Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

security-advisories — Vulnerabilities & Security Advisories 245

All 245 CVE vulnerabilities found in security-advisories, with AI-generated Chinese analysis, references, and POCs.

Vendor: nextcloud

CVE IDTitleCVSSSeverityPublished
CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites CWE-241 4.6 Medium2024-06-14
CVE-2024-37315 Nextcloud Server's read-only users can restore old versions CWE-284 3.5 Low2024-06-14
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal CWE-284 3.5 Low2024-06-14
CVE-2024-37313 Nextcloud server allows the by-pass the second factor CWE-287 7.3 High2024-06-14
CVE-2024-37312 Nextcloud user_oidc app's ID4me feature is available even when disabled CWE-284 6.3 Medium2024-06-14
CVE-2024-22402 Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist CWE-281 5.4 Medium2024-01-18
CVE-2024-22401 All users can reset the allowed apps list for Nextcloud Guest App users CWE-281 4.1 Medium2024-01-18
CVE-2024-22404 Permissions bypass in Nextcloud with the files zip app CWE-281 4.1 Medium2024-01-18
CVE-2024-22403 OAuth2 authorization codes are valid indefinetly in Nextcloud server CWE-613 3.0 Low2024-01-18
CVE-2024-22400 Open redirect in user_saml via RelayState parameter in Nextcloud User Saml CWE-601 3.1 Low2024-01-18
CVE-2024-22213 Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app CWE-79--2024-01-18
CVE-2024-22212 Nextcloud global site selector authentication bypass CWE-306 9.7 Critical2024-01-18
CVE-2023-49792 Bruteforce protection can be bypassed with misconfigured proxy CWE-307 5.3 Medium2023-12-22
CVE-2023-49791 Workflows do not require password confirmation on API level CWE-284 5.4 Medium2023-12-22
CVE-2023-49790 App PIN code can be bypassed in Nextcloud Files iOS CWE-287 4.3 Medium2023-12-22
CVE-2023-48308 Calendar app returns full stacktrace when an error happens while editing appointment CWE-1258 3.5 Low2023-12-21
CVE-2023-48307 Nextcloud Mail app vulnerable to Server-Side Request Forgery CWE-918 3.5 Low2023-11-21
CVE-2023-48306 Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF CWE-918 5.0 Medium2023-11-21
CVE-2023-48305 Nextcloud Server user_ldap app logs user passwords in the log file on level debug CWE-312 4.2 Medium2023-11-21
CVE-2023-48304 Nextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user CWE-639 4.3 Medium2023-11-21
CVE-2023-48303 Nextcloud Server admins can change authentication details of user configured external storage CWE-284 2.4 Low2023-11-21
CVE-2023-48302 Nextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V CWE-79 3.5 Low2023-11-21
CVE-2023-48301 Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name CWE-79 3.5 Low2023-11-21
CVE-2023-48239 Nextcloud Server users can make external storage mount points inaccessible for other users CWE-284 8.5 High2023-11-21
CVE-2023-45150 Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive CWE-400 4.3 Medium2023-10-16
CVE-2023-45149 Password of talk conversations can be bruteforced in Nextcloud CWE-307 4.3 Medium2023-10-16
CVE-2023-45148 Rate limiter not working reliable when Memcached is installed in Nextcloud CWE-307 4.3 Medium2023-10-16
CVE-2023-45151 OAuth2 client_secret stored in plain text in the Nextcloud database CWE-312 6.5 Medium2023-10-16
CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail CWE-918 4.3 Medium2023-10-16
CVE-2023-39960 Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint CWE-307 5.0 Medium2023-10-13

All 245 known CVE vulnerabilities affecting security-advisories with full Chinese analysis, references, and POCs where available.