| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-22401 | All users can reset the allowed apps list for Nextcloud Guest App users | nextcloud | security-advisories | Medium | 4.1 | 2024-01-18 20:23:53 | Deep Dive |
| CVE-2024-22404 | Permissions bypass in Nextcloud with the files zip app | nextcloud | security-advisories | Medium | 4.1 | 2024-01-18 20:14:28 | Deep Dive |
| CVE-2024-22403 | OAuth2 authorization codes are valid indefinetly in Nextcloud server | nextcloud | security-advisories | Low | 3.0 | 2024-01-18 20:03:31 | Deep Dive |
| CVE-2024-22400 | Open redirect in user_saml via RelayState parameter in Nextcloud User Saml | nextcloud | security-advisories | Low | 3.1 | 2024-01-18 19:21:07 | Deep Dive |
| CVE-2024-22213 | Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app | nextcloud | security-advisories | None | 0.0 | 2024-01-18 19:11:41 | Deep Dive |
| CVE-2024-22212 | Nextcloud global site selector authentication bypass | nextcloud | security-advisories | Critical | 9.6 | 2024-01-18 19:04:10 | Deep Dive |
| CVE-2023-49792 | Bruteforce protection can be bypassed with misconfigured proxy | nextcloud | security-advisories | Medium | 5.3 | 2023-12-22 16:31:18 | Deep Dive |
| CVE-2023-49791 | Workflows do not require password confirmation on API level | nextcloud | security-advisories | Medium | 5.4 | 2023-12-22 16:26:28 | Deep Dive |
| CVE-2023-49790 | App PIN code can be bypassed in Nextcloud Files iOS | nextcloud | security-advisories | Medium | 4.3 | 2023-12-22 16:19:28 | Deep Dive |
| CVE-2023-48308 | Calendar app returns full stacktrace when an error happens while editing appointment | nextcloud | security-advisories | Low | 3.5 | 2023-12-21 23:12:46 | Deep Dive |
| CVE-2023-48307 | Nextcloud Mail app vulnerable to Server-Side Request Forgery | nextcloud | security-advisories | Low | 3.5 | 2023-11-21 22:22:57 | Deep Dive |
| CVE-2023-48306 | Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF | nextcloud | security-advisories | Medium | 5.0 | 2023-11-21 22:20:28 | Deep Dive |
| CVE-2023-48305 | Nextcloud Server user_ldap app logs user passwords in the log file on level debug | nextcloud | security-advisories | Medium | 4.2 | 2023-11-21 22:17:36 | Deep Dive |
| CVE-2023-48304 | Nextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user | nextcloud | security-advisories | Medium | 4.3 | 2023-11-21 22:06:00 | Deep Dive |
| CVE-2023-48303 | Nextcloud Server admins can change authentication details of user configured external storage | nextcloud | security-advisories | Low | 2.4 | 2023-11-21 22:00:02 | Deep Dive |
| CVE-2023-48302 | Nextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V | nextcloud | security-advisories | Low | 3.5 | 2023-11-21 21:53:00 | Deep Dive |
| CVE-2023-48301 | Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name | nextcloud | security-advisories | Low | 3.5 | 2023-11-21 21:26:21 | Deep Dive |
| CVE-2023-48239 | Nextcloud Server users can make external storage mount points inaccessible for other users | nextcloud | security-advisories | High | 8.5 | 2023-11-21 21:02:35 | Deep Dive |
| CVE-2023-45150 | Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive | nextcloud | security-advisories | Medium | 4.3 | 2023-10-16 19:06:04 | Deep Dive |
| CVE-2023-45149 | Password of talk conversations can be bruteforced in Nextcloud | nextcloud | security-advisories | Medium | 4.3 | 2023-10-16 19:03:20 | Deep Dive |