nextcloud

385 tracked vulnerabilities.

CVE-2026-45810 MEDIUM
Nextcloud Server 31.0.0-31.0.11 and 32.0.0-32.0.2 - Authenticated Unauthorized Comment Access
Jun 01, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-45722 HIGH
Nextcloud Tables 0.9.0-0.9.6 and 1.0.0-1.0.1 - Authenticated SQL Injection in ORDER BY Statement
Jun 01, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-45691 MEDIUM
Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 - Two-Factor Authentication Bypass via Pre-2FA Session Cookie Reuse
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-45690 MEDIUM
Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 - Authentication Bypass via Session Token Replay
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-45545 HIGH
Nextcloud Tables 0.7.0-0.7.6, 0.8.0-0.8.9, 0.9.0-0.9.7, 1.0.0-1.0.3 - Authenticated SQL Injection via Stored Input
Jun 01, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-45544 MEDIUM
Nextcloud Tables 0.8.0-1.0.3 - Exposure of Sensitive Information via View Filter Criteria
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-45543 MEDIUM
Nextcloud Forms 4.3.0-5.2.6 - Unauthorized Read Access to Uploaded Respondent Files
Jun 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-45286 MEDIUM
Nextcloud Calendar 5.5.13-5.5.16 and 6.2.0-6.2.2 - Authenticated User Enumeration via Attendee Suggestion Endpoint
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-45285 MEDIUM
Nextcloud 32.0.0-32.0.8 and 33.0.0-33.0.2 - Unauthenticated Data Access via Auto-Generated Public Link
Jun 01, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-45284 MEDIUM
Nextcloud user_oidc 1.3.6-8.3.9 - Improper Access Control for Deleted LDAP Users
Jun 01, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-45283 MEDIUM
Nextcloud Server 32.0.0-32.0.1 and 33.0.0 - Authenticated File Lock Manipulation via DAV Requests
Jun 01, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-45282 MEDIUM
Nextcloud Server 32.0.0-32.0.8 & 33.0.0-33.0.2 - Improper Access Control via Link Share
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-45281 HIGH
Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 - Authenticated Authorization Bypass in Calendar Backend
Jun 01, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-45279 MEDIUM
Nextcloud Server 31.0.0-31.0.13 and 32.0.0-32.0.3 - Path Traversal via Template Directory Config
Jun 01, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-45278 LOW
Nextcloud user_oidc 6.1.0-8.2.1 - Open Redirect via Login Flow
Jun 01, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-45277 LOW
Nextcloud Approval < 2.7.2 - Authenticated Exposure of Sensitive Information via Workflow File Association Check
Jun 01, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-45275 MEDIUM
Nextcloud Approval < 2.7.2 - Privilege Escalation via Forced File Sharing
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-45267 MEDIUM
Nextcloud: Missing permission check for from submissions
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-45266 LOW
Nextcloud: Unauthorized force-mute from missing permission check when using internal signaling
Jun 01, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-45264 MEDIUM
Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-45159 LOW
Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner
Jun 01, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-45157 MEDIUM
Nextcloud: Valid share tokens allow to access tempory upload files of share owner
Jun 01, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-45156 HIGH
Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC
Jun 01, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-45155 LOW
Nextcloud: Private circle can be added to another circle via API
Jun 01, 2026
CVSS 2.6
EPSS 0.00
CVE-2026-45154 LOW
Nextcloud: Improper Access Control in Collectives
Jun 01, 2026
CVSS 2.6
EPSS 0.00