Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

security-advisories — Vulnerabilities & Security Advisories 245

All 245 CVE vulnerabilities found in security-advisories, with AI-generated Chinese analysis, references, and POCs.

Vendor: nextcloud

CVE IDTitleCVSSSeverityPublished
CVE-2023-28834 Full path of data directory exposed to Nextcloud server users CWE-212 3.5 Low2023-04-03
CVE-2023-28845 Chat room membership disclosed via autocompletion in Nextcloud talk CWE-284 3.5 Low2023-03-31
CVE-2023-28844 User without download rights can download older version of that file in nextcloud server CWE-284 5.7 Medium2023-03-31
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments CWE-284 5.7 Medium2023-03-31
CVE-2023-28835 Insecure randomness for default password in nextcloud CWE-338 3.5 Low2023-03-30
CVE-2023-28833 Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server CWE-22 2.4 Low2023-03-30
CVE-2023-28644 Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server CWE-400 5.7 Medium2023-03-30
CVE-2023-28643 Potential share collision for recipients when caching is enabled in nextcloud server CWE-706 5.5 Medium2023-03-30
CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server CWE-78 9.1 Critical2023-03-30
CVE-2023-28646 App lockout in nextcloud Android app can be bypassed via thirdparty apps CWE-287 4.4 Medium2023-03-30
CVE-2023-28647 App pin of the iOS app can be bypassed in Nextcloud iOS CWE-281 4.4 Medium2023-03-30
CVE-2023-25817 Delete permissions are not saved when creating public share in Nextcloud server CWE-281 3.5 Low2023-03-27
CVE-2023-25818 Missing brute force protection on password reset token in Nextcloud Server CWE-307 5.3 Medium2023-03-27
CVE-2023-25820 Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal CWE-307 4.2 Medium2023-03-22
CVE-2023-26041 Nextcloud Talk messages can still be seen on conversation after expiring when cron is misconfigured CWE-359 2.6 Low2023-02-27
CVE-2023-25821 Nextcloud download permissions can be changed by resharer CWE-284 5.7 Medium2023-02-24
CVE-2023-25816 nextcloud vulnerable to Uncontrolled Resource Consumption CWE-400 4.3 Medium2023-02-24
CVE-2023-25579 Directory traversal in Nextcloud server CWE-22 6.0 Medium2023-02-22
CVE-2023-25162 Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs CWE-918 5.3 Medium2023-02-13
CVE-2023-25161 Nextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails CWE-284 3.7 Low2023-02-13
CVE-2023-25160 IDOR Vulnerability in Nextcloud Mail CWE-639 4.1 Medium2023-02-13
CVE-2023-25159 Nextcloud Server previews are accessible without a watermark CWE-284 2.3 Low2023-02-13
CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users CWE-284 5.8 Medium2023-02-08
CVE-2023-23942 Self reflected HTML injection in Desktop client CWE-79 5.4 Medium2023-02-06
CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app CWE-918 5.0 Medium2023-02-06
CVE-2023-23944 Nexcloud Mail app temporarily stores cleartext password in database CWE-312 2.0 Low2023-02-06
CVE-2023-22471 Nextcloud Deck vulnerable to authorization bypass CWE-639 3.5 Low2023-01-14
CVE-2023-22470 Nextcloud Deck vulnerable to uncontrolled resource consumption CWE-400 3.5 Low2023-01-14
CVE-2023-22469 Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache CWE-922 5.8 Medium2023-01-10
CVE-2023-22473 Passcode bypass on Talk-Android app CWE-284 2.1 Low2023-01-09

All 245 known CVE vulnerabilities affecting security-advisories with full Chinese analysis, references, and POCs where available.