nextcloud
359 tracked vulnerabilities.
CVE-2025-47794
LOW
Nextcloud Server 26.0.0-26.0.13.13, 29.0.0-29.0.13 - Unauthenticated Temporary File Access and Symlink Attack
May 16, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-47793
MEDIUM
Nextcloud Groupfolders 16.0.0-16.0.10 & Server 28.0.0-28.0.11, 29.0.0-29.0.8 - Authenticated Resource Exhaustion
May 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-47792
MEDIUM
Nextcloud Desktop < 3.15.0 - Unauthenticated Improper Access Control via Socket API
May 16, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-47791
MEDIUM
Nextcloud Server < 28.0.13, 29.0.10, 30.0.3 - Server-Side Request Forgery via Share Recipient Verification Endpoint
May 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-47790
MEDIUM
Nextcloud Server 26.0.0-26.0.13.15, 29.0.0-29.0.15 - Authentication Bypass via Session Handling
May 16, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-52514
MEDIUM
Nextcloud Server 21.0.0-21.0.9.18 27.0.0-27.1.9 - Improper Access Control via Folder Copy Bypass
Nov 15, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-52513
LOW
Nextcloud Server 25.0.0-25.0.13.13 and 28.0.0-28.0.11 - Unauthorized Attachment Download via Text File References
Nov 15, 2024
CVSS 2.6
EPSS 0.01
CVE-2024-52512
LOW
Nextcloud User OIDC 6.0.0-6.0.9 - Open Redirect via Malformed Login Link
Nov 15, 2024
CVSS 3.3
EPSS 0.01
CVE-2024-52511
MEDIUM
Nextcloud Tables 0.6.0-0.7.9 - Authorization Bypass via Direct Table ID Specification
Nov 15, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-52510
MEDIUM
Nextcloud Desktop 3.0.0-3.14.1 - Improper Certificate Validation via Empty Initial Signature
Nov 15, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-52509
LOW
Nextcloud Mail 2.2.0-2.2.9 - Improper Access Control via Shared File Attachment
Nov 15, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-52508
HIGH
Nextcloud Mail 1.9.0-1.14.5 - Unauthenticated Exposure of Sensitive Information via Auto-Configuration Request
Nov 15, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-52507
LOW
Nextcloud Tables 0.3.0-0.8.0 - Authorization Bypass via Shared Table Permissions
Nov 15, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-52525
LOW
Nextcloud Server 28.0.0-28.0.11 - Cleartext Storage of Sensitive Information in Session Data
Nov 15, 2024
CVSS 1.8
EPSS 0.01
CVE-2024-52523
MEDIUM
Nextcloud Server 25.0.0-25.0.13.14 28.0.0-28.0.12 - Information Disclosure via External Storage Credential Exposure
Nov 15, 2024
CVSS 4.6
EPSS 0.01
CVE-2024-52521
LOW
Nextcloud Server <28.0.10-30.0.0 - Info Disclosure
Nov 15, 2024
CVSS 2.6
EPSS 0.01
CVE-2024-52520
MEDIUM
Nextcloud Server 27.0.0-27.1.11.8 and 28.0.0-28.0.10 - Uncontrolled Resource Consumption via Link Reference Provider
Nov 15, 2024
CVSS 5.7
EPSS 0.01
CVE-2024-52519
LOW
Nextcloud Server 27.0.0-27.1.11.8 and 28.0.0-28.0.10 - Insecure Storage of OAuth2 Client Secrets
Nov 15, 2024
CVSS 2.7
EPSS 0.01
CVE-2024-52518
MEDIUM
Nextcloud Server 28.0.0-28.0.11 - Authenticated External Storage Manipulation
Nov 15, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-52517
MEDIUM
Nextcloud Server 25.0.0-25.0.13/28.0.0-28.0.11 - Sensitive Info Exposure via API
Nov 15, 2024
CVSS 4.6
EPSS 0.01
CVE-2024-52516
LOW
Nextcloud Server 26.0.0-26.0.13.8 and 28.0.0-28.0.8 - Improper Privilege Management
Nov 15, 2024
CVSS 3.0
EPSS 0.01
CVE-2024-52515
MEDIUM
Nextcloud Server <27.1.10,28.0.6,29.0.1 - Path Traversal
Nov 15, 2024
CVSS 5.7
EPSS 0.01
CVE-2024-46958
CRITICAL
Nextcloud Desktop Client <3.13.4 - Info Disclosure
Sep 16, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-37887
LOW
Nextcloud Server 27.0.0-27.1.9 - Improper Access Control in Shared Calendar Recurrence Exceptions
Jun 14, 2024
CVSS 3.5
EPSS 0.01
CVE-2024-37886
MEDIUM
Nextcloud user_oidc < 1.3.5 - Improper Verification of Cryptographic Signature
Jun 14, 2024
CVSS 5.4
EPSS 0.01
Products
nextcloud_server 181
nextcloud 28
desktop 27
talk 20
deck 17
mail 15
Nextcloud Server 12
calendar 9
richdocuments 8
contacts 7
user_oidc 7
nextcloud_enterprise_server 6
tables 5
circles 3
group_folders 3
Flow 2
end-to-end_encryption 2
guests 2
news 2
nextcloud_talk 2
notes 2
openid_connect_user_backend 2
preferred_providers 2
server 2
social 2
Nextcloud 1
approval 1
cookbook 1
dialogs 1
extract 1
Quick Filters