nextcloud

359 tracked vulnerabilities.

CVE-2023-28644 MEDIUM
Nextcloud Server 25.0.0-25.0.2 - Denial of Service via Inefficient Fetch Operation
Mar 30, 2023
CVSS 5.7
EPSS 0.01
CVE-2023-28643 MEDIUM
Nextcloud <25.0.3, <24.0.9 - Info Disclosure
Mar 30, 2023
CVSS 5.5
EPSS 0.01
CVE-2023-26482 CRITICAL
Nextcloud Server <24.0.10 - Workflow Scope Validation Bypass to Code Execution
Mar 30, 2023
CVSS 9.0
EPSS 0.51
CVE-2023-25817 LOW
Nextcloud Server 24.0.0-24.0.8 - Unauthorized File Deletion via Permission Escalation
Mar 27, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-25818 MEDIUM
Nextcloud Server 21.0.0-21.0.9.10 and 24.0.0-24.0.10 - Brute Force Attack via Password Reset Token
Mar 27, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-25820 MEDIUM
Nextcloud Server 21.0.0-21.0.8, 24.0.0-24.0.9 - Brute Force Attack via Confirmation Endpoint
Mar 22, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-26041 LOW
Nextcloud Talk <15.0.3 - Info Disclosure
Feb 27, 2023
CVSS 2.6
EPSS 0.00
CVE-2023-25821 MEDIUM
Nextcloud Server 24.0.4-24.0.6 and 25.0.0 - Improper Access Control via Reshare Permissions
Feb 25, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-25816 MEDIUM
Nextcloud Server 25.0.0-25.0.3 - Uncontrolled Resource Consumption via Long Password Validation
Feb 25, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-25579 MEDIUM
Nextcloud Server < 23.0.12, 20.0.0-20.0.14 - Path Traversal via Folder::getFullPath()
Feb 22, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-25162 MEDIUM
Nextcloud Server < 23.0.12 - Server-Side Request Forgery via IP Filter Bypass
Feb 13, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-25161 LOW
Nextcloud Server < 23.0.12, 24.0.8, 25.0.1 - Denial of Service via Password Reset Rate Limit Bypass
Feb 13, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-25160 MEDIUM
Nextcloud Mail < 1.11.8 - Unauthenticated Email Metadata Exposure via Mailbox ID
Feb 13, 2023
CVSS 4.1
EPSS 0.00
CVE-2023-25159 LOW
Nextcloud Server 24.0.4-24.0.7 and 25.0.0 - Improper Access Control in Preview Watermark
Feb 13, 2023
CVSS 2.3
EPSS 0.00
CVE-2023-25150 MEDIUM
Nextcloud richdocuments < 3.8.7 - Improper Access Control via Collabora Integration
Feb 08, 2023
CVSS 5.8
EPSS 0.00
CVE-2023-23943 MEDIUM
Nextcloud Mail < 1.15.0 - Server-Side Request Forgery via SMTP/IMAP/Sieve Host Fields
Feb 06, 2023
CVSS 5.0
EPSS 0.01
CVE-2023-23942 MEDIUM
Nextcloud Desktop Client <3.6.3 - Code Injection
Feb 06, 2023
CVSS 5.4
EPSS 0.02
CVE-2023-23944 LOW
Nextcloud Mail <2.2.2 - Info Disclosure
Feb 06, 2023
CVSS 2.0
EPSS 0.00
CVE-2023-22471 LOW
Nextcloud Deck < 1.6.5 - Authorization Bypass via Attachment Deletion
Jan 14, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-22470 LOW
Nextcloud Deck < 1.6.5 - Denial of Service via Database Error
Jan 14, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-22469 MEDIUM
Nextcloud Deck < 1.8.2 - Unauthorized Sensitive Information Exposure via Card Reference Preview
Jan 10, 2023
CVSS 5.8
EPSS 0.00
CVE-2023-22473 LOW
Nextcloud Talk < 15.0.2 - Improper Access Control via Passcode Bypass
Jan 09, 2023
CVSS 2.1
EPSS 0.00
CVE-2023-22472 MEDIUM
Nextcloud Desktop - Cross-Site Request Forgery via Deep Link
Jan 09, 2023
CVSS 5.3
EPSS 0.00
CVE-2022-41971 MEDIUM
Nextcloud Talk 12.0.0-12.2.7 - Unauthorized Video Stream Access After Removal
Dec 01, 2022
CVSS 4.8
EPSS 0.00
CVE-2022-41970 LOW
Nextcloud Server < 24.0.7 and 25.0.1 - Improper Access Control via Preview Image Download
Dec 01, 2022
CVSS 2.6
EPSS 0.00
Products
nextcloud_server 181 nextcloud 28 desktop 27 talk 20 deck 17 mail 15 Nextcloud Server 12 calendar 9 richdocuments 8 contacts 7 user_oidc 7 nextcloud_enterprise_server 6 tables 5 circles 3 group_folders 3 Flow 2 end-to-end_encryption 2 guests 2 news 2 nextcloud_talk 2 notes 2 openid_connect_user_backend 2 preferred_providers 2 server 2 social 2 Nextcloud 1 approval 1 cookbook 1 dialogs 1 extract 1
Quick Filters
Critical CVEs With Exploits In CISA KEV