| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2021-41180 | Geolocation preview links can be set to arbitrary links in nextcloud talk | nextcloud | security-advisories | Medium | 4.7 | 2022-03-08 17:45:12 | Deep Dive |
| CVE-2021-41166 | Permission bypass in Nextcloud Android App | nextcloud | security-advisories | Medium | 4.3 | 2022-01-26 22:35:10 | Deep Dive |
| CVE-2021-39222 | XSS in Talk | nextcloud | security-advisories | Medium | 6.4 | 2021-11-15 18:30:13 | Deep Dive |
| CVE-2021-41179 | Two-Factor Authentication not enforced for pages marked as public | nextcloud | security-advisories | Medium | 6.5 | 2021-10-25 22:00:13 | Deep Dive |
| CVE-2021-41178 | File Traversal affecting SVG files on Nextcloud Server | nextcloud | security-advisories | High | 8.8 | 2021-10-25 21:55:11 | Deep Dive |
| CVE-2021-41177 | Rate-limits not working on instances without configured memory cache backend | nextcloud | security-advisories | High | 8.1 | 2021-10-25 21:50:11 | Deep Dive |
| CVE-2021-39224 | File path disclosure of shared files in OfficeOnline application | nextcloud | security-advisories | Low | 3.5 | 2021-10-25 21:40:17 | Deep Dive |
| CVE-2021-39225 | Missing permission check on Deck API | nextcloud | security-advisories | High | 8.1 | 2021-10-25 21:40:11 | Deep Dive |
| CVE-2021-39223 | File path disclosure of shared files in Richdocuments application | nextcloud | security-advisories | Medium | 4.8 | 2021-10-25 21:35:11 | Deep Dive |
| CVE-2021-39221 | XSS in Contacts | nextcloud | security-advisories | Medium | 6.4 | 2021-10-25 19:05:10 | Deep Dive |
| CVE-2021-39220 | Bypass of image blocking in Nextcloud Mail | nextcloud | security-advisories | Low | 3.5 | 2021-10-25 18:55:14 | Deep Dive |
| CVE-2021-32802 | Preview generation used third-party library not suited for user-generated content in Nextcloud server | nextcloud | security-advisories | Critical | 9.3 | 2021-09-07 21:45:11 | Deep Dive |
| CVE-2021-32801 | Exceptions may have logged Encryption-at-Rest key content in Nextcloud server | nextcloud | security-advisories | Medium | 5.5 | 2021-09-07 21:40:11 | Deep Dive |
| CVE-2021-32800 | Bypass of Two Factor Authentication in Nextcloud server | nextcloud | security-advisories | High | 8.1 | 2021-09-07 21:35:11 | Deep Dive |
| CVE-2021-32766 | Nextcloud Text app can disclose existence of folders in "File Drop" link share | nextcloud | security-advisories | Medium | 5.3 | 2021-09-07 21:05:11 | Deep Dive |
| CVE-2021-37629 | Lack of ratelimit on Richdocuments OCS endpoint in nextcloud | nextcloud | security-advisories | Medium | 5.3 | 2021-09-07 20:25:11 | Deep Dive |
| CVE-2021-37628 | File Drop can be bypassed using Richdocuments app in nextcloud | nextcloud | security-advisories | High | 7.5 | 2021-09-07 20:15:11 | Deep Dive |
| CVE-2021-32782 | Cross-Site Scripting in Nextcloud Circles | nextcloud | security-advisories | Medium | 5.8 | 2021-09-07 20:00:19 | Deep Dive |
| CVE-2021-37630 | Secret Circle can be joined without approval in Nextcloud Circles | nextcloud | security-advisories | Medium | 6.5 | 2021-09-07 20:00:12 | Deep Dive |
| CVE-2021-37631 | Circle can be accessed by non-Circle members in Nextcloud Deck | nextcloud | security-advisories | Medium | 6.5 | 2021-09-07 19:50:11 | Deep Dive |