threat
engine
.sh
Back
·
··:··
Home
/
Product
/
nextcloud mail
Product
nextcloud mail
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-66514
< 5.5.3
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the
3.5
LOW
CVE-2024-52509
>= 2.2.0 and < 2.2.10
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed atta
3.5
LOW
CVE-2024-52508
>= 1.9.0 and < 1.14.6
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account
8.2
HIGH
CVE-2023-48307
>= 1.13.0 and < 2.2.8
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version
3.5
LOW
CVE-2023-45660
>= 2.2.0 and < 2.2.8
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and
4.3
MEDIUM
CVE-2023-33184
>= 1.13.0 and < 1.15.3
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web se
3.5
LOW
CVE-2023-25160
< 1.11.8
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an att
4.1
MEDIUM
CVE-2023-23943
< 1.15.0
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields a
5.0
MEDIUM
CVE-2023-23944
< 2.2.2
Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in
2.0
LOW
CVE-2022-31119
< 1.12.1
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log use
3.1
LOW
CVE-2022-31132
< 1.12.8
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on
8.3
HIGH
CVE-2013-10001
all versions
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification vali
4.8
MEDIUM
CVE-2021-39220
< 1.10.4
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0
3.5
LOW
CVE-2021-32707
< 1.9.6
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, rende
4.3
MEDIUM
CVE-2021-32652
< 1.4.3
Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allow
8.8
HIGH
CVE-2020-8156
< 1.1.4
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
7.0
HIGH
CVE-2019-17123
>= 11
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are misha
7.5
HIGH
CVE-2019-10735
all versions
In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted mult
4.3
MEDIUM
CVE-2017-17689
all versions
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exf
5.9
MEDIUM
CVE-2017-17688
all versions
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exf
5.9
MEDIUM
CVE-2016-4879
<= 3.0.10
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hija
8.8
HIGH
CVE-2016-4877
all versions
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inj
5.4
MEDIUM
CVE-2010-3887
all versions
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the corresponden
CVE-2008-4584
all versions
Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary
CVE-2008-4491
all versions
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plain
CVE-2008-4045
all versions
Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML vi
CVE-2008-0039
all versions
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted fi
CVE-2005-2512
all versions
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's prefe
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin