| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-52507 | Share information of the Nextcloud Tables app is not limited to affected users | nextcloud | security-advisories | Low | 3.5 | 2024-11-15 17:24:50 | Deep Dive |
| CVE-2024-52511 | Nextcloud Tables has an Authorization Bypass Through User-Controlled Key in Tables | nextcloud | security-advisories | Medium | 6.3 | 2024-11-15 17:22:41 | Deep Dive |
| CVE-2024-52512 | Nextcloud User OIDC has an open redirection when logging in with User OIDC | nextcloud | security-advisories | Low | 3.3 | 2024-11-15 17:18:51 | Deep Dive |
| CVE-2024-52513 | Nextcloud Server's Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares | nextcloud | security-advisories | Low | 2.6 | 2024-11-15 17:08:56 | Deep Dive |
| CVE-2024-52514 | Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control | nextcloud | security-advisories | Medium | 4.1 | 2024-11-15 17:06:04 | Deep Dive |
| CVE-2024-52515 | Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews | nextcloud | security-advisories | Medium | 5.7 | 2024-11-15 17:03:09 | Deep Dive |
| CVE-2024-52516 | Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them | nextcloud | security-advisories | Low | 3.0 | 2024-11-15 16:55:19 | Deep Dive |
| CVE-2024-52517 | Nextcloud Server's global credentials of external storages are sent back to the frontend | nextcloud | security-advisories | Medium | 4.6 | 2024-11-15 16:49:41 | Deep Dive |
| CVE-2024-52518 | Nextcloud Server is missing password confirmation when changing external storage options | nextcloud | security-advisories | Medium | 4.4 | 2024-11-15 16:46:45 | Deep Dive |
| CVE-2024-52519 | Nextcloud Server's OAuth2 client secrets were stored in a recoverable way | nextcloud | security-advisories | Low | 2.7 | 2024-11-15 16:43:57 | Deep Dive |
| CVE-2024-52520 | Nextcloud Server's link reference provider can be tricked into downloading bigger files than intended | nextcloud | security-advisories | Medium | 5.7 | 2024-11-15 16:41:42 | Deep Dive |
| CVE-2024-52521 | Nextcloud Server has a potential hash collision for background jobs could skip queuing them | nextcloud | security-advisories | Low | 2.6 | 2024-11-15 16:38:49 | Deep Dive |
| CVE-2024-52523 | Nextcloud Server Custom defined credentials of external storages are sent back to the frontend | nextcloud | security-advisories | Medium | 4.6 | 2024-11-15 16:35:39 | Deep Dive |
| CVE-2024-52525 | Nextcloud Server User password is available in memory of the PHP process | nextcloud | security-advisories | Low | 1.8 | 2024-11-15 16:30:28 | Deep Dive |
| CVE-2024-40636 | Basic Auth Credential Leakage to Logs After Fetch Registry Error in Steeltoe.Discovery.Eureka with Peer Awareness | SteeltoeOSS | security-advisories | Medium | 5.3 | 2024-07-17 17:48:26 | Deep Dive |
| CVE-2024-37887 | Nextcloud Server's events information leaked with shared calendars on recurrence exceptions | nextcloud | security-advisories | Low | 3.5 | 2024-06-14 15:48:12 | Deep Dive |
| CVE-2024-37886 | Nextcloud user_oidc's ID4me does not validate signature or expiration | nextcloud | security-advisories | Medium | 5.4 | 2024-06-14 15:45:13 | Deep Dive |
| CVE-2024-37885 | Code injection in Nextcloud Desktop Client for macOS | nextcloud | security-advisories | Low | 3.8 | 2024-06-14 15:42:42 | Deep Dive |
| CVE-2024-37884 | Nextcloud Server's users can delete old versions of read-only shared files | nextcloud | security-advisories | Low | 3.5 | 2024-06-14 15:36:16 | Deep Dive |
| CVE-2024-37883 | Nextcloud Deck can access comments and attachments of deleted cards | nextcloud | security-advisories | Medium | 4.3 | 2024-06-14 15:33:19 | Deep Dive |