nextcloud
385 tracked vulnerabilities.
CVE-2026-45810
MEDIUM
Nextcloud Server 31.0.0-31.0.11 and 32.0.0-32.0.2 - Authenticated Unauthorized Comment Access
Jun 01, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-45722
HIGH
Nextcloud Tables 0.9.0-0.9.6 and 1.0.0-1.0.1 - Authenticated SQL Injection in ORDER BY Statement
Jun 01, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-45691
MEDIUM
Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 - Two-Factor Authentication Bypass via Pre-2FA Session Cookie Reuse
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-45690
MEDIUM
Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 - Authentication Bypass via Session Token Replay
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-45545
HIGH
Nextcloud Tables 0.7.0-0.7.6, 0.8.0-0.8.9, 0.9.0-0.9.7, 1.0.0-1.0.3 - Authenticated SQL Injection via Stored Input
Jun 01, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-45544
MEDIUM
Nextcloud Tables 0.8.0-1.0.3 - Exposure of Sensitive Information via View Filter Criteria
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-45543
MEDIUM
Nextcloud Forms 4.3.0-5.2.6 - Unauthorized Read Access to Uploaded Respondent Files
Jun 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-45286
MEDIUM
Nextcloud Calendar 5.5.13-5.5.16 and 6.2.0-6.2.2 - Authenticated User Enumeration via Attendee Suggestion Endpoint
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-45285
MEDIUM
Nextcloud 32.0.0-32.0.8 and 33.0.0-33.0.2 - Unauthenticated Data Access via Auto-Generated Public Link
Jun 01, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-45284
MEDIUM
Nextcloud user_oidc 1.3.6-8.3.9 - Improper Access Control for Deleted LDAP Users
Jun 01, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-45283
MEDIUM
Nextcloud Server 32.0.0-32.0.1 and 33.0.0 - Authenticated File Lock Manipulation via DAV Requests
Jun 01, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-45282
MEDIUM
Nextcloud Server 32.0.0-32.0.8 & 33.0.0-33.0.2 - Improper Access Control via Link Share
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-45281
HIGH
Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 - Authenticated Authorization Bypass in Calendar Backend
Jun 01, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-45279
MEDIUM
Nextcloud Server 31.0.0-31.0.13 and 32.0.0-32.0.3 - Path Traversal via Template Directory Config
Jun 01, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-45278
LOW
Nextcloud user_oidc 6.1.0-8.2.1 - Open Redirect via Login Flow
Jun 01, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-45277
LOW
Nextcloud Approval < 2.7.2 - Authenticated Exposure of Sensitive Information via Workflow File Association Check
Jun 01, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-45275
MEDIUM
Nextcloud Approval < 2.7.2 - Privilege Escalation via Forced File Sharing
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-45267
MEDIUM
Nextcloud: Missing permission check for from submissions
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-45266
LOW
Nextcloud: Unauthorized force-mute from missing permission check when using internal signaling
Jun 01, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-45264
MEDIUM
Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-45159
LOW
Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner
Jun 01, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-45157
MEDIUM
Nextcloud: Valid share tokens allow to access tempory upload files of share owner
Jun 01, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-45156
HIGH
Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC
Jun 01, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-45155
LOW
Nextcloud: Private circle can be added to another circle via API
Jun 01, 2026
CVSS 2.6
EPSS 0.00
CVE-2026-45154
LOW
Nextcloud: Improper Access Control in Collectives
Jun 01, 2026
CVSS 2.6
EPSS 0.00
Products
nextcloud_server 189
nextcloud 28
desktop 27
talk 20
deck 17
security-advisories 17
mail 15
Nextcloud Server 12
calendar 10
user_oidc 9
richdocuments 8
tables 8
contacts 7
nextcloud_enterprise_server 6
approval 3
circles 3
group_folders 3
Flow 2
end-to-end_encryption 2
guests 2
news 2
nextcloud_talk 2
notes 2
openid_connect_user_backend 2
preferred_providers 2
server 2
social 2
Nextcloud 1
cookbook 1
dialogs 1
Quick Filters