| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-39330 | Database resource exhaustion for logged-in users via sharee recommendations with circles | nextcloud | security-advisories | Medium | 4.8 | 2022-10-27 00:00:00 | Deep Dive |
| CVE-2022-39364 | Exception logging in Sharepoint app reveals clear-text connection details | nextcloud | security-advisories | Medium | 4.0 | 2022-10-27 00:00:00 | Deep Dive |
| CVE-2022-39212 | Last video frame is still sent after video is disabled in a call in Nextcloud Talk | nextcloud | security-advisories | Medium | 4.3 | 2022-09-16 23:15:13 | Deep Dive |
| CVE-2022-39210 | Access to internal files of the Nextcloud Android app | nextcloud | security-advisories | Low | 3.2 | 2022-09-16 23:10:15 | Deep Dive |
| CVE-2022-39211 | Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server | nextcloud | security-advisories | Low | 3.0 | 2022-09-16 23:10:10 | Deep Dive |
| CVE-2022-36074 | Authentication headers exposed on by Nextcloud Server | nextcloud | security-advisories | Medium | 6.4 | 2022-09-15 22:00:15 | Deep Dive |
| CVE-2022-36075 | File list exposure in Nextcloud Files Access Control | nextcloud | security-advisories | Low | 2.6 | 2022-09-15 21:50:10 | Deep Dive |
| CVE-2022-35931 | Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator | nextcloud | security-advisories | Low | 2.7 | 2022-09-06 18:10:09 | Deep Dive |
| CVE-2022-35932 | Missing rate limit when trying to join a password protected Nextcloud Talk conversation | nextcloud | security-advisories | Low | 3.5 | 2022-08-12 15:20:17 | Deep Dive |
| CVE-2022-31119 | Password disclosure in log file in Nextcloud Mail App | nextcloud | security-advisories | Low | 3.1 | 2022-08-04 17:15:17 | Deep Dive |
| CVE-2022-31132 | Unauthenticated SSRF in 3rd party module "cerdic/csstidy" | nextcloud | security-advisories | High | 8.3 | 2022-08-04 17:10:10 | Deep Dive |
| CVE-2022-31120 | Federated share accepting/declining is not logged in audit log in Nextcloud Server | nextcloud | security-advisories | Low | 2.1 | 2022-08-04 17:00:24 | Deep Dive |
| CVE-2022-31118 | Missing brute force protection on cloud federation sharing in Nextcloud Server | nextcloud | security-advisories | Medium | 6.5 | 2022-08-04 16:50:10 | Deep Dive |
| CVE-2022-31131 | Ownership check missing when updating or deleting mail attachments in Nextcloud mail | nextcloud | security-advisories | Medium | 5.4 | 2022-07-06 17:55:14 | Deep Dive |
| CVE-2022-31014 | SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server | nextcloud | security-advisories | Medium | 5.4 | 2022-07-05 17:15:12 | Deep Dive |
| CVE-2022-31024 | Federated editing allows iframing remote servers by default in richdocuments | nextcloud | security-advisories | Medium | 6.5 | 2022-06-02 18:25:11 | Deep Dive |
| CVE-2022-29243 | Improper input-size validation on the user new session name in Nextcloud Server | nextcloud | security-advisories | Medium | 4.3 | 2022-05-31 16:15:14 | Deep Dive |
| CVE-2022-29163 | Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server | nextcloud | security-advisories | Low | 3.5 | 2022-05-20 16:00:15 | Deep Dive |
| CVE-2022-29160 | Sensitive files/data exist after deletion of user account in Nextcloud Android | nextcloud | security-advisories | Low | 2.8 | 2022-05-20 15:55:10 | Deep Dive |
| CVE-2022-24906 | Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck | nextcloud | security-advisories | Low | 3.5 | 2022-05-20 15:40:17 | Deep Dive |