is mitigated by upgrading to Nextcloud...

4.3CVSS5.7AI score0.00222EPSS

CVE•added 2025/12/05 5:15 p.m.•14 views

CVE-2025-66551

Nextcloud Tables contains an ownership-check vulnerability: a malicious user could create a table and move a column into another user’s table due to a missing ownership validation. Affected versions are before 0.8.6 and before 0.9.3. The issue is resolved by upgrading to 0.8.6 or 0.9.3, per multi...

6.3CVSS6.3AI score0.00206EPSS