Nextcloud Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by nextcloud
Vulnerability Published:
๐๏ธ Published
- Anytime
Sort By:
๐๏ธ Published Date
- Descending
OAuth2 Client Secret Vulnerability in Nextcloud Server
CVE-2024-52519NextcloudNextcloud Server8.2HIGHUnencrypted Password Storage Vulnerability in Nextcloud Server
CVE-2024-52525NextcloudNextcloud Server7.5HIGHSynchronized Files Vulnerability
CVE-2024-46958NextcloudDesktop9.1CRITICALArbitrary Code Injection in Nextcloud Desktop Client for macOS
CVE-2024-37885NextcloudSecurity-advisories7.8HIGHNextcloud Server Update: Upgrade to Improve Security and Stability
CVE-2024-37882NextcloudSecurity-advisories8.1HIGHNextcloud Server Security Update: Bypass of 2FA Possible in Certain Circumstances
CVE-2024-37313NextcloudSecurity-advisories๐ฐ7.3HIGHCommand Injection Vulnerability in NextCloudPi Allows Root Access via Web-Panel
CVE-2024-30247NextcloudNextcloudpi9.8CRITICALNextcloud global site selector authentication bypass
CVE-2024-22212NextcloudSecurity-advisories9.7CRITICALNextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF
CVE-2023-48306nextcloudsecurity-advisories9.8CRITICALNextcloud Mail app vulnerable to Server-Side Request Forgery
CVE-2023-48307nextcloudsecurity-advisories9.8CRITICALNextcloud Server users can make external storage mount points inaccessible for other users
CVE-2023-48239nextcloudsecurity-advisories7.1HIGHNextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint
CVE-2023-39960nextcloudsecurity-advisories7.5HIGHUsers can delete external storage mount points
CVE-2023-39962NextcloudSecurity-advisories7.7HIGHMissing password confirmation when creating app passwords
CVE-2023-39963NextcloudSecurity-advisories8.1HIGHPath traversal allows tricking the Talk Android app into writing files into it's root directory
CVE-2023-39957NextcloudSecurity-advisories7.2HIGHNextcloud Server password reset endpoint is not brute force protected
CVE-2023-35172NextcloudSecurity-advisories8.7HIGHNextcloud system addressbooks can be modified by malicious trusted server
CVE-2023-35927NextcloudSecurity-advisories7.6HIGHNextcloud user scoped external storage can be used to gather credentials of other users
CVE-2023-35928NextcloudSecurity-advisories8.5HIGHNextcloud Server's brute force protection allows someone to send more requests than intended
CVE-2023-32320NextcloudSecurity-advisories8.7HIGHNextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection
CVE-2023-31128nextcloudcookbook8.8HIGHNextcloud user_oidc app is missing brute force protection
CVE-2023-32074NextcloudSecurity-advisories8HIGHScope of workflow operations is not validated in nextcloud server
CVE-2023-26482NextcloudSecurity-advisoriesEPSS 70%9.1CRITICALUnauthenticated SSRF in 3rd party module "cerdic/csstidy"
CVE-2022-31132NextcloudSecurity-advisories8.3HIGHSQL Injection in FileContentProvider (GHSL-2021-1007)
CVE-2021-43863NextcloudAndroid7.5HIGHFile Traversal affecting SVG files on Nextcloud Server
CVE-2021-41178NextcloudSecurity-advisories8.8HIGH