| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-52518 | Nextcloud Server is missing password confirmation when changing external storage options | nextcloud | security-advisories | Medium | 4.4 | 2024-11-15 16:46:45 | Deep Dive |
| CVE-2024-52519 | Nextcloud Server's OAuth2 client secrets were stored in a recoverable way | nextcloud | security-advisories | Low | 2.7 | 2024-11-15 16:43:57 | Deep Dive |
| CVE-2024-52520 | Nextcloud Server's link reference provider can be tricked into downloading bigger files than intended | nextcloud | security-advisories | Medium | 5.7 | 2024-11-15 16:41:42 | Deep Dive |
| CVE-2024-52521 | Nextcloud Server has a potential hash collision for background jobs could skip queuing them | nextcloud | security-advisories | Low | 2.6 | 2024-11-15 16:38:49 | Deep Dive |
| CVE-2024-52523 | Nextcloud Server Custom defined credentials of external storages are sent back to the frontend | nextcloud | security-advisories | Medium | 4.6 | 2024-11-15 16:35:39 | Deep Dive |
| CVE-2024-52525 | Nextcloud Server User password is available in memory of the PHP process | nextcloud | security-advisories | Low | 1.8 | 2024-11-15 16:30:28 | Deep Dive |
| CVE-2024-37887 | Nextcloud Server's events information leaked with shared calendars on recurrence exceptions | nextcloud | security-advisories | Low | 3.5 | 2024-06-14 15:48:12 | Deep Dive |
| CVE-2024-37886 | Nextcloud user_oidc's ID4me does not validate signature or expiration | nextcloud | security-advisories | Medium | 5.4 | 2024-06-14 15:45:13 | Deep Dive |
| CVE-2024-37885 | Code injection in Nextcloud Desktop Client for macOS | nextcloud | security-advisories | Low | 3.8 | 2024-06-14 15:42:42 | Deep Dive |
| CVE-2024-37884 | Nextcloud Server's users can delete old versions of read-only shared files | nextcloud | security-advisories | Low | 3.5 | 2024-06-14 15:36:16 | Deep Dive |
| CVE-2024-37883 | Nextcloud Deck can access comments and attachments of deleted cards | nextcloud | security-advisories | Medium | 4.3 | 2024-06-14 15:33:19 | Deep Dive |
| CVE-2024-37882 | Nextcloud Server can reshare read&share only folder with more permissions | nextcloud | security-advisories | High | 8.1 | 2024-06-14 15:28:00 | Deep Dive |
| CVE-2024-37317 | Nextcloud Notes app can be tricked into using a received share created before the user logged in | nextcloud | security-advisories | Medium | 4.6 | 2024-06-14 15:25:24 | Deep Dive |
| CVE-2024-37316 | Nextcloud Calendar's event create can create attachments that link to other websites | nextcloud | security-advisories | Medium | 4.6 | 2024-06-14 15:23:13 | Deep Dive |
| CVE-2024-37315 | Nextcloud Server's read-only users can restore old versions | nextcloud | security-advisories | Low | 3.5 | 2024-06-14 15:08:54 | Deep Dive |
| CVE-2024-37314 | Nextcloud Photos' shared albums have no restriction on photo removal | nextcloud | security-advisories | Low | 3.5 | 2024-06-14 15:05:48 | Deep Dive |
| CVE-2024-37313 | Nextcloud server allows the by-pass the second factor | nextcloud | security-advisories | High | 7.3 | 2024-06-14 14:50:44 | Deep Dive |
| CVE-2024-37312 | Nextcloud user_oidc app's ID4me feature is available even when disabled | nextcloud | security-advisories | Medium | 6.3 | 2024-06-14 14:43:24 | Deep Dive |
| CVE-2024-30247 | Command Injection as root in NextCloudPi web panel | nextcloud | nextcloudpi | Critical | 10.0 | 2024-03-29 15:57:57 | Deep Dive |
| CVE-2024-22402 | Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist | nextcloud | security-advisories | Medium | 5.4 | 2024-01-18 20:23:55 | Deep Dive |