| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-33183 | Error in calendar when booking an appointment reveals the full path of the website | nextcloud | security-advisories | Low | 2.6 | 2023-05-30 05:01:56 | Deep Dive |
| CVE-2023-33182 | Nextcloud Contacts photos only sanitized if mime type is all lower case | nextcloud | security-advisories | None | 0.0 | 2023-05-30 04:58:08 | Deep Dive |
| CVE-2023-33184 | Blind SSRF in the Nextcloud Mail app on avatar endpoint | nextcloud | security-advisories | Low | 3.5 | 2023-05-27 04:36:02 | Deep Dive |
| CVE-2023-32319 | Basic auth header on WebDAV requests is not brute-force protected in Nextcloud | nextcloud | security-advisories | High | 8.1 | 2023-05-26 22:49:30 | Deep Dive |
| CVE-2023-31128 | NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection | nextcloud | cookbook | High | 8.1 | 2023-05-26 21:49:07 | Deep Dive |
| CVE-2023-32318 | User session not correctly destroyed on logout | nextcloud | security-advisories | High | 7.2 | 2023-05-26 17:21:18 | Deep Dive |
| CVE-2023-32074 | Nextcloud user_oidc app is missing brute force protection | nextcloud | security-advisories | High | 8.0 | 2023-05-25 22:59:28 | Deep Dive |
| CVE-2023-28847 | Nextcloud Server missing brute force protection for passwords of password protected share links | nextcloud | security-advisories | Low | 3.1 | 2023-04-25 16:33:00 | Deep Dive |
| CVE-2023-30540 | Chat poll data can still be queried from API after purging history in Nextcloud talk | nextcloud | security-advisories | Low | 3.5 | 2023-04-17 21:32:29 | Deep Dive |
| CVE-2023-30539 | Users can set up workflows using restricted and invisible system tags in Nextcloud | nextcloud | security-advisories | Medium | 6.5 | 2023-04-17 21:27:29 | Deep Dive |
| CVE-2023-29000 | Nextcloud Desktop client does not verify received singed certificate in end-to-end encryption | nextcloud | security-advisories | Medium | 5.4 | 2023-04-04 12:53:36 | Deep Dive |
| CVE-2023-28999 | Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders | nextcloud | security-advisories | Medium | 6.9 | 2023-04-04 12:51:08 | Deep Dive |
| CVE-2023-28998 | Nextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keys | nextcloud | security-advisories | Medium | 6.7 | 2023-04-04 12:45:42 | Deep Dive |
| CVE-2023-28997 | Nextcloud Desktop: Initialization vector reuse in E2EE allows malicious server admin to break, manipulate, access files | nextcloud | security-advisories | Medium | 6.7 | 2023-04-04 12:42:25 | Deep Dive |
| CVE-2023-28848 | CSRF protection on user_oidc login returned the expected token in case of an error | nextcloud | security-advisories | Medium | 4.8 | 2023-04-04 12:38:31 | Deep Dive |
| CVE-2023-28834 | Full path of data directory exposed to Nextcloud server users | nextcloud | security-advisories | Low | 3.5 | 2023-04-03 16:19:48 | Deep Dive |
| CVE-2023-28845 | Chat room membership disclosed via autocompletion in Nextcloud talk | nextcloud | security-advisories | Low | 3.5 | 2023-03-31 22:13:44 | Deep Dive |
| CVE-2023-28844 | User without download rights can download older version of that file in nextcloud server | nextcloud | security-advisories | Medium | 5.7 | 2023-03-31 22:10:29 | Deep Dive |
| CVE-2023-28645 | Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments | nextcloud | security-advisories | Medium | 5.7 | 2023-03-31 22:08:15 | Deep Dive |
| CVE-2023-28835 | Insecure randomness for default password in nextcloud | nextcloud | security-advisories | Low | 3.5 | 2023-03-30 18:57:00 | Deep Dive |