| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-39953 | Issuer not verified from obtained token in user_oidc | nextcloud | security-advisories | Medium | 4.8 | 2023-08-10 13:55:20 | Deep Dive |
| CVE-2023-39952 | Advanced permissions not respected when copying entire group folders | nextcloud | security-advisories | Medium | 6.5 | 2023-08-10 13:50:51 | Deep Dive |
| CVE-2023-35928 | Nextcloud user scoped external storage can be used to gather credentials of other users | nextcloud | security-advisories | High | 8.4 | 2023-06-23 20:58:33 | Deep Dive |
| CVE-2023-35927 | Nextcloud system addressbooks can be modified by malicious trusted server | nextcloud | security-advisories | High | 7.6 | 2023-06-23 20:53:34 | Deep Dive |
| CVE-2023-35173 | End-to-End encrypted file-drops can be made inaccessible | nextcloud | security-advisories | Medium | 5.7 | 2023-06-23 20:50:16 | Deep Dive |
| CVE-2023-35172 | Nextcloud Server password reset endpoint is not brute force protected | nextcloud | security-advisories | High | 8.7 | 2023-06-23 20:49:57 | Deep Dive |
| CVE-2023-35171 | Nextcloud Server vulnerable to open redirect on "Unsupported browser" warning | nextcloud | security-advisories | Medium | 4.1 | 2023-06-23 20:44:34 | Deep Dive |
| CVE-2023-32320 | Nextcloud Server's brute force protection allows someone to send more requests than intended | nextcloud | security-advisories | High | 8.7 | 2023-06-22 20:57:55 | Deep Dive |
| CVE-2023-33183 | Error in calendar when booking an appointment reveals the full path of the website | nextcloud | security-advisories | Low | 2.6 | 2023-05-30 05:01:56 | Deep Dive |
| CVE-2023-33182 | Nextcloud Contacts photos only sanitized if mime type is all lower case | nextcloud | security-advisories | None | 0.0 | 2023-05-30 04:58:08 | Deep Dive |
| CVE-2023-33184 | Blind SSRF in the Nextcloud Mail app on avatar endpoint | nextcloud | security-advisories | Low | 3.5 | 2023-05-27 04:36:02 | Deep Dive |
| CVE-2023-32319 | Basic auth header on WebDAV requests is not brute-force protected in Nextcloud | nextcloud | security-advisories | High | 8.1 | 2023-05-26 22:49:30 | Deep Dive |
| CVE-2023-32318 | User session not correctly destroyed on logout | nextcloud | security-advisories | High | 7.2 | 2023-05-26 17:21:18 | Deep Dive |
| CVE-2023-32074 | Nextcloud user_oidc app is missing brute force protection | nextcloud | security-advisories | High | 8.0 | 2023-05-25 22:59:28 | Deep Dive |
| CVE-2023-28847 | Nextcloud Server missing brute force protection for passwords of password protected share links | nextcloud | security-advisories | Low | 3.1 | 2023-04-25 16:33:00 | Deep Dive |
| CVE-2023-30540 | Chat poll data can still be queried from API after purging history in Nextcloud talk | nextcloud | security-advisories | Low | 3.5 | 2023-04-17 21:32:29 | Deep Dive |
| CVE-2023-30539 | Users can set up workflows using restricted and invisible system tags in Nextcloud | nextcloud | security-advisories | Medium | 6.5 | 2023-04-17 21:27:29 | Deep Dive |
| CVE-2023-29000 | Nextcloud Desktop client does not verify received singed certificate in end-to-end encryption | nextcloud | security-advisories | Medium | 5.4 | 2023-04-04 12:53:36 | Deep Dive |
| CVE-2023-28999 | Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders | nextcloud | security-advisories | Medium | 6.9 | 2023-04-04 12:51:08 | Deep Dive |
| CVE-2023-28998 | Nextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keys | nextcloud | security-advisories | Medium | 6.7 | 2023-04-04 12:45:42 | Deep Dive |