Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Nextcloud — Vulnerabilities & Security Advisories 261

Browse all 261 CVE security advisories affecting Nextcloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Nextcloud:security-advisoriesNextcloud Servercom.nextcloud.clientNextcloud Calendar applicationNextcloud Contacts applicationnextcloud/servernextcloud/talknextcloud-dialogsnews-androidandroidcookbooknextcloudpiNextcloud
CVE IDTitleCVSSSeverityPaused
CVE-2024-52511 Nextcloud Tables has an Authorization Bypass Through User-Controlled Key in Tables — security-advisoriesCWE-639 6.3 Medium2024-11-15
CVE-2024-52512 Nextcloud User OIDC has an open redirection when logging in with User OIDC — security-advisoriesCWE-601 3.3 Low2024-11-15
CVE-2024-52513 Nextcloud Server's Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares — security-advisoriesCWE-200 2.6 Low2024-11-15
CVE-2024-52514 Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control — security-advisoriesCWE-284 4.1 Medium2024-11-15
CVE-2024-52515 Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews — security-advisoriesCWE-706 5.7 Medium2024-11-15
CVE-2024-52516 Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them — security-advisoriesCWE-269 3.0 Low2024-11-15
CVE-2024-52517 Nextcloud Server's global credentials of external storages are sent back to the frontend — security-advisoriesCWE-200 4.6 Medium2024-11-15
CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options — security-advisoriesCWE-287 4.4 Medium2024-11-15
CVE-2024-52519 Nextcloud Server's OAuth2 client secrets were stored in a recoverable way — security-advisoriesCWE-922 2.7 Low2024-11-15
CVE-2024-52520 Nextcloud Server's link reference provider can be tricked into downloading bigger files than intended — security-advisoriesCWE-400 5.7 Medium2024-11-15
CVE-2024-52521 Nextcloud Server has a potential hash collision for background jobs could skip queuing them — security-advisoriesCWE-328 2.6 Low2024-11-15
CVE-2024-52523 Nextcloud Server Custom defined credentials of external storages are sent back to the frontend — security-advisoriesCWE-200 4.6 Medium2024-11-15
CVE-2024-52525 Nextcloud Server User password is available in memory of the PHP process — security-advisoriesCWE-312 1.8 Low2024-11-15
CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions — security-advisoriesCWE-284 3.5 Low2024-06-14
CVE-2024-37886 Nextcloud user_oidc's ID4me does not validate signature or expiration — security-advisoriesCWE-347 5.4 Medium2024-06-14
CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS — security-advisoriesCWE-94 3.8 Low2024-06-14
CVE-2024-37884 Nextcloud Server's users can delete old versions of read-only shared files — security-advisoriesCWE-284 3.5 Low2024-06-14
CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards — security-advisoriesCWE-284 4.3 Medium2024-06-14
CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions — security-advisoriesCWE-284 8.1 High2024-06-14
CVE-2024-37317 Nextcloud Notes app can be tricked into using a received share created before the user logged in — security-advisoriesCWE-284 4.6 Medium2024-06-14
CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites — security-advisoriesCWE-241 4.6 Medium2024-06-14
CVE-2024-37315 Nextcloud Server's read-only users can restore old versions — security-advisoriesCWE-284 3.5 Low2024-06-14
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal — security-advisoriesCWE-284 3.5 Low2024-06-14
CVE-2024-37313 Nextcloud server allows the by-pass the second factor — security-advisoriesCWE-287 7.3 High2024-06-14
CVE-2024-37312 Nextcloud user_oidc app's ID4me feature is available even when disabled — security-advisoriesCWE-284 6.3 Medium2024-06-14
CVE-2024-30247 Command Injection as root in NextCloudPi web panel — nextcloudpiCWE-78 10.0 Critical2024-03-29
CVE-2024-22402 Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist — security-advisoriesCWE-281 5.4 Medium2024-01-18
CVE-2024-22401 All users can reset the allowed apps list for Nextcloud Guest App users — security-advisoriesCWE-281 4.1 Medium2024-01-18
CVE-2024-22404 Permissions bypass in Nextcloud with the files zip app — security-advisoriesCWE-281 4.1 Medium2024-01-18
CVE-2024-22403 OAuth2 authorization codes are valid indefinetly in Nextcloud server — security-advisoriesCWE-613 3.0 Low2024-01-18

This page lists every published CVE security advisory associated with Nextcloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.