nextcloud server · threatengine.sh

Home/Product/nextcloud server

Product

nextcloud server

183 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticat

>= 30.0.0 and < 30.0.9

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, inc

>= 31.0.0 and < 31.0.1

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged

>= 31.0.0 and < 31.0.12

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a

>= 31.0.0 and < 31.0.10

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise

>= 30.0.0 and < 30.0.17

Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.1

>= 29.0.0 and < 29.0.13

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud En

>= 29.0.0 and < 29.0.9

Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shar

>= 28.0.0 and < 28.0.13

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud E

>= 29.0.0 and < 29.0.15

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enter

>= 27.0.0 and < 27.1.9

Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the

>= 28.0.0 and < 28.0.11

Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malic

>= 28.0.0 and < 28.0.12

Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in

>= 28.0.0 and < 28.0.12

Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fi

>= 28.0.0 and < 28.0.10

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This

>= 28.0.0 and < 28.0.10

Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be

>= 28.0.0 and < 28.0.10

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an at

>= 28.0.0 and < 28.0.12

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, t

>= 28.0.0 and < 28.0.11

Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them an

>= 28.0.0 and < 28.0.9

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in

>= 27.0.0 and < 27.1.10

Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malic

>= 27.0.0 and < 27.1.10

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by shar

>= 26.0.0 and < 26.0.13

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of fil

>= 26.0.0 and < 26.0.13

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item

>= 26.0.0 and < 26.0.12

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older vers

>= 25.0.0 and < 25.0.7

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the

>= 26.0.0 and < 26.0.13

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2F

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would g

>= 26.0.0 and < 26.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9

>= 26.0.0 and < 26.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9

>= 25.0.0 and < 25.0.11

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

>= 25.0.0 and < 25.0.11

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

>= 25.0.0 and < 25.0.11

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

>= 25.0.0 and < 25.0.11

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

>= 25.0.0 and < 25.0.13

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

>= 25.0.0 and <= 25.0.13

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

>= 25.0.0 and < 25.0.13

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

>= 25.0.0 and < 25.0.8

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which all

>= 25.0.0 and < 25.0.11

Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Ser

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versi

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versi

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versi

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versi

>= 25.0.0 and < 25.0.9

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versi

>= 25.0.0 and < 25.0.8

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versi

>= 25.0.0 and < 25.0.7

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.

>= 25.0.0 and < 25.0.7

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextC

>= 25.0.0 and < 25.0.7

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextC

>= 26.0.0 and < 26.0.2

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting

>= 25.0.0 and < 25.0.7

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in p

>= 24.0.0 and < 24.0.11

Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the b

>= 25.0.2 and < 25.0.6

Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text ap

>= 24.0.0 and < 24.0.11

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior

>= 24.0.0 and < 24.0.11

Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit acces

>= 24.0.0 and < 24.0.10

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as

>= 24.0.4 and < 24.0.10

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a fil

>= 24.0.0 and < 24.0.10

Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creating a

>= 24.0.0 and < 24.0.10

Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo o

>= 25.0.0 and < 25.0.3

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch

>= 24.0.0 and < 24.0.9

Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the sam

>= 24.0.0 and < 24.0.10

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to cre

>= 24.0.0 and < 24.0.9

Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate

>= 24.0.0 and < 24.0.10

Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the pa

>= 24.0.0 and < 24.0.10

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server i

>= 24.0.4 and < 24.0.7

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.

>= 25.0.0 and < 25.0.3

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resour

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath() function was

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud En

>= 24.0.4 and <= 24.0.8

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a documen

>= 24.0.0 and < 24.0.7

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allo

>= 23.0.0 and < 23.0.11

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password leng

>= 23.0.0 and < 23.0.10

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not vali

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user displa

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to vers

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to version

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud En

Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposur

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has bee

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federate

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection.

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4,

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0

Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextclo

>= 21.0.0 and < 21.0.8

Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial

Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allo

Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did no

>= 20.0.3 and < 20.0.13

Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, th

>= 20.0.3 and < 20.0.13

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vu

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server di

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in lo

Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Auth

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nex

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a l

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud

Nextcloud Text is a collaborative document editing application that uses Markdown. A cross-site scripting vulnerability is present

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn toke

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a l

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a l

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authe

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Se

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames wh

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits a

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and

Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notifica

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storag

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.

A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Interne

A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a use

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rul

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryptio

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public ke

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor ver

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other u

>= 16.0.0 and < 16.0.9

A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable

A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Fo

A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they rece

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.

A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.

Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via t

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a

Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public ev

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Loo

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when shar

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nex

Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious loc

A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.

Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mime

>= 13.0.0 and < 13.0.11

A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.

Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying co

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protect

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrict

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the provider of the

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when t

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtai

A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requirin

>= 11.0.0 and < 11.0.5

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in th

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypa

Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potenti

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missin

>= 10.0.0 and < 10.0.4

Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users.

Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-in

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without perm

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vul

Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values pro

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an aut

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issu

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. Th

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app.

>= 10.0.0 and < 10.0.1

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The

>= 10.0.0 and < 10.0.1

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDA

Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Byp

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file.

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy act

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading

Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Serv

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin