owncloud

CVE-2025-59716 MEDIUM NUCLEI

owncloud guests < 0.12.4 - Unauthenticated User Enumeration via Registration Endpoint

Nov 05, 2025

CVSS 5.3

EPSS 0.01

CVE-2023-49105 CRITICAL NUCLEI

ownCloud <10.13.1 - Info Disclosure

Nov 21, 2023

CVSS 9.8

EPSS 0.90

CVE-2023-49104 HIGH

owncloud/oauth2 < 0.6.1 - Open Redirect via Subdomain Validation Bypass

Nov 21, 2023

CVSS 8.7

EPSS 0.00

CVE-2023-49103 CRITICAL KEVNUCLEI

ownCloud Phpinfo Reader

Nov 21, 2023

CVSS 10.0

EPSS 0.94

CVE-2023-24804 MEDIUM

ownCloud Android <3.0 - Path Traversal

Feb 13, 2023

CVSS 5.0

EPSS 0.00

CVE-2023-23948 MEDIUM

ownCloud Android app <3.0 - SQL Injection

Feb 13, 2023

CVSS 6.2

EPSS 0.00

CVE-2022-43679 MEDIUM

ownCloud Server <=10.11 - Info Disclosure

Nov 10, 2022

CVSS 4.2

EPSS 0.00

CVE-2022-31649 HIGH

owncloud < 10.10.0 - Exposure of Sensitive Information

Jun 09, 2022

CVSS 7.5

EPSS 0.00

CVE-2022-25339 MEDIUM

ownCloud owncloud/android <2.20 - Info Disclosure

Apr 07, 2022

CVSS 5.5

EPSS 0.00

CVE-2022-25338 MEDIUM

ownCloud owncloud/android <2.20 - Info Disclosure

Apr 07, 2022

CVSS 6.8

EPSS 0.00

CVE-2021-44537 HIGH

owncloud_desktop_client < 2.9.2 - Remote Code Execution via URL Resource Injection

Jan 15, 2022

CVSS 7.8

EPSS 0.01

CVE-2021-33828 HIGH

ownCloud files_antivirus < 1.0.0 - Unrestricted Upload of File with Dangerous Type

Jan 15, 2022

CVSS 8.8

EPSS 0.01

CVE-2021-33827 HIGH

ownCloud files_antivirus < 1.0.0 - OS Command Injection via Administration Settings

Jan 15, 2022

CVSS 7.2

EPSS 0.01

CVE-2021-40537 LOW

owncloud/user_ldap < 0.15.4 - Authenticated Server-Side Request Forgery in Settings

Sep 08, 2021

CVSS 2.7

EPSS 0.00

CVE-2021-35948 MEDIUM

ownCloud Server <10.8.0 - Auth Bypass

Sep 07, 2021

CVSS 5.4

EPSS 0.00

CVE-2021-35946 CRITICAL

ownCloud <10.8 - Privilege Escalation

Sep 07, 2021

CVSS 9.8

EPSS 0.00

CVE-2021-35949 MEDIUM

ownCloud Server <10.8.0 - Auth Bypass

Sep 07, 2021

CVSS 5.3

EPSS 0.00

CVE-2021-35947 MEDIUM

owncloud < 10.8.0 - Information Disclosure via Public Share URL

Sep 07, 2021

CVSS 5.3

EPSS 0.00

CVE-2021-29659 MEDIUM

owncloud_server 10.7 - Unauthenticated Information Disclosure via User Enumeration Endpoint

May 20, 2021

CVSS 6.5

EPSS 0.00

CVE-2020-28646 HIGH

owncloud_desktop_client < 2.7 - DLL Injection via Plugin Loading

Feb 26, 2021

CVSS 7.8

EPSS 0.00

CVE-2020-36248 LOW

owncloud_client < 2.15 - Unauthenticated PIN Lock Bypass via ADB Backup Restore

Feb 19, 2021

CVSS 3.9

EPSS 0.00

CVE-2020-36252 MEDIUM

ownCloud Server <10.3.1 - Info Disclosure

Feb 19, 2021

CVSS 6.8

EPSS 0.00

CVE-2020-36251 LOW

ownCloud Server <10.3.0 - Info Disclosure

Feb 19, 2021

CVSS 3.5

EPSS 0.00

CVE-2020-36250 MEDIUM

owncloud_client < 2.15 - Lock Protection Bypass via System Date Manipulation

Feb 19, 2021

CVSS 6.1

EPSS 0.00

CVE-2020-36249 HIGH

File Firewall <2.8.0 - Info Disclosure

Feb 19, 2021

CVSS 7.5

EPSS 0.00