| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-45148 | Rate limiter not working reliable when Memcached is installed in Nextcloud | nextcloud | security-advisories | Medium | 4.3 | 2023-10-16 18:51:57 | Deep Dive |
| CVE-2023-45151 | OAuth2 client_secret stored in plain text in the Nextcloud database | nextcloud | security-advisories | Medium | 6.5 | 2023-10-16 18:41:29 | Deep Dive |
| CVE-2023-45660 | Require strict cookies for image proxy requests in Nextcloud Mail | nextcloud | security-advisories | Medium | 4.3 | 2023-10-16 18:32:00 | Deep Dive |
| CVE-2023-39960 | Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint | nextcloud | security-advisories | Medium | 5.0 | 2023-10-13 12:08:00 | Deep Dive |
| CVE-2023-39963 | Missing password confirmation when creating app passwords | nextcloud | security-advisories | High | 8.1 | 2023-08-10 17:26:30 | Deep Dive |
| CVE-2023-39962 | Users can delete external storage mount points | nextcloud | security-advisories | High | 7.7 | 2023-08-10 17:23:50 | Deep Dive |
| CVE-2023-39961 | Text does not respect "Allow download" permissions | nextcloud | security-advisories | Low | 3.5 | 2023-08-10 17:18:41 | Deep Dive |
| CVE-2023-39959 | Existence of calendars and address books can be checked by unauthenticated users | nextcloud | security-advisories | Low | 3.5 | 2023-08-10 17:07:42 | Deep Dive |
| CVE-2023-39958 | Missing brute force protection on password reset token OAuth2 API controller | nextcloud | security-advisories | Medium | 5.8 | 2023-08-10 17:04:52 | Deep Dive |
| CVE-2023-39957 | Path traversal allows tricking the Talk Android app into writing files into it's root directory | nextcloud | security-advisories | 高危 | - | 2023-08-10 15:04:16 | Deep Dive |
| CVE-2023-39955 | Notes attachment render HTML in preview mode | nextcloud | security-advisories | Low | 3.5 | 2023-08-10 14:53:43 | Deep Dive |
| CVE-2023-39954 | user_oidc app stores client secret unencrypted in database | nextcloud | security-advisories | Low | 3.8 | 2023-08-10 14:32:27 | Deep Dive |
| CVE-2023-39953 | Issuer not verified from obtained token in user_oidc | nextcloud | security-advisories | Medium | 4.8 | 2023-08-10 13:55:20 | Deep Dive |
| CVE-2023-39952 | Advanced permissions not respected when copying entire group folders | nextcloud | security-advisories | Medium | 6.5 | 2023-08-10 13:50:51 | Deep Dive |
| CVE-2023-35928 | Nextcloud user scoped external storage can be used to gather credentials of other users | nextcloud | security-advisories | High | 8.4 | 2023-06-23 20:58:33 | Deep Dive |
| CVE-2023-35927 | Nextcloud system addressbooks can be modified by malicious trusted server | nextcloud | security-advisories | High | 7.6 | 2023-06-23 20:53:34 | Deep Dive |
| CVE-2023-35173 | End-to-End encrypted file-drops can be made inaccessible | nextcloud | security-advisories | Medium | 5.7 | 2023-06-23 20:50:16 | Deep Dive |
| CVE-2023-35172 | Nextcloud Server password reset endpoint is not brute force protected | nextcloud | security-advisories | High | 8.7 | 2023-06-23 20:49:57 | Deep Dive |
| CVE-2023-35171 | Nextcloud Server vulnerable to open redirect on "Unsupported browser" warning | nextcloud | security-advisories | Medium | 4.1 | 2023-06-23 20:44:34 | Deep Dive |
| CVE-2023-32320 | Nextcloud Server's brute force protection allows someone to send more requests than intended | nextcloud | security-advisories | High | 8.7 | 2023-06-22 20:57:55 | Deep Dive |