Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NextCloud — Vulnerabilities & Security Advisories 261

Browse all 261 CVE security advisories affecting NextCloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by NextCloud:security-advisoriesNextcloud Servercom.nextcloud.clientNextcloud Calendar applicationNextcloud Contacts applicationnextcloud/servernextcloud/talknextcloud-dialogsnews-androidandroidcookbooknextcloudpiNextcloud
CVE IDTitleCVSSSeverityPublished
CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server — security-advisoriesCWE-78 9.1 Critical2023-03-30
CVE-2023-28646 App lockout in nextcloud Android app can be bypassed via thirdparty apps — security-advisoriesCWE-287 4.4 Medium2023-03-30
CVE-2023-28647 App pin of the iOS app can be bypassed in Nextcloud iOS — security-advisoriesCWE-281 4.4 Medium2023-03-30
CVE-2023-25817 Delete permissions are not saved when creating public share in Nextcloud server — security-advisoriesCWE-281 3.5 Low2023-03-27
CVE-2023-25818 Missing brute force protection on password reset token in Nextcloud Server — security-advisoriesCWE-307 5.3 Medium2023-03-27
CVE-2023-25820 Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal — security-advisoriesCWE-307 4.2 Medium2023-03-22
CVE-2023-26041 Nextcloud Talk messages can still be seen on conversation after expiring when cron is misconfigured — security-advisoriesCWE-359 2.6 Low2023-02-27
CVE-2023-25821 Nextcloud download permissions can be changed by resharer — security-advisoriesCWE-284 5.7 Medium2023-02-24
CVE-2023-25816 nextcloud vulnerable to Uncontrolled Resource Consumption — security-advisoriesCWE-400 4.3 Medium2023-02-24
CVE-2023-25579 Directory traversal in Nextcloud server — security-advisoriesCWE-22 6.0 Medium2023-02-22
CVE-2023-25162 Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs — security-advisoriesCWE-918 5.3 Medium2023-02-13
CVE-2023-25161 Nextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails — security-advisoriesCWE-284 3.7 Low2023-02-13
CVE-2023-25160 IDOR Vulnerability in Nextcloud Mail — security-advisoriesCWE-639 4.1 Medium2023-02-13
CVE-2023-25159 Nextcloud Server previews are accessible without a watermark — security-advisoriesCWE-284 2.3 Low2023-02-13
CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users — security-advisoriesCWE-284 5.8 Medium2023-02-08
CVE-2023-23942 Self reflected HTML injection in Desktop client — security-advisoriesCWE-79 5.4 Medium2023-02-06
CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app — security-advisoriesCWE-918 5.0 Medium2023-02-06
CVE-2023-23944 Nexcloud Mail app temporarily stores cleartext password in database — security-advisoriesCWE-312 2.0 Low2023-02-06
CVE-2023-22471 Nextcloud Deck vulnerable to authorization bypass — security-advisoriesCWE-639 3.5 Low2023-01-14
CVE-2023-22470 Nextcloud Deck vulnerable to uncontrolled resource consumption — security-advisoriesCWE-400 3.5 Low2023-01-14
CVE-2023-22469 Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache — security-advisoriesCWE-922 5.8 Medium2023-01-10
CVE-2023-22473 Passcode bypass on Talk-Android app — security-advisoriesCWE-284 2.1 Low2023-01-09
CVE-2023-22472 Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link — security-advisoriesCWE-352 5.3 Medium2023-01-09
CVE-2022-41971 Nextcloud Talk guests can continue to receive video streams from call after being removed from a conversation — security-advisoriesCWE-359 4.8 Medium2022-12-01
CVE-2022-41970 Nextcloud Server's disabled download shares still allow download through preview images — security-advisoriesCWE-284 2.6 Low2022-12-01
CVE-2022-41969 Nextcloud Server has no password length limit when creating a user as an administrator — security-advisoriesCWE-400 2.4 Low2022-12-01
CVE-2022-41968 Nextcloud Server's calendar name length not validated before writing to database — security-advisoriesCWE-400 3.5 Low2022-12-01
CVE-2022-39331 Cross-site Scripting (XSS) in Nexcloud Desktop Client — security-advisoriesCWE-79 4.6 Medium2022-11-25
CVE-2022-39332 Cross-site scripting (XSS) in Nextcloud Desktop Client — security-advisoriesCWE-79 4.6 Medium2022-11-25
CVE-2022-39333 Cross-site scripting (XSS) in Nextcloud Desktop Client — security-advisoriesCWE-79 4.6 Medium2022-11-25

This page lists every published CVE security advisory associated with NextCloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.