| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-66512 | Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud | nextcloud | security-advisories | Medium | 5.4 | 2025-12-05 16:22:50 | Deep Dive |
| CVE-2025-66510 | Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list | nextcloud | security-advisories | Medium | 4.5 | 2025-12-05 16:18:54 | Deep Dive |
| CVE-2025-59788 | Nextcloud 安全漏洞 | Nextcloud | Nextcloud | Medium | 6.4 | 2025-12-04 00:00:00 | Deep Dive |
| CVE-2025-58051 | Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table | nextcloud | security-advisories | Medium | 6.5 | 2025-10-16 16:48:20 | Deep Dive |
| CVE-2025-47794 | Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission | nextcloud | security-advisories | Low | 2.6 | 2025-05-16 14:35:25 | Deep Dive |
| CVE-2025-47793 | Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file | nextcloud | security-advisories | Medium | 4.3 | 2025-05-16 14:31:51 | Deep Dive |
| CVE-2025-47792 | Nextcloud Desktop 3rdparty applications can create share links via socket API | nextcloud | security-advisories | Medium | 5.0 | 2025-05-16 14:13:53 | Deep Dive |
| CVE-2025-47791 | Nextcloud Server's test remote endpoint is not rate limited | nextcloud | security-advisories | Medium | 4.3 | 2025-05-16 14:09:27 | Deep Dive |
| CVE-2025-47790 | Nextcloud Server doesn't request second factor after session timeout | nextcloud | security-advisories | Medium | 6.4 | 2025-05-16 14:02:58 | Deep Dive |
| CVE-2024-52509 | Nextcloud Mail app does not respect download permissions in shares | nextcloud | security-advisories | Low | 3.5 | 2024-11-15 17:37:47 | Deep Dive |
| CVE-2024-52508 | Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers | nextcloud | security-advisories | High | 8.2 | 2024-11-15 17:34:22 | Deep Dive |
| CVE-2024-52510 | Nextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty | nextcloud | security-advisories | Medium | 4.2 | 2024-11-15 17:29:45 | Deep Dive |
| CVE-2024-52507 | Share information of the Nextcloud Tables app is not limited to affected users | nextcloud | security-advisories | Low | 3.5 | 2024-11-15 17:24:50 | Deep Dive |
| CVE-2024-52511 | Nextcloud Tables has an Authorization Bypass Through User-Controlled Key in Tables | nextcloud | security-advisories | Medium | 6.3 | 2024-11-15 17:22:41 | Deep Dive |
| CVE-2024-52512 | Nextcloud User OIDC has an open redirection when logging in with User OIDC | nextcloud | security-advisories | Low | 3.3 | 2024-11-15 17:18:51 | Deep Dive |
| CVE-2024-52513 | Nextcloud Server's Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares | nextcloud | security-advisories | Low | 2.6 | 2024-11-15 17:08:56 | Deep Dive |
| CVE-2024-52514 | Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control | nextcloud | security-advisories | Medium | 4.1 | 2024-11-15 17:06:04 | Deep Dive |
| CVE-2024-52515 | Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews | nextcloud | security-advisories | Medium | 5.7 | 2024-11-15 17:03:09 | Deep Dive |
| CVE-2024-52516 | Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them | nextcloud | security-advisories | Low | 3.0 | 2024-11-15 16:55:19 | Deep Dive |
| CVE-2024-52517 | Nextcloud Server's global credentials of external storages are sent back to the frontend | nextcloud | security-advisories | Medium | 4.6 | 2024-11-15 16:49:41 | Deep Dive |