| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-28997 | Nextcloud Desktop: Initialization vector reuse in E2EE allows malicious server admin to break, manipulate, access files | nextcloud | security-advisories | Medium | 6.7 | 2023-04-04 12:42:25 | Deep Dive |
| CVE-2023-28848 | CSRF protection on user_oidc login returned the expected token in case of an error | nextcloud | security-advisories | Medium | 4.8 | 2023-04-04 12:38:31 | Deep Dive |
| CVE-2023-28834 | Full path of data directory exposed to Nextcloud server users | nextcloud | security-advisories | Low | 3.5 | 2023-04-03 16:19:48 | Deep Dive |
| CVE-2023-28845 | Chat room membership disclosed via autocompletion in Nextcloud talk | nextcloud | security-advisories | Low | 3.5 | 2023-03-31 22:13:44 | Deep Dive |
| CVE-2023-28844 | User without download rights can download older version of that file in nextcloud server | nextcloud | security-advisories | Medium | 5.7 | 2023-03-31 22:10:29 | Deep Dive |
| CVE-2023-28645 | Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments | nextcloud | security-advisories | Medium | 5.7 | 2023-03-31 22:08:15 | Deep Dive |
| CVE-2023-28835 | Insecure randomness for default password in nextcloud | nextcloud | security-advisories | Low | 3.5 | 2023-03-30 18:57:00 | Deep Dive |
| CVE-2023-28833 | Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server | nextcloud | security-advisories | Low | 2.4 | 2023-03-30 18:49:39 | Deep Dive |
| CVE-2023-28644 | Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server | nextcloud | security-advisories | Medium | 5.7 | 2023-03-30 18:36:27 | Deep Dive |
| CVE-2023-28643 | Potential share collision for recipients when caching is enabled in nextcloud server | nextcloud | security-advisories | Medium | 5.5 | 2023-03-30 18:31:32 | Deep Dive |
| CVE-2023-26482 | Scope of workflow operations is not validated in nextcloud server | nextcloud | security-advisories | Critical | 9.0 | 2023-03-30 18:27:17 | Deep Dive |
| CVE-2023-28646 | App lockout in nextcloud Android app can be bypassed via thirdparty apps | nextcloud | security-advisories | Medium | 4.4 | 2023-03-30 18:16:19 | Deep Dive |
| CVE-2023-28647 | App pin of the iOS app can be bypassed in Nextcloud iOS | nextcloud | security-advisories | Medium | 4.4 | 2023-03-30 18:12:25 | Deep Dive |
| CVE-2023-25817 | Delete permissions are not saved when creating public share in Nextcloud server | nextcloud | security-advisories | Low | 3.5 | 2023-03-27 20:04:15 | Deep Dive |
| CVE-2023-25818 | Missing brute force protection on password reset token in Nextcloud Server | nextcloud | security-advisories | Medium | 5.3 | 2023-03-27 20:00:01 | Deep Dive |
| CVE-2023-25820 | Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal | nextcloud | security-advisories | Medium | 4.2 | 2023-03-22 18:22:54 | Deep Dive |
| CVE-2023-26041 | Nextcloud Talk messages can still be seen on conversation after expiring when cron is misconfigured | nextcloud | security-advisories | Low | 2.6 | 2023-02-27 20:16:09 | Deep Dive |
| CVE-2023-25821 | Nextcloud download permissions can be changed by resharer | nextcloud | security-advisories | Medium | 5.7 | 2023-02-24 23:39:52 | Deep Dive |
| CVE-2023-25816 | nextcloud vulnerable to Uncontrolled Resource Consumption | nextcloud | security-advisories | Medium | 4.3 | 2023-02-24 23:17:42 | Deep Dive |
| CVE-2023-25579 | Directory traversal in Nextcloud server | nextcloud | security-advisories | Medium | 6.0 | 2023-02-22 18:21:11 | Deep Dive |