Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NextCloud — Vulnerabilities & Security Advisories 261

Browse all 261 CVE security advisories affecting NextCloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by NextCloud:security-advisoriesNextcloud Servercom.nextcloud.clientNextcloud Calendar applicationNextcloud Contacts applicationnextcloud/servernextcloud/talknextcloud-dialogsnews-androidandroidcookbooknextcloudpiNextcloud
CVE IDTitleCVSSSeverityPublished
CVE-2021-37630 Secret Circle can be joined without approval in Nextcloud Circles — security-advisoriesCWE-639 6.5 Medium2021-09-07
CVE-2021-37631 Circle can be accessed by non-Circle members in Nextcloud Deck — security-advisoriesCWE-639 6.5 Medium2021-09-07
CVE-2021-37617 Untrusted Search Path in Nextcloud Desktop Client — security-advisoriesCWE-426 7.3 High2021-08-18
CVE-2021-32728 End-to-end encryption device setup did not verify public key — security-advisoriesCWE-295 6.5 Medium2021-08-18
CVE-2021-32748 WOPI API not protected by credentials/IP check — security-advisoriesCWE-862 4.3 Medium2021-07-27
CVE-2021-32741 Lack of ratelimit on public share link mount endpoint — security-advisoriesCWE-799 5.3 Medium2021-07-12
CVE-2021-32734 File path disclosure of shared files in Nextcloud Text application — security-advisoriesCWE-209 3.1 Low2021-07-12
CVE-2021-32733 XSS in Nextcloud Text application — security-advisoriesCWE-79 4.8 Medium2021-07-12
CVE-2021-32727 End-to-end encryption device setup did not verify public key — security-advisoriesCWE-295 5.7 Medium2021-07-12
CVE-2021-32726 Webauthn tokens not removed after user has been deleted — security-advisoriesCWE-708 7.1 High2021-07-12
CVE-2021-32725 Default share permissions not respected for federated reshares — security-advisoriesCWE-277 3.5 Low2021-07-12
CVE-2021-32707 Bypass of image blocking in Nextcloud Mail — security-advisoriesCWE-20 4.3 Medium2021-07-12
CVE-2021-32689 Nextcloud Talk not properly disassociating users from chats after account deletion — security-advisoriesCWE-708 8.1 High2021-07-12
CVE-2021-32705 Lack of ratelimit on public DAV endpoint — security-advisoriesCWE-799 5.3 Medium2021-07-12
CVE-2021-32703 Lack of ratelimit on shareinfo endpoint — security-advisoriesCWE-799 5.3 Medium2021-07-12
CVE-2021-32688 Application specific tokens can change their own scope — security-advisoriesCWE-285 8.8 High2021-07-12
CVE-2021-32680 Audit log is not properly logging unsetting of share expiration date — security-advisoriesCWE-778 3.3 Low2021-07-12
CVE-2021-32679 Filenames not escaped by default in controllers using DownloadResponse — security-advisoriesCWE-116 3.5 Low2021-07-12
CVE-2021-32678 Ratelimit not applied on OCS API responses — security-advisoriesCWE-799 3.7 Low2021-07-12
CVE-2021-32694 Malicious Android application can crash the Nextcloud Android Client — security-advisoriesCWE-248 4.1 Medium2021-06-17
CVE-2021-32695 Malicious Android app could access Shared Preferences of the Nextcloud Android client — security-advisoriesCWE-200 3.9 Low2021-06-17
CVE-2021-32676 Session Fixation in Nextcloud Talk — security-advisoriesCWE-384 6.5 Medium2021-06-16
CVE-2021-32658 Sensitive data may not be removed from storage on account removal — security-advisoriesCWE-200 4.7 Medium2021-06-08
CVE-2021-32657 Malicious user could break user administration page — security-advisoriesCWE-400 4.3 Medium2021-06-01
CVE-2021-32656 Trusted servers exchange can be triggered by attacker — security-advisoriesCWE-284 8.6 High2021-06-01
CVE-2021-32655 Files Drop public link can be added as federated share — security-advisoriesCWE-241 3.5 Low2021-06-01
CVE-2021-32654 Attacker can obtain write access to any federated share/public link — security-advisoriesCWE-639 8.1 High2021-06-01
CVE-2021-32653 Default settings leak federated cloud ID to lookup server of all users — security-advisoriesCWE-201 2.7 Low2021-06-01
CVE-2021-32652 Missing permission check on email metadata retrieval — security-advisoriesCWE-284 8.8 High2021-06-01
CVE-2021-29438 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs — nextcloud-dialogsCWE-79 4.6 Medium2021-04-13

This page lists every published CVE security advisory associated with NextCloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.