| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2021-41177 | Rate-limits not working on instances without configured memory cache backend | nextcloud | security-advisories | High | 8.1 | 2021-10-25 21:50:11 | Deep Dive |
| CVE-2021-39224 | File path disclosure of shared files in OfficeOnline application | nextcloud | security-advisories | Low | 3.5 | 2021-10-25 21:40:17 | Deep Dive |
| CVE-2021-39225 | Missing permission check on Deck API | nextcloud | security-advisories | High | 8.1 | 2021-10-25 21:40:11 | Deep Dive |
| CVE-2021-39223 | File path disclosure of shared files in Richdocuments application | nextcloud | security-advisories | Medium | 4.8 | 2021-10-25 21:35:11 | Deep Dive |
| CVE-2021-39221 | XSS in Contacts | nextcloud | security-advisories | Medium | 6.4 | 2021-10-25 19:05:10 | Deep Dive |
| CVE-2021-39220 | Bypass of image blocking in Nextcloud Mail | nextcloud | security-advisories | Low | 3.5 | 2021-10-25 18:55:14 | Deep Dive |
| CVE-2021-32802 | Preview generation used third-party library not suited for user-generated content in Nextcloud server | nextcloud | security-advisories | Critical | 9.3 | 2021-09-07 21:45:11 | Deep Dive |
| CVE-2021-32801 | Exceptions may have logged Encryption-at-Rest key content in Nextcloud server | nextcloud | security-advisories | Medium | 5.5 | 2021-09-07 21:40:11 | Deep Dive |
| CVE-2021-32800 | Bypass of Two Factor Authentication in Nextcloud server | nextcloud | security-advisories | High | 8.1 | 2021-09-07 21:35:11 | Deep Dive |
| CVE-2021-32766 | Nextcloud Text app can disclose existence of folders in "File Drop" link share | nextcloud | security-advisories | Medium | 5.3 | 2021-09-07 21:05:11 | Deep Dive |
| CVE-2021-37629 | Lack of ratelimit on Richdocuments OCS endpoint in nextcloud | nextcloud | security-advisories | Medium | 5.3 | 2021-09-07 20:25:11 | Deep Dive |
| CVE-2021-37628 | File Drop can be bypassed using Richdocuments app in nextcloud | nextcloud | security-advisories | High | 7.5 | 2021-09-07 20:15:11 | Deep Dive |
| CVE-2021-32782 | Cross-Site Scripting in Nextcloud Circles | nextcloud | security-advisories | Medium | 5.8 | 2021-09-07 20:00:19 | Deep Dive |
| CVE-2021-37630 | Secret Circle can be joined without approval in Nextcloud Circles | nextcloud | security-advisories | Medium | 6.5 | 2021-09-07 20:00:12 | Deep Dive |
| CVE-2021-37631 | Circle can be accessed by non-Circle members in Nextcloud Deck | nextcloud | security-advisories | Medium | 6.5 | 2021-09-07 19:50:11 | Deep Dive |
| CVE-2021-37617 | Untrusted Search Path in Nextcloud Desktop Client | nextcloud | security-advisories | High | 7.3 | 2021-08-18 17:25:10 | Deep Dive |
| CVE-2021-32728 | End-to-end encryption device setup did not verify public key | nextcloud | security-advisories | Medium | 6.5 | 2021-08-18 16:00:13 | Deep Dive |
| CVE-2021-32748 | WOPI API not protected by credentials/IP check | nextcloud | security-advisories | Medium | 4.3 | 2021-07-27 21:10:12 | Deep Dive |
| CVE-2021-32741 | Lack of ratelimit on public share link mount endpoint | nextcloud | security-advisories | Medium | 5.3 | 2021-07-12 22:05:12 | Deep Dive |
| CVE-2021-32734 | File path disclosure of shared files in Nextcloud Text application | nextcloud | security-advisories | Low | 3.1 | 2021-07-12 21:45:12 | Deep Dive |