Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

nextcloud — Vulnerabilities & Security Advisories 288

Browse all 288 CVE security advisories affecting nextcloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nextcloud operates as an open-source file sharing and collaboration platform, providing self-hosted alternatives to commercial cloud services. With 261 recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation or insecure default configurations within its PHP-based architecture. Notable incidents have involved unauthorized data access and server compromise, highlighting risks associated with complex plugin ecosystems and frequent updates. While the project maintains a public security policy and encourages responsible disclosure, the high volume of past CVEs indicates a need for rigorous code auditing and strict configuration management by administrators to mitigate potential exploitation vectors in production environments.

Found 1 results / 288Clear Filters
Top products by nextcloud: security-advisories Nextcloud Server com.nextcloud.client Nextcloud Calendar application Nextcloud Contacts application nextcloud/server nextcloud/talk nextcloud-dialogs news-android android cookbook nextcloudpi Nextcloud news
Medium2026-06-02
Attendee invite to a calendar event will autocomplete everyone (data protection issue) · Issue #7971 · nextcloud/calenda
LowGHSA-h7gm-vgxr-9hcw2026-06-02
fileId parameter reveals workflow associations in Nextcloud Approval app · Advisory · nextcloud/security-advisories · Gi
MediumCVE-2024-45442026-06-02
Information Disclosure of view filter metadata via Broken Sensitive Data Masking in ViewService · Advisory · nextcloud/s
MediumCVE-2024-455432026-06-02
Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share · Advisory
MediumCVE-2024-423632026-06-02
Files Lock app allows users to lock and unlock files of other users · Advisory · nextcloud/security-advisories · GitHub
Unknown2026-06-02
fix(DAV): Fix getFileFromAbsoluteUri by provokateurin · Pull Request #1007 · nextcloud/files_lock · GitHub
Unknown2026-06-02
Limited path traversal via template API if using `{lang}` in config · Advisory · nextcloud/security-advisories · GitHub
MediumGHSA-jgcj-v42r-99222026-06-02
Two-Factor Authentication Bypass via Pending Session Token Replay · Advisory · nextcloud/security-advisories · GitHub
HighCVE-2024-456812026-06-02
Bypass of second factor authentication on DAV endpoints by reusing a pre-2FA session ID · Advisory · nextcloud/security-
MediumGHSA-285v-p9x9-c9hj2026-06-02
Propfind requests for file comments allowed to load comments for other files · Advisory · nextcloud/security-advisories
HighGHSA-hrv-mp25-26vv2026-06-02
Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update · Advisory · nextcloud/security-advisories · Gi
High2026-06-02
fix: add ACLs for calender delegation by hamza221 · Pull Request #59962 · nextcloud/server · GitHub
MediumCVE-2024-452822026-06-02
Logged-in user bypasses share password and download restrictions on Text attachments via documentId · Advisory · nextclo
CriticalGHSA-v8q8-w6c3-3qv92026-06-02
Authorization bypass in approval feature allows unauthorized file sharing with approvers · Advisory · nextcloud/security
HighCVE-2020-455452026-06-02
SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution · Advisory · nextcloud/security-advisories · GitHu
HighCVE-2024-42862026-06-02
Hidden Public Link creation when sharing to a Team External Member · Advisory · nextcloud/security-advisories · GitHub
LowGHSA-8wj9-5cg8-4w732026-06-02
Open Redirect in user_oidc login flow via protocol-relative URL bypass · Advisory · nextcloud/security-advisories · GitH
Medium2026-06-02
fix(dav): do not list intermediate files by susnux · Pull Request #59780 · nextcloud/server · GitHub
MediumGHSA-45pj-p7x7-4mh62026-06-02
Valid share tokens allow to access tempory upload files of share owner · Advisory · nextcloud/security-advisories · GitH
LowGHSA-xpgv-grf9-gn7x2026-06-02
Private circle can be added to another circle via API · Advisory · nextcloud/security-advisories · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with nextcloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.