Nextcloud Latest High Vulnerabilities

SQL Injection Vulnerability in Nextcloud Tables App

CVE-2026-45722

NextcloudSecurity-advisories7.1HIGH

SQL Injection Vulnerability in Nextcloud's Tables App

CVE-2026-45545

NextcloudSecurity-advisories8.2HIGH

Improper Authorization in Nextcloud Server Affects Calendar Functionality

CVE-2026-45281

NextcloudSecurity-advisories8.1HIGH

Missing Signature Verification in Nextcloud OIDC Enables User Impersonation

CVE-2026-45156

NextcloudSecurity-advisories8.1HIGH

OAuth2 Client Secret Vulnerability in Nextcloud Server

CVE-2024-52519

NextcloudNextcloud Server8.2HIGH

Unencrypted Password Storage Vulnerability in Nextcloud Server

CVE-2024-52525

NextcloudNextcloud Server7.5HIGH

Synchronized Files Vulnerability

CVE-2024-46958

NextcloudDesktop9.1CRITICAL

Arbitrary Code Injection in Nextcloud Desktop Client for macOS

CVE-2024-37885

NextcloudSecurity-advisories7.8HIGH

Nextcloud Server Update: Upgrade to Improve Security and Stability

CVE-2024-37882

NextcloudSecurity-advisories8.1HIGH

Nextcloud Server Security Update: Bypass of 2FA Possible in Certain Circumstances

CVE-2024-37313

NextcloudSecurity-advisories📰7.3HIGH

Command Injection Vulnerability in NextCloudPi Allows Root Access via Web-Panel

CVE-2024-30247

NextcloudNextcloudpi9.8CRITICAL

Nextcloud global site selector authentication bypass

CVE-2024-22212

NextcloudSecurity-advisories9.7CRITICAL

Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF

CVE-2023-48306

nextcloudsecurity-advisories9.8CRITICAL

Nextcloud Mail app vulnerable to Server-Side Request Forgery

CVE-2023-48307

nextcloudsecurity-advisories9.8CRITICAL

Nextcloud Server users can make external storage mount points inaccessible for other users

CVE-2023-48239

NextcloudSecurity-advisories8.5HIGH

Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint

CVE-2023-39960

nextcloudsecurity-advisories7.5HIGH

Users can delete external storage mount points

CVE-2023-39962

NextcloudSecurity-advisories7.7HIGH

Missing password confirmation when creating app passwords

CVE-2023-39963

NextcloudSecurity-advisories8.1HIGH

Path traversal allows tricking the Talk Android app into writing files into it's root directory

CVE-2023-39957

NextcloudSecurity-advisories7.2HIGH

Nextcloud Server password reset endpoint is not brute force protected

CVE-2023-35172

NextcloudSecurity-advisories8.7HIGH

Nextcloud system addressbooks can be modified by malicious trusted server

CVE-2023-35927

NextcloudSecurity-advisories7.6HIGH

Nextcloud user scoped external storage can be used to gather credentials of other users

CVE-2023-35928

NextcloudSecurity-advisories8.5HIGH

Nextcloud Server's brute force protection allows someone to send more requests than intended

CVE-2023-32320

NextcloudSecurity-advisories8.7HIGH

NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection

CVE-2023-31128

nextcloudcookbook8.8HIGH

Nextcloud user_oidc app is missing brute force protection

CVE-2023-32074

NextcloudSecurity-advisories8HIGH

Vulnerability Published:

Sort By:

1 June 2026

SQL Injection Vulnerability in Nextcloud Tables App

SQL Injection Vulnerability in Nextcloud's Tables App

Improper Authorization in Nextcloud Server Affects Calendar Functionality

Missing Signature Verification in Nextcloud OIDC Enables User Impersonation

15 November 2024

OAuth2 Client Secret Vulnerability in Nextcloud Server

Unencrypted Password Storage Vulnerability in Nextcloud Server

16 September 2024

Synchronized Files Vulnerability

14 June 2024

Arbitrary Code Injection in Nextcloud Desktop Client for macOS

Nextcloud Server Update: Upgrade to Improve Security and Stability

Nextcloud Server Security Update: Bypass of 2FA Possible in Certain Circumstances

29 March 2024

Command Injection Vulnerability in NextCloudPi Allows Root Access via Web-Panel

18 January 2024

Nextcloud global site selector authentication bypass

21 November 2023

Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF

Nextcloud Mail app vulnerable to Server-Side Request Forgery

Nextcloud Server users can make external storage mount points inaccessible for other users

13 October 2023

Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint

10 August 2023

Users can delete external storage mount points

Missing password confirmation when creating app passwords

Path traversal allows tricking the Talk Android app into writing files into it's root directory

23 June 2023

Nextcloud Server password reset endpoint is not brute force protected

Nextcloud system addressbooks can be modified by malicious trusted server

Nextcloud user scoped external storage can be used to gather credentials of other users

22 June 2023

Nextcloud Server's brute force protection allows someone to send more requests than intended

26 May 2023

NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection

25 May 2023

Nextcloud user_oidc app is missing brute force protection