Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Nextcloud — Vulnerabilities & Security Advisories 261

Browse all 261 CVE security advisories affecting Nextcloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Nextcloud:security-advisoriesNextcloud Servercom.nextcloud.clientNextcloud Calendar applicationNextcloud Contacts applicationnextcloud/servernextcloud/talknextcloud-dialogsnews-androidandroidcookbooknextcloudpiNextcloud
CVE IDTitleCVSSSeverityPublished
CVE-2022-39334 nextcloudcmd incorrectly trusts bad TLS certificates — security-advisoriesCWE-295 3.9 Low2022-11-25
CVE-2022-39338 Stored cross site scripting (XSS) vulnerability via Authorization Endpoint in user_oidc — security-advisoriesCWE-20 3.5 Low2022-11-25
CVE-2022-39339 Cleartext Transmission of Sensitive Information in user_oidc — security-advisoriesCWE-319 4.3 Medium2022-11-25
CVE-2022-39346 Missing length validation of user displayname in nextcloud server — security-advisoriesCWE-400 3.5 Low2022-11-25
CVE-2022-41926 Nextcloud Talk Android broadcast incorrect permission handling — security-advisoriesCWE-732 3.3 Low2022-11-25
CVE-2022-41882 Nextcloud Desktop vulnerable to code injection via malicious link — security-advisoriesCWE-94 6.6 Medium2022-11-11
CVE-2022-39329 Profile of disabled user stays accessible — security-advisoriesCWE-285 3.5 Low2022-10-27
CVE-2022-39330 Database resource exhaustion for logged-in users via sharee recommendations with circles — security-advisoriesCWE-400 4.8 Medium2022-10-27
CVE-2022-39364 Exception logging in Sharepoint app reveals clear-text connection details — security-advisoriesCWE-312 4.0 Medium2022-10-27
CVE-2022-39212 Last video frame is still sent after video is disabled in a call in Nextcloud Talk — security-advisoriesCWE-200 4.3 Medium2022-09-16
CVE-2022-39210 Access to internal files of the Nextcloud Android app — security-advisoriesCWE-22 3.2 Low2022-09-16
CVE-2022-39211 Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server — security-advisoriesCWE-918 3.0 Low2022-09-16
CVE-2022-36074 Authentication headers exposed on by Nextcloud Server — security-advisoriesCWE-200 6.4 Medium2022-09-15
CVE-2022-36075 File list exposure in Nextcloud Files Access Control — security-advisoriesCWE-200 2.6 Low2022-09-15
CVE-2022-35931 Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator — security-advisoriesCWE-261 2.7 Low2022-09-06
CVE-2022-35932 Missing rate limit when trying to join a password protected Nextcloud Talk conversation — security-advisoriesCWE-359 3.5 Low2022-08-12
CVE-2022-31119 Password disclosure in log file in Nextcloud Mail App — security-advisoriesCWE-532 3.1 Low2022-08-04
CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy" — security-advisoriesCWE-918 8.3 High2022-08-04
CVE-2022-31120 Federated share accepting/declining is not logged in audit log in Nextcloud Server — security-advisoriesCWE-778 2.1 Low2022-08-04
CVE-2022-31118 Missing brute force protection on cloud federation sharing in Nextcloud Server — security-advisoriesCWE-770 6.5 Medium2022-08-04
CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail — security-advisoriesCWE-287 5.4 Medium2022-07-06
CVE-2022-31014 SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server — security-advisoriesCWE-74 5.4 Medium2022-07-05
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments — security-advisoriesCWE-284 6.5 Medium2022-06-02
CVE-2022-29243 Improper input-size validation on the user new session name in Nextcloud Server — security-advisoriesCWE-20 4.3 Medium2022-05-31
CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server — security-advisoriesCWE-671 3.5 Low2022-05-20
CVE-2022-29160 Sensitive files/data exist after deletion of user account in Nextcloud Android — security-advisoriesCWE-284 2.8 Low2022-05-20
CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck — security-advisoriesCWE-200 3.5 Low2022-05-20
CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck — security-advisoriesCWE-639 5.0 Medium2022-05-20
CVE-2022-24890 Exposure of Private Personal Information to an Unauthorized Actor in Nextcloud Talk — security-advisoriesCWE-359 2.4 Low2022-05-17
CVE-2022-24889 Insufficient Verification of Data Authenticity in Nextcloud Server — security-advisoriesCWE-345 2.4 Low2022-04-27

This page lists every published CVE security advisory associated with Nextcloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.