Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

security-advisories — Vulnerabilities & Security Advisories 245

All 245 CVE vulnerabilities found in security-advisories, with AI-generated Chinese analysis, references, and POCs.

Vendor: nextcloud

CVE IDTitleCVSSSeverityPublished
CVE-2026-28272 Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability CWE-79 8.1 High2026-02-27
CVE-2026-28271 Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF) CWE-350 6.5 Medium2026-02-27
CVE-2026-28270 Kiteworks Core has an Unrestricted Upload of File with Dangerous Type CWE-434 4.9 Medium2026-02-27
CVE-2026-28269 Kiteworks Core has an OS Command Injection CWE-78 5.9 Medium2026-02-26
CVE-2025-66558 Nextcloud Twofactor WebAuthn app was updated based on public key CWE-639 3.1 Low2025-12-05
CVE-2025-66556 Nextcloud talk allows participants to blindly delete poll drafts of other users by ID CWE-639 3.5 Low2025-12-05
CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field CWE-79 3.5 Low2025-12-05
CVE-2025-66549 Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory CWE-209 2.4 Low2025-12-05
CVE-2025-66545 Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin CWE-707 3.5 Low2025-12-05
CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file CWE-287 2.7 Low2025-12-05
CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text CWE-79 3.5 Low2025-12-05
CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners CWE-284 5.4 Medium2025-12-05
CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters CWE-116 3.3 Low2025-12-05
CVE-2025-66553 Nextcloud Tables app allowed users to view columns metadata information of any table CWE-639 4.3 Medium2025-12-05
CVE-2025-66551 Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users CWE-639 6.3 Medium2025-12-05
CVE-2025-66513 Nextcloud Tables app share information not limited to relevant users CWE-639 4.3 Medium2025-12-05
CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded CWE-241 5.7 Medium2025-12-05
CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token CWE-639 3.3 Low2025-12-05
CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens CWE-330 4.8 Medium2025-12-05
CVE-2025-66552 Nextcloud Server admin_audit does not log all actions on files in groupfolders CWE-778 4.3 Medium2025-12-05
CVE-2025-66547 Nextcloud Server users can modify tags on files that do not belong to them CWE-639 4.3 Medium2025-12-05
CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud CWE-80 5.4 Medium2025-12-05
CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list CWE-359 4.5 Medium2025-12-05
CVE-2025-53939 Kiteworks Core is vulnerable to Improper Input Validation CWE-20 6.3 Medium2025-11-29
CVE-2025-53900 Kiteworks MFT has a Privilege Defined With Unsafe Actions CWE-267 6.5 Medium2025-11-29
CVE-2025-53899 Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel CWE-941 7.2 High2025-11-29
CVE-2025-53897 Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability CWE-352 6.8 Medium2025-11-29
CVE-2025-53896 Kiteworks MFT is vulnerable to Insufficient Session Expiration CWE-613 7.1 High2025-11-29
CVE-2025-58051 Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table CWE-841 6.5 Medium2025-10-16
CVE-2025-53839 DRACOON Branding Service vulnerable to Cross-site Scripting CWE-79 4.0 Medium2025-07-14

All 245 known CVE vulnerabilities affecting security-advisories with full Chinese analysis, references, and POCs where available.