| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-28833 | Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server | nextcloud | security-advisories | Low | 2.4 | 2023-03-30 18:49:39 | Deep Dive |
| CVE-2023-28644 | Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server | nextcloud | security-advisories | Medium | 5.7 | 2023-03-30 18:36:27 | Deep Dive |
| CVE-2023-28643 | Potential share collision for recipients when caching is enabled in nextcloud server | nextcloud | security-advisories | Medium | 5.5 | 2023-03-30 18:31:32 | Deep Dive |
| CVE-2023-26482 | Scope of workflow operations is not validated in nextcloud server | nextcloud | security-advisories | Critical | 9.0 | 2023-03-30 18:27:17 | Deep Dive |
| CVE-2023-28646 | App lockout in nextcloud Android app can be bypassed via thirdparty apps | nextcloud | security-advisories | Medium | 4.4 | 2023-03-30 18:16:19 | Deep Dive |
| CVE-2023-28647 | App pin of the iOS app can be bypassed in Nextcloud iOS | nextcloud | security-advisories | Medium | 4.4 | 2023-03-30 18:12:25 | Deep Dive |
| CVE-2023-25817 | Delete permissions are not saved when creating public share in Nextcloud server | nextcloud | security-advisories | Low | 3.5 | 2023-03-27 20:04:15 | Deep Dive |
| CVE-2023-25818 | Missing brute force protection on password reset token in Nextcloud Server | nextcloud | security-advisories | Medium | 5.3 | 2023-03-27 20:00:01 | Deep Dive |
| CVE-2023-25820 | Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal | nextcloud | security-advisories | Medium | 4.2 | 2023-03-22 18:22:54 | Deep Dive |
| CVE-2023-26041 | Nextcloud Talk messages can still be seen on conversation after expiring when cron is misconfigured | nextcloud | security-advisories | Low | 2.6 | 2023-02-27 20:16:09 | Deep Dive |
| CVE-2023-25821 | Nextcloud download permissions can be changed by resharer | nextcloud | security-advisories | Medium | 5.7 | 2023-02-24 23:39:52 | Deep Dive |
| CVE-2023-25816 | nextcloud vulnerable to Uncontrolled Resource Consumption | nextcloud | security-advisories | Medium | 4.3 | 2023-02-24 23:17:42 | Deep Dive |
| CVE-2023-25579 | Directory traversal in Nextcloud server | nextcloud | security-advisories | Medium | 6.0 | 2023-02-22 18:21:11 | Deep Dive |
| CVE-2023-25162 | Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs | nextcloud | security-advisories | Medium | 5.3 | 2023-02-13 20:34:29 | Deep Dive |
| CVE-2023-25161 | Nextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails | nextcloud | security-advisories | Low | 3.7 | 2023-02-13 20:22:33 | Deep Dive |
| CVE-2023-25160 | IDOR Vulnerability in Nextcloud Mail | nextcloud | security-advisories | Medium | 4.1 | 2023-02-13 20:19:09 | Deep Dive |
| CVE-2023-25159 | Nextcloud Server previews are accessible without a watermark | nextcloud | security-advisories | Low | 2.3 | 2023-02-13 16:43:12 | Deep Dive |
| CVE-2023-25150 | Document content of files can be obtained through Collabora for files of other users | nextcloud | security-advisories | Medium | 5.8 | 2023-02-08 19:15:47 | Deep Dive |
| CVE-2023-23942 | Self reflected HTML injection in Desktop client | nextcloud | security-advisories | Medium | 5.4 | 2023-02-06 20:23:06 | Deep Dive |
| CVE-2023-23943 | Blind SSRF via server URL input in the Nextcloud Mail app | nextcloud | security-advisories | Medium | 5.0 | 2023-02-06 20:18:34 | Deep Dive |