threat
engine
.sh
Back
·
··:··
Home
/
Product
/
nextcloud desktop
Product
nextcloud desktop
55 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-2664
< 4.62.0
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and
7.8
HIGH
CVE-2025-66549
>= 3.0.0 and < 3.16.5
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-
2.4
LOW
CVE-2025-47792
< 3.15.0
Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications
5.0
MEDIUM
CVE-2025-3224
< 4.41.0
A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged
7.8
HIGH
CVE-2024-52510
>= 3.0.0 and < 3.14.2
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not s
4.2
MEDIUM
CVE-2024-46958
>= 3.13.1 and < 3.13.4
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world wr
9.1
CRITICAL
CVE-2024-8696
< 4.34.2
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious ext
9.8
CRITICAL
CVE-2024-8695
< 4.34.2
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension i
9.8
CRITICAL
CVE-2024-6222
< 4.29.0
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can furt
7.0
HIGH
CVE-2024-5652
< 4.31.0
In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through
6.1
MEDIUM
CVE-2024-37885
< 3.12.0
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextclou
3.8
LOW
CVE-2024-0849
all versions
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
5.0
MEDIUM
CVE-2023-49314
all versions
Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code
7.8
HIGH
CVE-2022-38730
< 4.6.0
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 A
6.3
MEDIUM
CVE-2022-37326
< 4.6.0
Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontain
7.8
HIGH
CVE-2022-34292
< 4.6.0
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create docke
7.1
HIGH
CVE-2022-31647
< 4.6.0
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a sy
7.1
HIGH
CVE-2023-28124
< 0.62.3.0
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to
5.5
MEDIUM
CVE-2023-28123
< 0.62.3.0
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credenti
5.5
MEDIUM
CVE-2023-28122
< 0.62.3.0
A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious acto
7.8
HIGH
CVE-2023-1802
all versions
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS healt
5.9
MEDIUM
CVE-2023-29000
>= 3.0.0 and < 3.7.0
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to versio
5.4
MEDIUM
CVE-2023-28999
>= 3.0.0 and < 3.8.0
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 unt
6.9
MEDIUM
CVE-2023-28998
>= 3.0.0 and < 3.6.5
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to versio
6.7
MEDIUM
CVE-2023-28997
>= 3.0.0 and < 3.6.5
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to versio
6.7
MEDIUM
CVE-2023-23942
< 3.6.3
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 ar
5.4
MEDIUM
CVE-2023-22472
all versions
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
5.3
MEDIUM
CVE-2022-39333
< 3.6.1
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Des
4.6
MEDIUM
CVE-2022-39332
< 3.6.1
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Des
4.6
MEDIUM
CVE-2022-39334
< 3.6.1
Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versi
3.9
LOW
CVE-2022-39331
< 3.6.1
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Des
4.6
MEDIUM
CVE-2022-41882
all versions
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user
6.6
MEDIUM
CVE-2022-35257
< 0.55.3.17
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with
7.8
HIGH
CVE-2022-26877
< 1.6.0
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading
6.5
MEDIUM
CVE-2021-37617
>= 3.0.3 and < 3.3.0
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client in
7.3
HIGH
CVE-2021-32728
< 3.3.0
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end
6.5
MEDIUM
CVE-2021-37841
< 3.6.0
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server runnin
7.8
HIGH
CVE-2021-22895
< 3.1.3
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification
5.9
MEDIUM
CVE-2021-22879
< 3.1.3
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malic
8.8
HIGH
CVE-2020-8225
< 2.6.5
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their
7.5
HIGH
CVE-2020-8227
< 2.6.5
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to stor
6.8
MEDIUM
CVE-2020-8189
< 2.6.5
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding
5.4
MEDIUM
CVE-2020-8230
< 2.6.5
A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows
5.5
MEDIUM
CVE-2020-8229
< 2.6.5
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
5.5
MEDIUM
CVE-2020-8224
< 2.6.5
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a f
7.8
HIGH
CVE-2020-8140
< 2.6.3
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INS
6.7
MEDIUM
CVE-2020-10665
< 2.2.2.0
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with A
6.7
MEDIUM
CVE-2017-1000492
all versions
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration
6.1
MEDIUM
CVE-2010-3397
all versions
Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows
CVE-2009-0681
<= 9.9.0
PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, an
CVE-2008-5731
all versions
The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users
CVE-2008-1767
all versions
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and
CVE-2007-3150
all versions
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects Jav
CVE-2007-1085
all versions
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitra
CVE-2005-4151
<= 9.0.3_build_2932
The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slac
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin