| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-48305 | Nextcloud Server user_ldap app logs user passwords in the log file on level debug | nextcloud | security-advisories | Medium | 4.2 | 2023-11-21 22:17:36 | Deep Dive |
| CVE-2023-48304 | Nextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user | nextcloud | security-advisories | Medium | 4.3 | 2023-11-21 22:06:00 | Deep Dive |
| CVE-2023-48303 | Nextcloud Server admins can change authentication details of user configured external storage | nextcloud | security-advisories | Low | 2.4 | 2023-11-21 22:00:02 | Deep Dive |
| CVE-2023-48302 | Nextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V | nextcloud | security-advisories | Low | 3.5 | 2023-11-21 21:53:00 | Deep Dive |
| CVE-2023-48301 | Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name | nextcloud | security-advisories | Low | 3.5 | 2023-11-21 21:26:21 | Deep Dive |
| CVE-2023-48239 | Nextcloud Server users can make external storage mount points inaccessible for other users | nextcloud | security-advisories | High | 8.5 | 2023-11-21 21:02:35 | Deep Dive |
| CVE-2023-45150 | Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive | nextcloud | security-advisories | Medium | 4.3 | 2023-10-16 19:06:04 | Deep Dive |
| CVE-2023-45149 | Password of talk conversations can be bruteforced in Nextcloud | nextcloud | security-advisories | Medium | 4.3 | 2023-10-16 19:03:20 | Deep Dive |
| CVE-2023-45148 | Rate limiter not working reliable when Memcached is installed in Nextcloud | nextcloud | security-advisories | Medium | 4.3 | 2023-10-16 18:51:57 | Deep Dive |
| CVE-2023-45151 | OAuth2 client_secret stored in plain text in the Nextcloud database | nextcloud | security-advisories | Medium | 6.5 | 2023-10-16 18:41:29 | Deep Dive |
| CVE-2023-45660 | Require strict cookies for image proxy requests in Nextcloud Mail | nextcloud | security-advisories | Medium | 4.3 | 2023-10-16 18:32:00 | Deep Dive |
| CVE-2023-39960 | Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint | nextcloud | security-advisories | Medium | 5.0 | 2023-10-13 12:08:00 | Deep Dive |
| CVE-2023-39963 | Missing password confirmation when creating app passwords | nextcloud | security-advisories | High | 8.1 | 2023-08-10 17:26:30 | Deep Dive |
| CVE-2023-39962 | Users can delete external storage mount points | nextcloud | security-advisories | High | 7.7 | 2023-08-10 17:23:50 | Deep Dive |
| CVE-2023-39961 | Text does not respect "Allow download" permissions | nextcloud | security-advisories | Low | 3.5 | 2023-08-10 17:18:41 | Deep Dive |
| CVE-2023-39959 | Existence of calendars and address books can be checked by unauthenticated users | nextcloud | security-advisories | Low | 3.5 | 2023-08-10 17:07:42 | Deep Dive |
| CVE-2023-39958 | Missing brute force protection on password reset token OAuth2 API controller | nextcloud | security-advisories | Medium | 5.8 | 2023-08-10 17:04:52 | Deep Dive |
| CVE-2023-39957 | Path traversal allows tricking the Talk Android app into writing files into it's root directory | nextcloud | security-advisories | 高危 | - | 2023-08-10 15:04:16 | Deep Dive |
| CVE-2023-39955 | Notes attachment render HTML in preview mode | nextcloud | security-advisories | Low | 3.5 | 2023-08-10 14:53:43 | Deep Dive |
| CVE-2023-39954 | user_oidc app stores client secret unencrypted in database | nextcloud | security-advisories | Low | 3.8 | 2023-08-10 14:32:27 | Deep Dive |