CVE-2025-64011

all versions

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticat

4.3MEDIUM

CVE-2025-66557

>= 1.14.0 and < 1.14.6

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with N

5.4MEDIUM

CVE-2025-66556

>= 20.0.0 and < 20.1.8

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions

3.5LOW

CVE-2025-66549

>= 3.0.0 and < 3.16.5

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-

2.4LOW

CVE-2025-66548

< 1.12.7

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with N

3.3LOW

CVE-2025-66514

< 5.5.3

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the

3.5LOW

CVE-2025-66552

>= 30.0.0 and < 30.0.9

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, inc

4.3MEDIUM

CVE-2025-66550

>= 4.0.0 and < 4.7.17

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with

5.7MEDIUM

CVE-2025-66547

>= 31.0.0 and < 31.0.1

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged

4.3MEDIUM

CVE-2025-66546

>= 4.0.0 and < 4.7.19

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking ap

3.3LOW

CVE-2025-66512

>= 31.0.0 and < 31.0.12

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a

5.4MEDIUM

CVE-2025-66511

>= 6.0.0 and < 6.0.3

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting prop

4.8MEDIUM

CVE-2025-66510

>= 31.0.0 and < 31.0.10

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise

4.5MEDIUM

CVE-2025-59788

>= 30.0.0 and < 30.0.17

Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.1

6.4MEDIUM

CVE-2025-47794

>= 29.0.0 and < 29.0.13

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud En

2.6LOW

CVE-2025-47793

>= 29.0.0 and < 29.0.9

Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shar

4.3MEDIUM

CVE-2025-47792

< 3.15.0

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications

5.0MEDIUM

CVE-2025-47791

>= 28.0.0 and < 28.0.13

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud E

4.3MEDIUM

CVE-2025-47790

>= 29.0.0 and < 29.0.15

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enter

6.4MEDIUM

CVE-2024-52514

>= 27.0.0 and < 27.1.9

Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the

4.1MEDIUM

CVE-2024-52513

>= 28.0.0 and < 28.0.11

Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malic

2.6LOW

CVE-2024-52510

>= 3.0.0 and < 3.14.2

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not s

4.2MEDIUM

CVE-2024-52509

>= 2.2.0 and < 2.2.10

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed atta

3.5LOW

CVE-2024-52508

>= 1.9.0 and < 1.14.6

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account

8.2HIGH

CVE-2024-52525

>= 28.0.0 and < 28.0.12

Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in

1.8LOW

CVE-2024-52523

>= 28.0.0 and < 28.0.12

Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fi

4.6MEDIUM

CVE-2024-52521

>= 28.0.0 and < 28.0.10

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This

2.6LOW

CVE-2024-52520

>= 28.0.0 and < 28.0.10

Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be

5.7MEDIUM

CVE-2024-52519

>= 28.0.0 and < 28.0.10

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an at

2.7LOW

CVE-2024-52518

>= 28.0.0 and < 28.0.12

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, t

4.4MEDIUM

CVE-2024-52517

>= 28.0.0 and < 28.0.11

Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them an

4.6MEDIUM

CVE-2024-52516

>= 28.0.0 and < 28.0.9

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in

3.0LOW

CVE-2024-52515

>= 27.0.0 and < 27.1.10

Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malic

5.7MEDIUM

CVE-2024-46958

>= 3.13.1 and < 3.13.4

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world wr

9.1CRITICAL

CVE-2024-37887

>= 27.0.0 and < 27.1.10

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by shar

3.5LOW

CVE-2024-37885

< 3.12.0

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextclou

3.8LOW

CVE-2024-37884

>= 26.0.0 and < 26.0.13

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of fil

3.5LOW

CVE-2024-37883

>= 1.6.0 and < 1.6.6

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with N

4.3MEDIUM

CVE-2024-37882

>= 26.0.0 and < 26.0.13

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item

8.1HIGH

CVE-2024-37316

>= 4.3.0 and < 4.6.8

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data lea

4.6MEDIUM

CVE-2024-37315

>= 26.0.0 and < 26.0.12

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older vers

3.5LOW

CVE-2024-37314

>= 25.0.0 and < 25.0.7

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the

3.5LOW

CVE-2024-37313

>= 26.0.0 and < 26.0.13

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2F

7.3HIGH

CVE-2024-22403

< 28.0.0

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would g

3.0LOW

CVE-2024-22213

>= 1.9.0 and < 1.9.5

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.

NONE

CVE-2023-49792

>= 26.0.0 and < 26.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9

5.3MEDIUM

CVE-2023-49791

>= 26.0.0 and < 26.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9

5.4MEDIUM

CVE-2023-49790

< 4.9.2

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version

4.3MEDIUM

CVE-2023-48308

>= 3.0.0 and < 4.5.3

Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when g

3.5LOW

CVE-2023-48307

>= 1.13.0 and < 2.2.8

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version

3.5LOW

CVE-2023-48306

>= 25.0.0 and < 25.0.11

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

5.0MEDIUM

CVE-2023-48305

>= 25.0.0 and < 25.0.11

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

4.2MEDIUM

CVE-2023-48304

>= 25.0.0 and < 25.0.11

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

4.3MEDIUM

CVE-2023-48303

>= 25.0.0 and < 25.0.11

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

2.4LOW

CVE-2023-48302

>= 25.0.0 and < 25.0.13

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

3.5LOW

CVE-2023-48301

>= 25.0.0 and <= 25.0.13

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

3.5LOW

CVE-2023-48239

>= 25.0.0 and < 25.0.13

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

8.5HIGH

CVE-2023-45150

>= 1.0 and < 4.4.4

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying t

4.3MEDIUM

CVE-2023-45149

>= 15.0.0 and < 15.0.8

Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conv

4.3MEDIUM

CVE-2023-45660

>= 2.2.0 and < 2.2.8

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and

4.3MEDIUM

CVE-2023-45151

>= 25.0.0 and < 25.0.8

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which all

6.5MEDIUM

CVE-2023-45148

>= 25.0.0 and < 25.0.11

Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Ser

4.3MEDIUM

CVE-2023-39960

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and

5.0MEDIUM

CVE-2023-39963

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versi

8.1HIGH

CVE-2023-39962

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versi

7.7HIGH

CVE-2023-39961

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versi

3.5LOW

CVE-2023-39959

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

3.5LOW

CVE-2023-39958

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versi

5.8MEDIUM

CVE-2023-39957

< 17.0.0

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unpro

7.8HIGH

CVE-2023-39952

>= 25.0.0 and < 25.0.8

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versi

6.5MEDIUM

CVE-2023-35928

>= 25.0.0 and < 25.0.7

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.

8.4HIGH

CVE-2023-35927

>= 25.0.0 and < 25.0.7

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextC

7.6HIGH

CVE-2023-35172

>= 25.0.0 and < 25.0.7

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextC

8.7HIGH

CVE-2023-35171

>= 26.0.0 and < 26.0.2

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting

4.1MEDIUM

CVE-2023-32320

>= 25.0.0 and < 25.0.7

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in p

8.7HIGH

CVE-2023-33183

< 3.5.5

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are dis

2.6LOW

CVE-2023-33184

>= 1.13.0 and < 1.15.3

Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web se

3.5LOW

CVE-2023-32319

>= 24.0.0 and < 24.0.11

Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the b

8.1HIGH

CVE-2023-32318

>= 25.0.2 and < 25.0.6

Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text ap

7.2HIGH

CVE-2023-28847

>= 24.0.0 and < 24.0.11

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior

3.1LOW

CVE-2023-30540

>= 15.0.0 and < 15.0.5

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conver

3.5LOW

CVE-2023-30539

>= 24.0.0 and < 24.0.11

Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit acces

6.5MEDIUM

CVE-2023-29000

>= 3.0.0 and < 3.7.0

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to versio

5.4MEDIUM

CVE-2023-28999

>= 3.13.0 and < 3.25.0

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 unt

6.9MEDIUM

CVE-2023-28998

>= 3.0.0 and < 3.6.5

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to versio

6.7MEDIUM

CVE-2023-28997

>= 3.0.0 and < 3.6.5

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to versio

6.7MEDIUM

CVE-2023-28834

>= 24.0.0 and < 24.0.10

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as

3.5LOW

CVE-2023-28845

>= 14.0.0 and < 14.0.9

Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter acces

3.5LOW

CVE-2023-28844

>= 24.0.4 and < 24.0.10

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a fil

5.7MEDIUM

CVE-2023-28645

>= 6.0.0 and < 6.3.2

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feat

5.7MEDIUM

CVE-2023-28835

>= 24.0.0 and < 24.0.10

Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creating a

3.5LOW

CVE-2023-28833

>= 24.0.0 and < 24.0.10

Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo o

2.4LOW

CVE-2023-28647

< 4.7.0

Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an

4.4MEDIUM

CVE-2023-28646

>= 3.7.0 and < 3.24.1

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.

4.4MEDIUM

CVE-2023-28644

>= 25.0.0 and < 25.0.3

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch

5.7MEDIUM

CVE-2023-28643

>= 24.0.0 and < 24.0.9

Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the sam

5.5MEDIUM

CVE-2023-26482

>= 24.0.0 and < 24.0.10

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to cre

9.0CRITICAL

CVE-2023-25817

>= 24.0.0 and < 24.0.9

Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate

3.5LOW

CVE-2023-25818

>= 24.0.0 and < 24.0.10

Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the pa

5.3MEDIUM

CVE-2023-25820

>= 24.0.0 and < 24.0.10

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server i

4.2MEDIUM

CVE-2023-25821

>= 24.0.4 and < 24.0.7

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.

5.7MEDIUM

CVE-2023-25816

>= 25.0.0 and < 25.0.3

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resour

4.3MEDIUM

CVE-2023-25579

< 23.0.12

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath() function was

6.0MEDIUM

CVE-2023-25162

< 23.0.12

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8

5.3MEDIUM

CVE-2023-25161

< 23.0.12

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud En

3.7LOW

CVE-2023-25160

< 1.11.8

Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an att

4.1MEDIUM

CVE-2023-25159

>= 24.0.4 and <= 24.0.8

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a documen

2.3LOW

CVE-2023-25150

< 3.8.7

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration

5.8MEDIUM

CVE-2023-23943

< 1.15.0

Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields a

5.0MEDIUM

CVE-2023-23942

< 3.6.3

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 ar

5.4MEDIUM

CVE-2023-23944

< 2.2.2

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in

2.0LOW

CVE-2023-22471

< 1.6.5

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.

3.5LOW

CVE-2023-22470

< 1.6.5

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with N

3.5LOW

CVE-2023-22469

< 1.8.2

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.

5.8MEDIUM

CVE-2023-22473

< 15.0.2

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able t

2.1LOW

CVE-2023-22472

all versions

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.

5.3MEDIUM

CVE-2022-41970

>= 24.0.0 and < 24.0.7

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allo

2.6LOW

CVE-2022-41969

>= 23.0.0 and < 23.0.11

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password leng

2.4LOW

CVE-2022-41968

>= 23.0.0 and < 23.0.10

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not vali

3.5LOW

CVE-2022-39333

< 3.6.1

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Des

4.6MEDIUM

CVE-2022-39332

< 3.6.1

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Des

4.6MEDIUM

CVE-2022-41926

< 14.1.0

Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is no

3.3LOW

CVE-2022-39346

< 22.2.10

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user displa

3.5LOW

CVE-2022-39334

< 3.6.1

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versi

3.9LOW

CVE-2022-39331

< 3.6.1

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Des

4.6MEDIUM

CVE-2022-41882

all versions

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user

6.6MEDIUM

CVE-2022-39364

< 23.0.9

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to vers

4.0MEDIUM

CVE-2022-39330

< 23.0.10

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to version

4.8MEDIUM

CVE-2022-39329

< 23.0.9

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud En

3.5LOW

CVE-2022-39212

< 13.0.8

Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker cou

4.3MEDIUM

CVE-2022-39210

< 3.21.0

Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android a

3.2LOW

CVE-2022-39211

< 23.0.8

Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can

3.0LOW

CVE-2022-36074

< 23.0.7

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposur

6.4MEDIUM

CVE-2022-35932

< 12.2.7

Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protect

3.5LOW

CVE-2022-31119

< 1.12.1

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log use

3.1LOW

CVE-2022-31132

< 1.12.8

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on

8.3HIGH

CVE-2022-31120

< 22.2.7

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has bee

2.1LOW

CVE-2022-31118

< 22.2.9

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federate

6.5MEDIUM

CVE-2022-31014

< 22.2.8

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection.

5.4MEDIUM

CVE-2022-31024

< 4.2.6

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4

6.5MEDIUM

CVE-2022-29243

< 22.2.7

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0

4.3MEDIUM

CVE-2022-29163

< 22.2.6

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0

3.5LOW

CVE-2022-29160

< 3.19.0

Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tok

2.8LOW

CVE-2022-29159

< 1.4.8

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, a

5.0MEDIUM

CVE-2022-24906

< 1.2.11

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the applica

3.5LOW

CVE-2022-24890

< 13.0.5

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can i

2.4LOW

CVE-2022-24889

< 21.0.8

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4,

2.4LOW

CVE-2022-24888

< 20.0.14.4

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0

4.3MEDIUM

CVE-2022-24887

< 11.3.4

Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4,

4.3MEDIUM

CVE-2022-24886

< 3.19.0

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any a

2.2LOW

CVE-2022-24885

< 3.19.1

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can

2.0LOW

CVE-2022-24838

< 3.2.2

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newline

5.3MEDIUM

CVE-2021-41233

< 20.0.14

Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextclo

6.5MEDIUM

CVE-2022-24741

>= 21.0.0 and < 21.0.8

Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial

3.5LOW

CVE-2021-41241

< 20.0.14

Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allo

4.3MEDIUM

CVE-2021-41239

< 20.0.14

Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did no

5.3MEDIUM

CVE-2021-41181

< 12.3.0

Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not pro

2.4LOW

CVE-2021-41180

< 12.1.2

Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocat

4.7MEDIUM

CVE-2021-41166

< 3.17.1

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to

4.3MEDIUM

CVE-2021-43863

< 3.18.1

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses

7.5HIGH

CVE-2021-39222

< 10.0.7

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Si

6.4MEDIUM

CVE-2021-41177

< 20.0.13

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server di

8.1HIGH

CVE-2021-39225

< 1.2.9

Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 a

8.1HIGH

CVE-2021-39223

< 3.8.6

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 an

4.8MEDIUM

CVE-2021-39220

< 1.10.4

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0

3.5LOW

CVE-2021-32802

< 20.0.12

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file

9.3CRITICAL

CVE-2021-32801

< 20.0.12

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in lo

5.5MEDIUM

CVE-2021-32800

< 20.0.12

Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Auth

8.1HIGH

CVE-2021-37629

< 3.8.4

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the

5.3MEDIUM

CVE-2021-37628

< 3.8.4

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" p

7.5HIGH

CVE-2021-32766

< 20.0.12

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nex

5.3MEDIUM

CVE-2021-37631

< 1.2.9

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated wit

6.5MEDIUM

CVE-2021-37617

>= 3.0.3 and < 3.3.0

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client in

7.3HIGH

CVE-2021-32728

< 3.3.0

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end

6.5MEDIUM

CVE-2021-32748

< 3.8.3

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform Inter

4.3MEDIUM

CVE-2021-32741

< 19.0.13

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a l

5.3MEDIUM

CVE-2021-32734

< 19.0.13

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud

3.1LOW

CVE-2021-32733

< 19.0.13

Nextcloud Text is a collaborative document editing application that uses Markdown. A cross-site scripting vulnerability is present

4.8MEDIUM

CVE-2021-32727

< 3.16.1

Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download t

5.7MEDIUM

CVE-2021-32726

< 19.0.13

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn toke

7.1HIGH

CVE-2021-32725

< 19.0.13

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share

3.5LOW

CVE-2021-32707

< 1.9.6

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, rende

4.3MEDIUM

CVE-2021-32689

< 11.2.2

Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able

8.1HIGH

CVE-2021-32705

< 19.0.13

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a l

5.3MEDIUM

CVE-2021-32703

< 19.0.13

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a l

5.3MEDIUM

CVE-2021-32688

< 19.0.13

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authe

8.8HIGH

CVE-2021-32680

< 19.0.13

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Se

3.3LOW

CVE-2021-32679

< 19.0.13

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames wh

3.5LOW

CVE-2021-32678

< 19.0.13

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits a

3.7LOW

CVE-2021-32694

< 3.15.1

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device

4.1MEDIUM

CVE-2021-32695

< 3.16.1

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could h

3.9LOW

CVE-2021-32676

< 9.0.10

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before v

6.5MEDIUM

CVE-2021-22915

< 19.0.11

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in

9.8CRITICAL

CVE-2021-22913

< 1.2.7

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the look

6.5MEDIUM

CVE-2021-22912

< 3.4.2

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup serve

6.5MEDIUM

CVE-2021-22905

< 3.16.0

Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees be

6.5MEDIUM

CVE-2021-22896

< 1.9.5

Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated us

4.3MEDIUM

CVE-2021-22895

< 3.1.3

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification

5.9MEDIUM

CVE-2021-32658

< 3.16.1

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client

4.7MEDIUM

CVE-2021-32657

< 19.0.11

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and

4.3MEDIUM

CVE-2021-32656

< 19.0.11

Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to

8.6HIGH

CVE-2021-32655

< 19.0.11

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker

3.5LOW

CVE-2021-32654

< 19.0.11

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker

8.1HIGH

CVE-2021-32653

< 19.0.11

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2

2.7LOW

CVE-2021-32652

< 1.4.3

Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allow

8.8HIGH

CVE-2021-22879

< 3.1.3

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malic

8.8HIGH

CVE-2021-22878

< 20.0.6

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notifica

4.8MEDIUM

CVE-2021-22877

< 20.0.6

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storag

6.5MEDIUM

CVE-2020-8296

< 20.0.0

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.

6.7MEDIUM

CVE-2020-8297

< 1.0.2

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplic

4.3MEDIUM

CVE-2020-8294

< 18.0.11

A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Interne

5.4MEDIUM

CVE-2020-8295

< 20.0.0

A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a use

7.5HIGH

CVE-2020-8293

< 18.0.11

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rul

6.5MEDIUM

CVE-2020-8259

< 20.0.0

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryptio

8.1HIGH

CVE-2020-8152

< 20.0.0

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public ke

4.4MEDIUM

CVE-2020-8150

< 19.0.2

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of

4.1MEDIUM

CVE-2020-8133

all versions

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in

5.3MEDIUM

CVE-2020-8236

< 19.0.2

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor ver

6.8MEDIUM

CVE-2020-8183

< 18.0.6

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create

7.5HIGH

CVE-2020-8173

< 17.0.7

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than

2.2LOW

CVE-2020-8235

all versions

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachm

4.3MEDIUM

CVE-2020-8223

all versions

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions

6.5MEDIUM

CVE-2020-8182

all versions

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than

8.0HIGH

CVE-2020-8225

< 2.6.5

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their

7.5HIGH

CVE-2020-8227

< 2.6.5

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to stor

6.8MEDIUM

CVE-2020-8189

< 2.6.5

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding

5.4MEDIUM

CVE-2020-8230

< 2.6.5

A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows

5.5MEDIUM

CVE-2020-8229

< 2.6.5

A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.

5.5MEDIUM

CVE-2020-8224

< 2.6.5

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a f

7.8HIGH

CVE-2020-8179

< 1.0.1

Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.

4.1MEDIUM

CVE-2020-8180

< 6.0.5

A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was

9.9CRITICAL

CVE-2020-8156

< 1.1.4

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.

7.0HIGH

CVE-2020-8155

< 18.0.3

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when

5.4MEDIUM

CVE-2020-8154

< 17.0.5

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other u

7.7HIGH

CVE-2020-8140

< 2.6.3

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INS

6.7MEDIUM

CVE-2020-8139

>= 16.0.0 and < 16.0.9

A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable

6.5MEDIUM

CVE-2020-8138

< 15.0.14

A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Fo

6.5MEDIUM

CVE-2020-8122

< 12.0.13

A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they rece

4.3MEDIUM

CVE-2020-8121

< 13.0.9

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.

8.1HIGH

CVE-2020-8120

all versions

A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.

6.1MEDIUM

CVE-2020-8119

< 15.0.13

Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via t

4.3MEDIUM

CVE-2020-8118

< 15.0.9

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a

5.0MEDIUM

CVE-2020-8117

< 12.0.13

Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public ev

4.3MEDIUM

CVE-2019-15624

< 14.0.11

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.

4.9MEDIUM

CVE-2019-15623

< 14.0.13

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Loo

5.3MEDIUM

CVE-2019-15622

< 3.6.1

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected

2.4LOW

CVE-2019-15621

< 14.0.13

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when shar

6.5MEDIUM

CVE-2019-15620

< 6.0.4

Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to anot

2.7LOW

CVE-2019-15619

< 16.0.4

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nex

4.8MEDIUM

CVE-2019-15618

< 14.0.9

Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious loc

4.8MEDIUM

CVE-2019-15617

< 17.0.1

A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.

5.4MEDIUM

CVE-2019-15616

< 17.0.0

Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.

4.3MEDIUM

CVE-2019-15615

<= 3.9.0

A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the sy

6.1MEDIUM

CVE-2019-15614

< 2.25.0

Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.

5.4MEDIUM

CVE-2019-15613

< 15.0.14

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mime

8.0HIGH

CVE-2019-15612

>= 13.0.0 and < 13.0.11

A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.

5.9MEDIUM

CVE-2019-15611

< 2.24.0

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services

4.9MEDIUM

CVE-2019-5455

all versions

Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.

6.8MEDIUM

CVE-2019-5454

all versions

SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed

9.8CRITICAL

CVE-2019-5453

<= 3.2.4

Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the loc

6.1MEDIUM

CVE-2019-5452

< 3.6.2

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Androi

2.4LOW

CVE-2019-5451

< 3.6.1

Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and

4.6MEDIUM

CVE-2019-5450

< 3.7.0

Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the director

6.8MEDIUM

CVE-2019-5449

< 15.0.1

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying co

4.3MEDIUM

CVE-2018-16467

< 14.0.0

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protect

5.3MEDIUM

CVE-2018-16466

< 12.0.11

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrict

8.1HIGH

CVE-2018-16465

< 14.0.0

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the provider of the

5.3MEDIUM

CVE-2018-16464

< 14.0.0

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when t

5.7MEDIUM

CVE-2018-16463

< 12.0.8

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtai

3.1LOW

CVE-2018-3781

< 3.2.5

A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring u

5.4MEDIUM

CVE-2018-3780

< 13.0.5

A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requirin

5.4MEDIUM

CVE-2018-3776

>= 11.0.0 and < 11.0.5

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in th

5.3MEDIUM

CVE-2018-3775

< 12.0.3

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypa

8.8HIGH

CVE-2018-3763

< 1.5.8

In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a s

4.8MEDIUM

CVE-2018-3762

< 12.0.8

Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user

4.3MEDIUM

CVE-2018-3761

< 12.0.8

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potenti

8.1HIGH

CVE-2017-0936

< 11.0.7

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missin

5.7MEDIUM

CVE-2017-0895

>= 10.0.0 and < 10.0.4

Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users.

3.5LOW

CVE-2017-0894

< 11.0.3

Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus

4.3MEDIUM

CVE-2017-0893

< 9.0.58

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-in

5.4MEDIUM

CVE-2017-0892

< 11.0.3

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without perm

3.5LOW

CVE-2017-0891

< 9.0.58

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vul

5.4MEDIUM

CVE-2017-0890

< 11.0.3

Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be

5.4MEDIUM

CVE-2017-0888

all versions

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar

4.3MEDIUM

CVE-2017-0887

< 9.0.55

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values pro

4.3MEDIUM

CVE-2017-0886

< 9.0.55

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an aut

6.5MEDIUM

CVE-2017-0885

< 9.0.55

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an

4.3MEDIUM

CVE-2017-0884

< 9.0.55

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issu

4.3MEDIUM

CVE-2017-0883

<= 9.0.54

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related

6.4MEDIUM

CVE-2016-9468

< 9.0.54

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. Th

5.3MEDIUM

CVE-2016-9467

< 9.0.54

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app.

5.3MEDIUM

CVE-2016-9466

>= 10.0.0 and < 10.0.1

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The

6.1MEDIUM

CVE-2016-9465

>= 10.0.0 and < 10.0.1

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDA

5.4MEDIUM

CVE-2016-9464

< 9.0.54

Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as

4.3MEDIUM

CVE-2016-9463

< 9.0.54

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Byp

8.1HIGH

CVE-2016-9462

< 9.0.52

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file.

4.3MEDIUM

CVE-2016-9461

< 9.0.52

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy act

4.3MEDIUM

CVE-2016-9460

<= 9.0.51

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The lo

5.3MEDIUM

CVE-2016-9459

< 9.0.52

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading

6.1MEDIUM

CVE-2016-7419

<= 9.0.51

Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Serv

5.4MEDIUM