| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-37882 | Nextcloud Server can reshare read&share only folder with more permissions | nextcloud | security-advisories | High | 8.1 | 2024-06-14 15:28:00 | Deep Dive |
| CVE-2024-37317 | Nextcloud Notes app can be tricked into using a received share created before the user logged in | nextcloud | security-advisories | Medium | 4.6 | 2024-06-14 15:25:24 | Deep Dive |
| CVE-2024-37316 | Nextcloud Calendar's event create can create attachments that link to other websites | nextcloud | security-advisories | Medium | 4.6 | 2024-06-14 15:23:13 | Deep Dive |
| CVE-2024-37315 | Nextcloud Server's read-only users can restore old versions | nextcloud | security-advisories | Low | 3.5 | 2024-06-14 15:08:54 | Deep Dive |
| CVE-2024-37314 | Nextcloud Photos' shared albums have no restriction on photo removal | nextcloud | security-advisories | Low | 3.5 | 2024-06-14 15:05:48 | Deep Dive |
| CVE-2024-37313 | Nextcloud server allows the by-pass the second factor | nextcloud | security-advisories | High | 7.3 | 2024-06-14 14:50:44 | Deep Dive |
| CVE-2024-37312 | Nextcloud user_oidc app's ID4me feature is available even when disabled | nextcloud | security-advisories | Medium | 6.3 | 2024-06-14 14:43:24 | Deep Dive |
| CVE-2024-22402 | Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist | nextcloud | security-advisories | Medium | 5.4 | 2024-01-18 20:23:55 | Deep Dive |
| CVE-2024-22401 | All users can reset the allowed apps list for Nextcloud Guest App users | nextcloud | security-advisories | Medium | 4.1 | 2024-01-18 20:23:53 | Deep Dive |
| CVE-2024-22404 | Permissions bypass in Nextcloud with the files zip app | nextcloud | security-advisories | Medium | 4.1 | 2024-01-18 20:14:28 | Deep Dive |
| CVE-2024-22403 | OAuth2 authorization codes are valid indefinetly in Nextcloud server | nextcloud | security-advisories | Low | 3.0 | 2024-01-18 20:03:31 | Deep Dive |
| CVE-2024-22400 | Open redirect in user_saml via RelayState parameter in Nextcloud User Saml | nextcloud | security-advisories | Low | 3.1 | 2024-01-18 19:21:07 | Deep Dive |
| CVE-2024-22213 | Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app | nextcloud | security-advisories | None | 0.0 | 2024-01-18 19:11:41 | Deep Dive |
| CVE-2024-22212 | Nextcloud global site selector authentication bypass | nextcloud | security-advisories | Critical | 9.6 | 2024-01-18 19:04:10 | Deep Dive |
| CVE-2023-49792 | Bruteforce protection can be bypassed with misconfigured proxy | nextcloud | security-advisories | Medium | 5.3 | 2023-12-22 16:31:18 | Deep Dive |
| CVE-2023-49791 | Workflows do not require password confirmation on API level | nextcloud | security-advisories | Medium | 5.4 | 2023-12-22 16:26:28 | Deep Dive |
| CVE-2023-49790 | App PIN code can be bypassed in Nextcloud Files iOS | nextcloud | security-advisories | Medium | 4.3 | 2023-12-22 16:19:28 | Deep Dive |
| CVE-2023-48308 | Calendar app returns full stacktrace when an error happens while editing appointment | nextcloud | security-advisories | Low | 3.5 | 2023-12-21 23:12:46 | Deep Dive |
| CVE-2023-48307 | Nextcloud Mail app vulnerable to Server-Side Request Forgery | nextcloud | security-advisories | Low | 3.5 | 2023-11-21 22:22:57 | Deep Dive |
| CVE-2023-48306 | Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF | nextcloud | security-advisories | Medium | 5.0 | 2023-11-21 22:20:28 | Deep Dive |