Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

security-advisories — Vulnerabilities & Security Advisories 245

All 245 CVE vulnerabilities found in security-advisories, with AI-generated Chinese analysis, references, and POCs.

Vendor: nextcloud

CVE IDTitleCVSSSeverityPublished
CVE-2025-47794 Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission CWE-284 2.6 Low2025-05-16
CVE-2025-47793 Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file CWE-770 4.3 Medium2025-05-16
CVE-2025-47792 Nextcloud Desktop 3rdparty applications can create share links via socket API CWE-284 5.0 Medium2025-05-16
CVE-2025-47791 Nextcloud Server's test remote endpoint is not rate limited CWE-918 4.3 Medium2025-05-16
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout CWE-287 6.4 Medium2025-05-16
CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares CWE-284 3.5 Low2024-11-15
CVE-2024-52508 Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers CWE-200 8.2 High2024-11-15
CVE-2024-52510 Nextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty CWE-295 4.2 Medium2024-11-15
CVE-2024-52507 Share information of the Nextcloud Tables app is not limited to affected users CWE-639 3.5 Low2024-11-15
CVE-2024-52511 Nextcloud Tables has an Authorization Bypass Through User-Controlled Key in Tables CWE-639 6.3 Medium2024-11-15
CVE-2024-52512 Nextcloud User OIDC has an open redirection when logging in with User OIDC CWE-601 3.3 Low2024-11-15
CVE-2024-52513 Nextcloud Server's Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares CWE-200 2.6 Low2024-11-15
CVE-2024-52514 Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control CWE-284 4.1 Medium2024-11-15
CVE-2024-52515 Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews CWE-706 5.7 Medium2024-11-15
CVE-2024-52516 Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them CWE-269 3.0 Low2024-11-15
CVE-2024-52517 Nextcloud Server's global credentials of external storages are sent back to the frontend CWE-200 4.6 Medium2024-11-15
CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options CWE-287 4.4 Medium2024-11-15
CVE-2024-52519 Nextcloud Server's OAuth2 client secrets were stored in a recoverable way CWE-922 2.7 Low2024-11-15
CVE-2024-52520 Nextcloud Server's link reference provider can be tricked into downloading bigger files than intended CWE-400 5.7 Medium2024-11-15
CVE-2024-52521 Nextcloud Server has a potential hash collision for background jobs could skip queuing them CWE-328 2.6 Low2024-11-15
CVE-2024-52523 Nextcloud Server Custom defined credentials of external storages are sent back to the frontend CWE-200 4.6 Medium2024-11-15
CVE-2024-52525 Nextcloud Server User password is available in memory of the PHP process CWE-312 1.8 Low2024-11-15
CVE-2024-40636 Basic Auth Credential Leakage to Logs After Fetch Registry Error in Steeltoe.Discovery.Eureka with Peer Awareness CWE-532 5.3 Medium2024-07-17
CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions CWE-284 3.5 Low2024-06-14
CVE-2024-37886 Nextcloud user_oidc's ID4me does not validate signature or expiration CWE-347 5.4 Medium2024-06-14
CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS CWE-94 3.8 Low2024-06-14
CVE-2024-37884 Nextcloud Server's users can delete old versions of read-only shared files CWE-284 3.5 Low2024-06-14
CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards CWE-284 4.3 Medium2024-06-14
CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions CWE-284 8.1 High2024-06-14
CVE-2024-37317 Nextcloud Notes app can be tricked into using a received share created before the user logged in CWE-284 4.6 Medium2024-06-14

All 245 known CVE vulnerabilities affecting security-advisories with full Chinese analysis, references, and POCs where available.