nextcloud

359 tracked vulnerabilities.

CVE-2023-48304 MEDIUM
Nextcloud Server 22.0.0-22.2.10.15, 25.0.0-25.0.10 - Authorization Bypass via Birthday Calendar Toggle
Nov 21, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-48303 LOW
Nextcloud Server 25.0.0-25.0.10 - Improper Access Control in External Storage Authentication
Nov 21, 2023
CVSS 2.4
EPSS 0.00
CVE-2023-48302 LOW
Nextcloud Server 25.0.0-25.0.12 - Stored Cross-Site Scripting via Paste Without Markup
Nov 21, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-48301 LOW
Nextcloud Server 25.0.0-25.0.12 - Stored Cross-Site Scripting via Circle Name Links
Nov 21, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-48239 HIGH
Nextcloud Server 20.0.0-20.0.14.16, 25.0.0-25.0.13 - Authenticated External Storage Access Control Bypass
Nov 21, 2023
CVSS 8.5
EPSS 0.01
CVE-2023-45150 MEDIUM
Nextcloud Calendar < 4.4.4 - Denial of Service via Email Address Validation
Oct 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-45149 MEDIUM
Nextcloud Talk 15.0.0-15.0.8 - Brute Force Protection Bypass via Password Validation Endpoint
Oct 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-45660 MEDIUM
Nextcloud Mail 2.2.0-2.2.8 - Server-Side Request Forgery via Proxy Endpoint
Oct 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-45151 MEDIUM
Nextcloud Server < 25.0.8 - Cleartext Storage of OAuth2 Tokens
Oct 16, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-45148 MEDIUM
Nextcloud Server 22.0.0-22.2.10.15 and 25.0.0-25.0.10 - Rate Limit Bypass via Memcached Distributed Cache
Oct 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-39960 MEDIUM
Nextcloud Server 22.0.0-22.2.10.14, 25.0.0-25.0.9 - Unauthenticated Password Brute Force via WebDAV API
Oct 13, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-39963 HIGH
Nextcloud Server 20.0.0-27.0.1 - Unauthenticated App Password Creation via Stolen Session
Aug 10, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-39962 HIGH
Nextcloud Server Improper Access Control in External Storage Deletion
Aug 10, 2023
CVSS 7.7
EPSS 0.00
CVE-2023-39961 LOW
Nextcloud Server 24.0.4-24.0.12.4, 25.0.0-25.0.8, 26.0.0-26.0.3, 27.0.0 - Improper Access Control
Aug 10, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-39959 LOW
Nextcloud Server 25.0.0-25.0.8 - Unauthenticated Information Disclosure via DAV Request
Aug 10, 2023
CVSS 3.5
EPSS 0.01
CVE-2023-39958 MEDIUM
Nextcloud Server OAuth2 Client Secret Brute Force
Aug 10, 2023
CVSS 5.8
EPSS 0.00
CVE-2023-39957 HIGH
Nextcloud Talk Android < 17.0.0 - Path Traversal via Unprotected Intent
Aug 10, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-39955 LOW
Nextcloud Notes 4.4.0-4.7.9 - Stored Cross-Site Scripting via HTML Note Preview
Aug 10, 2023
CVSS 3.5
EPSS 0.01
CVE-2023-39954 LOW
nextcloud/user_oidc 1.0.0-1.3.2 - Missing Encryption of Sensitive Data
Aug 10, 2023
CVSS 3.8
EPSS 0.01
CVE-2023-39953 MEDIUM
user_oidc <1.3.3 - Man-in-the-Middle
Aug 10, 2023
CVSS 4.8
EPSS 0.01
CVE-2023-39952 MEDIUM
Nextcloud Server 22.0.0-27.0.0 - Improper Access Control in Groupfolder Subfolder Permissions
Aug 10, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-35928 HIGH
Nextcloud Server <26.0.2 - Info Disclosure
Jun 23, 2023
CVSS 8.4
EPSS 0.00
CVE-2023-35927 HIGH
NextCloud Server <26.0.2 - Privilege Escalation
Jun 23, 2023
CVSS 7.6
EPSS 0.00
CVE-2023-35173 MEDIUM
Nextcloud End-to-end Encryption 1.12.0-1.12.3 - Denial of Service via Invalid Metadata File
Jun 23, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-35172 HIGH
Nextcloud Server 21.0.0-21.0.9.12, 25.0.0-25.0.7 - Brute Force Attack via Password Reset Links
Jun 23, 2023
CVSS 8.7
EPSS 0.01
Products
nextcloud_server 181 nextcloud 28 desktop 27 talk 20 deck 17 mail 15 Nextcloud Server 12 calendar 9 richdocuments 8 contacts 7 user_oidc 7 nextcloud_enterprise_server 6 tables 5 circles 3 group_folders 3 Flow 2 end-to-end_encryption 2 guests 2 news 2 nextcloud_talk 2 notes 2 openid_connect_user_backend 2 preferred_providers 2 server 2 social 2 Nextcloud 1 approval 1 cookbook 1 dialogs 1 extract 1
Quick Filters
Critical CVEs With Exploits In CISA KEV