| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-25162 | Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs | nextcloud | security-advisories | Medium | 5.3 | 2023-02-13 20:34:29 | Deep Dive |
| CVE-2023-25161 | Nextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails | nextcloud | security-advisories | Low | 3.7 | 2023-02-13 20:22:33 | Deep Dive |
| CVE-2023-25160 | IDOR Vulnerability in Nextcloud Mail | nextcloud | security-advisories | Medium | 4.1 | 2023-02-13 20:19:09 | Deep Dive |
| CVE-2023-25159 | Nextcloud Server previews are accessible without a watermark | nextcloud | security-advisories | Low | 2.3 | 2023-02-13 16:43:12 | Deep Dive |
| CVE-2023-25150 | Document content of files can be obtained through Collabora for files of other users | nextcloud | security-advisories | Medium | 5.8 | 2023-02-08 19:15:47 | Deep Dive |
| CVE-2023-23942 | Self reflected HTML injection in Desktop client | nextcloud | security-advisories | Medium | 5.4 | 2023-02-06 20:23:06 | Deep Dive |
| CVE-2023-23943 | Blind SSRF via server URL input in the Nextcloud Mail app | nextcloud | security-advisories | Medium | 5.0 | 2023-02-06 20:18:34 | Deep Dive |
| CVE-2023-23944 | Nexcloud Mail app temporarily stores cleartext password in database | nextcloud | security-advisories | Low | 2.0 | 2023-02-06 19:35:31 | Deep Dive |
| CVE-2023-22471 | Nextcloud Deck vulnerable to authorization bypass | nextcloud | security-advisories | Low | 3.5 | 2023-01-14 00:34:07 | Deep Dive |
| CVE-2023-22470 | Nextcloud Deck vulnerable to uncontrolled resource consumption | nextcloud | security-advisories | Low | 3.5 | 2023-01-14 00:32:29 | Deep Dive |
| CVE-2023-22469 | Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache | nextcloud | security-advisories | Medium | 5.8 | 2023-01-10 20:26:27 | Deep Dive |
| CVE-2023-22473 | Passcode bypass on Talk-Android app | nextcloud | security-advisories | Low | 2.1 | 2023-01-09 14:07:15 | Deep Dive |
| CVE-2023-22472 | Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link | nextcloud | security-advisories | Medium | 5.3 | 2023-01-09 13:54:53 | Deep Dive |
| CVE-2022-41971 | Nextcloud Talk guests can continue to receive video streams from call after being removed from a conversation | nextcloud | security-advisories | Medium | 4.8 | 2022-12-01 20:55:46 | Deep Dive |
| CVE-2022-41970 | Nextcloud Server's disabled download shares still allow download through preview images | nextcloud | security-advisories | Low | 2.6 | 2022-12-01 20:54:37 | Deep Dive |
| CVE-2022-41969 | Nextcloud Server has no password length limit when creating a user as an administrator | nextcloud | security-advisories | Low | 2.4 | 2022-12-01 20:47:50 | Deep Dive |
| CVE-2022-41968 | Nextcloud Server's calendar name length not validated before writing to database | nextcloud | security-advisories | Low | 3.5 | 2022-12-01 20:38:47 | Deep Dive |
| CVE-2022-39331 | Cross-site Scripting (XSS) in Nexcloud Desktop Client | nextcloud | security-advisories | Medium | 4.6 | 2022-11-25 00:00:00 | Deep Dive |
| CVE-2022-39332 | Cross-site scripting (XSS) in Nextcloud Desktop Client | nextcloud | security-advisories | Medium | 4.6 | 2022-11-25 00:00:00 | Deep Dive |
| CVE-2022-39333 | Cross-site scripting (XSS) in Nextcloud Desktop Client | nextcloud | security-advisories | Medium | 4.6 | 2022-11-25 00:00:00 | Deep Dive |