nextcloud

359 tracked vulnerabilities.

CVE-2024-37885 LOW
Nextcloud Desktop < 3.12.0 - Code Injection via DYLD_INSERT_LIBRARIES
Jun 14, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-37884 LOW
Nextcloud Server 25.0.0-25.0.13.6 and 26.0.0-26.0.12 - Authenticated Improper Access Control via File Version Deletion
Jun 14, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-37883 MEDIUM
Nextcloud Deck 1.6.0-1.6.5 - Unauthorized Access to Deleted Card Comments and Attachments
Jun 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-37882 HIGH
Nextcloud Server 23.0.0-23.0.12.16 and 26.0.0-26.0.12 - Improper Access Control via Share Permission Escalation
Jun 14, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-37317 MEDIUM
Nextcloud Notes 4.6.0-4.9.2 - Improper Access Control via Shared Folder
Jun 14, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-37316 MEDIUM
Nextcloud Calendar <4.6.8,4.7.2 - Open Redirect
Jun 14, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-37315 LOW
Nextcloud Server 23.0.0-23.0.11 and 26.0.0-26.0.11 - Authenticated Improper Access Control via File Version Restoration
Jun 14, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-37314 LOW
Nextcloud Server 25.0.0-25.0.7 - Improper Access Control in Photos App
Jun 14, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-37313 HIGH
Nextcloud Server 21.0.0-21.0.9.17 and 26.0.0-26.0.13 - Two-Factor Authentication Bypass
Jun 14, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-37312 MEDIUM
nextcloud/user_oidc < 5.0.0 - Unauthenticated Account Registration via ID4me Endpoint
Jun 14, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-30247 CRITICAL
NextCloudPi < 1.53.1 - Unauthenticated OS Command Injection via Web Panel
Mar 29, 2024
CVSS 10.0
EPSS 0.02
CVE-2024-22404 MEDIUM
Nextcloud Files Zip <1.2.1-1.5.0 - Info Disclosure
Jan 18, 2024
CVSS 4.1
EPSS 0.01
CVE-2024-22402 MEDIUM
Nextcloud Guests < 2.4.1 - Permissions Bypass via App Page Access
Jan 18, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-22401 MEDIUM
Nextcloud Guests <2.4.1-3.0.1 - Privilege Escalation
Jan 18, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-22403 LOW
Nextcloud <28.0.0 - Info Disclosure
Jan 18, 2024
CVSS 3.0
EPSS 0.00
CVE-2024-22400 LOW
Nextcloud <5.1.5-6.0.1 - Open Redirect
Jan 18, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-22213 NONE
Nextcloud Deck 1.9.0-1.9.4 - Stored Cross-Site Scripting via Comment HTML
Jan 18, 2024
EPSS 0.00
CVE-2024-22212 CRITICAL
Nextcloud Global Site Selector 1.1.0-1.4.0 - Authentication Bypass via Password Verification Method
Jan 18, 2024
CVSS 9.6
EPSS 0.01
CVE-2023-49792 MEDIUM
Nextcloud Server 23.0.0-23.0.12.13, 26.0.0-26.0.9 - Authentication Bypass via Trusted Proxy Spoofing
Dec 22, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-49791 MEDIUM
Nextcloud Server 23.0.0-23.0.12.12, 26.0.0-26.0.8 - Improper Access Control via API Bypass
Dec 22, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-49790 MEDIUM
Nextcloud iOS Files < 4.9.2 - Improper Authentication
Dec 22, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-48308 LOW
Nextcloud Calendar <4.5.3 - Info Disclosure
Dec 22, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-48307 LOW
Nextcloud Mail 1.13.0-2.2.7 - Server-Side Request Forgery via Unprotected Endpoint
Nov 21, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-48306 MEDIUM
Nextcloud Server 22.0.0-22.2.10.15, 25.0.0-25.0.10 - Server-Side Request Forgery via DNS Rebinding
Nov 21, 2023
CVSS 5.0
EPSS 0.01
CVE-2023-48305 MEDIUM
Nextcloud Server 25.0.0-25.0.10 - Cleartext Storage of Sensitive Information in Debug Log
Nov 21, 2023
CVSS 4.2
EPSS 0.00
Products
nextcloud_server 181 nextcloud 28 desktop 27 talk 20 deck 17 mail 15 Nextcloud Server 12 calendar 9 richdocuments 8 contacts 7 user_oidc 7 nextcloud_enterprise_server 6 tables 5 circles 3 group_folders 3 Flow 2 end-to-end_encryption 2 guests 2 news 2 nextcloud_talk 2 notes 2 openid_connect_user_backend 2 preferred_providers 2 server 2 social 2 Nextcloud 1 approval 1 cookbook 1 dialogs 1 extract 1
Quick Filters
Critical CVEs With Exploits In CISA KEV