owncloud
173 tracked vulnerabilities.
CVE-2025-53831
HIGH
DrawIO for ownCloud < 1.0.2 - Stored Cross-Site Scripting
Jul 06, 2026
CVSS 8.2
EPSS 0.00
CVE-2025-53830
CRITICAL
Anti-Virus for ownCloud < 1.2.3 - Server-Side Request Forgery
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-53829
HIGH
ownCloud 10 is vulnerable to Relative Path Traversal
Jul 06, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-53828
HIGH
SharePoint for ownCloud < 0.4.1 - Admin Server-Side Request Forgery
Jul 06, 2026
CVSS 8.5
EPSS 0.00
CVE-2025-53827
CRITICAL
ownCloud Core: Updater has an exposed dangerous method or function
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-59716
MEDIUM
NUCLEI
owncloud guests < 0.12.4 - Unauthenticated User Enumeration via Registration Endpoint
Nov 05, 2025
CVSS 5.3
EPSS 0.01
CVE-2023-49105
CRITICAL
NUCLEI
ownCloud <10.13.1 - Info Disclosure
Nov 21, 2023
CVSS 9.8
EPSS 0.11
CVE-2023-49104
HIGH
owncloud/oauth2 < 0.6.1 - Open Redirect via Subdomain Validation Bypass
Nov 21, 2023
CVSS 8.7
EPSS 0.01
CVE-2023-49103
CRITICAL
KEVNUCLEI
ownCloud Phpinfo Reader
Nov 21, 2023
CVSS 10.0
EPSS 0.78
CVE-2023-24804
MEDIUM
ownCloud Android <3.0 - Path Traversal
Feb 13, 2023
CVSS 5.0
EPSS 0.01
CVE-2023-23948
MEDIUM
ownCloud Android app <3.0 - SQL Injection
Feb 13, 2023
CVSS 6.2
EPSS 0.00
CVE-2022-43679
MEDIUM
ownCloud Server <=10.11 - Info Disclosure
Nov 10, 2022
CVSS 4.2
EPSS 0.00
CVE-2022-31649
HIGH
owncloud < 10.10.0 - Exposure of Sensitive Information
Jun 09, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25339
MEDIUM
ownCloud owncloud/android <2.20 - Info Disclosure
Apr 07, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-25338
MEDIUM
ownCloud owncloud/android <2.20 - Info Disclosure
Apr 07, 2022
CVSS 6.8
EPSS 0.00
CVE-2021-44537
HIGH
owncloud_desktop_client < 2.9.2 - Remote Code Execution via URL Resource Injection
Jan 15, 2022
CVSS 7.8
EPSS 0.03
CVE-2021-33828
HIGH
ownCloud files_antivirus < 1.0.0 - Unrestricted Upload of File with Dangerous Type
Jan 15, 2022
CVSS 8.8
EPSS 0.01
CVE-2021-33827
HIGH
ownCloud files_antivirus < 1.0.0 - OS Command Injection via Administration Settings
Jan 15, 2022
CVSS 7.2
EPSS 0.02
CVE-2021-40537
LOW
owncloud/user_ldap < 0.15.4 - Authenticated Server-Side Request Forgery in Settings
Sep 08, 2021
CVSS 2.7
EPSS 0.01
CVE-2021-35948
MEDIUM
ownCloud Server <10.8.0 - Auth Bypass
Sep 07, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-35946
CRITICAL
ownCloud <10.8 - Privilege Escalation
Sep 07, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-35949
MEDIUM
ownCloud Server <10.8.0 - Auth Bypass
Sep 07, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-35947
MEDIUM
owncloud < 10.8.0 - Information Disclosure via Public Share URL
Sep 07, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-29659
MEDIUM
owncloud_server 10.7 - Unauthenticated Information Disclosure via User Enumeration Endpoint
May 20, 2021
CVSS 6.5
EPSS 0.01
CVE-2020-28646
HIGH
owncloud_desktop_client < 2.7 - DLL Injection via Plugin Loading
Feb 26, 2021
CVSS 7.8
EPSS 0.01
Products
Quick Filters