Arthur Schiwon

6 exploits Active since Jan 2024
CVE-2024-22400 WRITEUP LOW WRITEUP
Nextcloud <5.1.5-6.0.1 - Open Redirect
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.
CVSS 3.1
CVE-2024-52507 WRITEUP LOW WRITEUP
Nextcloud Tables < 0.8.1 - IDOR
Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1.
CVSS 3.5
CVE-2024-52511 WRITEUP MEDIUM WRITEUP
Nextcloud Tables < 0.8.0 - IDOR
Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0.
CVSS 6.3
CVE-2025-66513 WRITEUP MEDIUM WRITEUP
Nextcloud Tables <0.8.9, <0.9.6, <1.0.1 - Info Disclosure
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.
CVSS 4.3
CVE-2025-66551 WRITEUP MEDIUM WRITEUP
Nextcloud Tables <0.8.6-0.9.3 - Privilege Escalation
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.
CVSS 6.3
CVE-2025-66553 WRITEUP MEDIUM WRITEUP
Nextcloud Tables <0.8.7 & 0.9.4 - Info Disclosure
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.
CVSS 4.3