Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Nextcloud — Vulnerabilities & Security Advisories 261

Browse all 261 CVE security advisories affecting Nextcloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Nextcloud:security-advisoriesNextcloud Servercom.nextcloud.clientNextcloud Calendar applicationNextcloud Contacts applicationnextcloud/servernextcloud/talknextcloud-dialogsnews-androidandroidcookbooknextcloudpiNextcloud
CVE IDTitleCVSSSeverityPaused
CVE-2024-22400 Open redirect in user_saml via RelayState parameter in Nextcloud User Saml — security-advisoriesCWE-601 3.1 Low2024-01-18
CVE-2024-22213 Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app — security-advisoriesCWE-79--2024-01-18
CVE-2024-22212 Nextcloud global site selector authentication bypass — security-advisoriesCWE-306 9.7 Critical2024-01-18
CVE-2023-49792 Bruteforce protection can be bypassed with misconfigured proxy — security-advisoriesCWE-307 5.3 Medium2023-12-22
CVE-2023-49791 Workflows do not require password confirmation on API level — security-advisoriesCWE-284 5.4 Medium2023-12-22
CVE-2023-49790 App PIN code can be bypassed in Nextcloud Files iOS — security-advisoriesCWE-287 4.3 Medium2023-12-22
CVE-2023-48308 Calendar app returns full stacktrace when an error happens while editing appointment — security-advisoriesCWE-1258 3.5 Low2023-12-21
CVE-2023-48307 Nextcloud Mail app vulnerable to Server-Side Request Forgery — security-advisoriesCWE-918 3.5 Low2023-11-21
CVE-2023-48306 Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF — security-advisoriesCWE-918 5.0 Medium2023-11-21
CVE-2023-48305 Nextcloud Server user_ldap app logs user passwords in the log file on level debug — security-advisoriesCWE-312 4.2 Medium2023-11-21
CVE-2023-48304 Nextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user — security-advisoriesCWE-639 4.3 Medium2023-11-21
CVE-2023-48303 Nextcloud Server admins can change authentication details of user configured external storage — security-advisoriesCWE-284 2.4 Low2023-11-21
CVE-2023-48302 Nextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V — security-advisoriesCWE-79 3.5 Low2023-11-21
CVE-2023-48301 Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name — security-advisoriesCWE-79 3.5 Low2023-11-21
CVE-2023-48239 Nextcloud Server users can make external storage mount points inaccessible for other users — security-advisoriesCWE-284 8.5 High2023-11-21
CVE-2023-45150 Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive — security-advisoriesCWE-400 4.3 Medium2023-10-16
CVE-2023-45149 Password of talk conversations can be bruteforced in Nextcloud — security-advisoriesCWE-307 4.3 Medium2023-10-16
CVE-2023-45148 Rate limiter not working reliable when Memcached is installed in Nextcloud — security-advisoriesCWE-307 4.3 Medium2023-10-16
CVE-2023-45151 OAuth2 client_secret stored in plain text in the Nextcloud database — security-advisoriesCWE-312 6.5 Medium2023-10-16
CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail — security-advisoriesCWE-918 4.3 Medium2023-10-16
CVE-2023-39960 Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint — security-advisoriesCWE-307 5.0 Medium2023-10-13
CVE-2023-39963 Missing password confirmation when creating app passwords — security-advisoriesCWE-284 8.1 High2023-08-10
CVE-2023-39962 Users can delete external storage mount points — security-advisoriesCWE-284 7.7 High2023-08-10
CVE-2023-39961 Text does not respect "Allow download" permissions — security-advisoriesCWE-284 3.5 Low2023-08-10
CVE-2023-39959 Existence of calendars and address books can be checked by unauthenticated users — security-advisoriesCWE-284 3.5 Low2023-08-10
CVE-2023-39958 Missing brute force protection on password reset token OAuth2 API controller — security-advisoriesCWE-307 5.8 Medium2023-08-10
CVE-2023-39957 Path traversal allows tricking the Talk Android app into writing files into it's root directory — security-advisoriesCWE-22 3.3 -2023-08-10
CVE-2023-39955 Notes attachment render HTML in preview mode — security-advisoriesCWE-79 3.5 Low2023-08-10
CVE-2023-39954 user_oidc app stores client secret unencrypted in database — security-advisoriesCWE-311 3.8 Low2023-08-10
CVE-2023-39953 Issuer not verified from obtained token in user_oidc — security-advisoriesCWE-303 4.8 Medium2023-08-10

This page lists every published CVE security advisory associated with Nextcloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.