owncloud

173 tracked vulnerabilities.

CVE-2025-53831 HIGH
DrawIO for ownCloud < 1.0.2 - Stored Cross-Site Scripting
Jul 06, 2026
CVSS 8.2
EPSS 0.00
CVE-2025-53830 CRITICAL
Anti-Virus for ownCloud < 1.2.3 - Server-Side Request Forgery
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-53829 HIGH
ownCloud 10 is vulnerable to Relative Path Traversal
Jul 06, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-53828 HIGH
SharePoint for ownCloud < 0.4.1 - Admin Server-Side Request Forgery
Jul 06, 2026
CVSS 8.5
EPSS 0.00
CVE-2025-53827 CRITICAL
ownCloud Core: Updater has an exposed dangerous method or function
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-59716 MEDIUM NUCLEI
owncloud guests < 0.12.4 - Unauthenticated User Enumeration via Registration Endpoint
Nov 05, 2025
CVSS 5.3
EPSS 0.01
CVE-2023-49105 CRITICAL NUCLEI
ownCloud <10.13.1 - Info Disclosure
Nov 21, 2023
CVSS 9.8
EPSS 0.11
CVE-2023-49104 HIGH
owncloud/oauth2 < 0.6.1 - Open Redirect via Subdomain Validation Bypass
Nov 21, 2023
CVSS 8.7
EPSS 0.01
CVE-2023-49103 CRITICAL KEVNUCLEI
ownCloud Phpinfo Reader
Nov 21, 2023
CVSS 10.0
EPSS 0.78
CVE-2023-24804 MEDIUM
ownCloud Android <3.0 - Path Traversal
Feb 13, 2023
CVSS 5.0
EPSS 0.01
CVE-2023-23948 MEDIUM
ownCloud Android app <3.0 - SQL Injection
Feb 13, 2023
CVSS 6.2
EPSS 0.00
CVE-2022-43679 MEDIUM
ownCloud Server <=10.11 - Info Disclosure
Nov 10, 2022
CVSS 4.2
EPSS 0.00
CVE-2022-31649 HIGH
owncloud < 10.10.0 - Exposure of Sensitive Information
Jun 09, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25339 MEDIUM
ownCloud owncloud/android <2.20 - Info Disclosure
Apr 07, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-25338 MEDIUM
ownCloud owncloud/android <2.20 - Info Disclosure
Apr 07, 2022
CVSS 6.8
EPSS 0.00
CVE-2021-44537 HIGH
owncloud_desktop_client < 2.9.2 - Remote Code Execution via URL Resource Injection
Jan 15, 2022
CVSS 7.8
EPSS 0.03
CVE-2021-33828 HIGH
ownCloud files_antivirus < 1.0.0 - Unrestricted Upload of File with Dangerous Type
Jan 15, 2022
CVSS 8.8
EPSS 0.01
CVE-2021-33827 HIGH
ownCloud files_antivirus < 1.0.0 - OS Command Injection via Administration Settings
Jan 15, 2022
CVSS 7.2
EPSS 0.02
CVE-2021-40537 LOW
owncloud/user_ldap < 0.15.4 - Authenticated Server-Side Request Forgery in Settings
Sep 08, 2021
CVSS 2.7
EPSS 0.01
CVE-2021-35948 MEDIUM
ownCloud Server <10.8.0 - Auth Bypass
Sep 07, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-35946 CRITICAL
ownCloud <10.8 - Privilege Escalation
Sep 07, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-35949 MEDIUM
ownCloud Server <10.8.0 - Auth Bypass
Sep 07, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-35947 MEDIUM
owncloud < 10.8.0 - Information Disclosure via Public Share URL
Sep 07, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-29659 MEDIUM
owncloud_server 10.7 - Unauthenticated Information Disclosure via User Enumeration Endpoint
May 20, 2021
CVSS 6.5
EPSS 0.01
CVE-2020-28646 HIGH
owncloud_desktop_client < 2.7 - DLL Injection via Plugin Loading
Feb 26, 2021
CVSS 7.8
EPSS 0.01