Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NextCloud — Vulnerabilities & Security Advisories 261

Browse all 261 CVE security advisories affecting NextCloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by NextCloud:security-advisoriesNextcloud Servercom.nextcloud.clientNextcloud Calendar applicationNextcloud Contacts applicationnextcloud/servernextcloud/talknextcloud-dialogsnews-androidandroidcookbooknextcloudpiNextcloud
CVE IDTitleCVSSSeverityPublished
CVE-2025-66558 Nextcloud Twofactor WebAuthn app was updated based on public key — security-advisoriesCWE-639 3.1 Low2025-12-05
CVE-2025-66556 Nextcloud talk allows participants to blindly delete poll drafts of other users by ID — security-advisoriesCWE-639 3.5 Low2025-12-05
CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field — security-advisoriesCWE-79 3.5 Low2025-12-05
CVE-2025-66549 Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory — security-advisoriesCWE-209 2.4 Low2025-12-05
CVE-2025-66545 Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin — security-advisoriesCWE-707 3.5 Low2025-12-05
CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file — security-advisoriesCWE-287 2.7 Low2025-12-05
CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text — security-advisoriesCWE-79 3.5 Low2025-12-05
CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners — security-advisoriesCWE-284 5.4 Medium2025-12-05
CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters — security-advisoriesCWE-116 3.3 Low2025-12-05
CVE-2025-66553 Nextcloud Tables app allowed users to view columns metadata information of any table — security-advisoriesCWE-639 4.3 Medium2025-12-05
CVE-2025-66551 Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users — security-advisoriesCWE-639 6.3 Medium2025-12-05
CVE-2025-66513 Nextcloud Tables app share information not limited to relevant users — security-advisoriesCWE-639 4.3 Medium2025-12-05
CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded — security-advisoriesCWE-241 5.7 Medium2025-12-05
CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token — security-advisoriesCWE-639 3.3 Low2025-12-05
CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens — security-advisoriesCWE-330 4.8 Medium2025-12-05
CVE-2025-66552 Nextcloud Server admin_audit does not log all actions on files in groupfolders — security-advisoriesCWE-778 4.3 Medium2025-12-05
CVE-2025-66547 Nextcloud Server users can modify tags on files that do not belong to them — security-advisoriesCWE-639 4.3 Medium2025-12-05
CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud — security-advisoriesCWE-80 5.4 Medium2025-12-05
CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list — security-advisoriesCWE-359 4.5 Medium2025-12-05
CVE-2025-59788 Nextcloud 安全漏洞 — NextcloudCWE-749 6.4 Medium2025-12-04
CVE-2025-58051 Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table — security-advisoriesCWE-841 6.5 Medium2025-10-16
CVE-2025-47794 Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission — security-advisoriesCWE-284 2.6 Low2025-05-16
CVE-2025-47793 Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file — security-advisoriesCWE-770 4.3 Medium2025-05-16
CVE-2025-47792 Nextcloud Desktop 3rdparty applications can create share links via socket API — security-advisoriesCWE-284 5.0 Medium2025-05-16
CVE-2025-47791 Nextcloud Server's test remote endpoint is not rate limited — security-advisoriesCWE-918 4.3 Medium2025-05-16
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout — security-advisoriesCWE-287 6.4 Medium2025-05-16
CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares — security-advisoriesCWE-284 3.5 Low2024-11-15
CVE-2024-52508 Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers — security-advisoriesCWE-200 8.2 High2024-11-15
CVE-2024-52510 Nextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty — security-advisoriesCWE-295 4.2 Medium2024-11-15
CVE-2024-52507 Share information of the Nextcloud Tables app is not limited to affected users — security-advisoriesCWE-639 3.5 Low2024-11-15

This page lists every published CVE security advisory associated with NextCloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.