| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2021-37617 | Untrusted Search Path in Nextcloud Desktop Client | nextcloud | security-advisories | High | 7.3 | 2021-08-18 17:25:10 | Deep Dive |
| CVE-2021-32728 | End-to-end encryption device setup did not verify public key | nextcloud | security-advisories | Medium | 6.5 | 2021-08-18 16:00:13 | Deep Dive |
| CVE-2021-32748 | WOPI API not protected by credentials/IP check | nextcloud | security-advisories | Medium | 4.3 | 2021-07-27 21:10:12 | Deep Dive |
| CVE-2021-32741 | Lack of ratelimit on public share link mount endpoint | nextcloud | security-advisories | Medium | 5.3 | 2021-07-12 22:05:12 | Deep Dive |
| CVE-2021-32734 | File path disclosure of shared files in Nextcloud Text application | nextcloud | security-advisories | Low | 3.1 | 2021-07-12 21:45:12 | Deep Dive |
| CVE-2021-32733 | XSS in Nextcloud Text application | nextcloud | security-advisories | Medium | 4.8 | 2021-07-12 21:05:12 | Deep Dive |
| CVE-2021-32727 | End-to-end encryption device setup did not verify public key | nextcloud | security-advisories | Medium | 5.7 | 2021-07-12 20:40:13 | Deep Dive |
| CVE-2021-32726 | Webauthn tokens not removed after user has been deleted | nextcloud | security-advisories | High | 7.1 | 2021-07-12 19:45:13 | Deep Dive |
| CVE-2021-32725 | Default share permissions not respected for federated reshares | nextcloud | security-advisories | Low | 3.5 | 2021-07-12 19:30:14 | Deep Dive |
| CVE-2021-32707 | Bypass of image blocking in Nextcloud Mail | nextcloud | security-advisories | Medium | 4.3 | 2021-07-12 19:05:13 | Deep Dive |
| CVE-2021-32689 | Nextcloud Talk not properly disassociating users from chats after account deletion | nextcloud | security-advisories | High | 8.1 | 2021-07-12 18:45:15 | Deep Dive |
| CVE-2021-32705 | Lack of ratelimit on public DAV endpoint | nextcloud | security-advisories | Medium | 5.3 | 2021-07-12 15:30:14 | Deep Dive |
| CVE-2021-32703 | Lack of ratelimit on shareinfo endpoint | nextcloud | security-advisories | Medium | 5.3 | 2021-07-12 15:25:12 | Deep Dive |
| CVE-2021-32688 | Application specific tokens can change their own scope | nextcloud | security-advisories | High | 8.8 | 2021-07-12 13:45:13 | Deep Dive |
| CVE-2021-32680 | Audit log is not properly logging unsetting of share expiration date | nextcloud | security-advisories | Low | 3.3 | 2021-07-12 13:25:16 | Deep Dive |
| CVE-2021-32679 | Filenames not escaped by default in controllers using DownloadResponse | nextcloud | security-advisories | Low | 3.5 | 2021-07-12 12:50:10 | Deep Dive |
| CVE-2021-32678 | Ratelimit not applied on OCS API responses | nextcloud | security-advisories | Low | 3.7 | 2021-07-12 12:25:11 | Deep Dive |
| CVE-2021-32694 | Malicious Android application can crash the Nextcloud Android Client | nextcloud | security-advisories | Medium | 4.1 | 2021-06-17 21:15:12 | Deep Dive |
| CVE-2021-32695 | Malicious Android app could access Shared Preferences of the Nextcloud Android client | nextcloud | security-advisories | Low | 3.9 | 2021-06-17 20:50:11 | Deep Dive |
| CVE-2021-32676 | Session Fixation in Nextcloud Talk | nextcloud | security-advisories | Medium | 6.5 | 2021-06-16 00:05:10 | Deep Dive |