Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-3780
A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2022-29243
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into mem...
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2019-15616
Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.
Nextcloud Nextcloud Server
NA
CVE-2022-31118
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud...
Nextcloud Nextcloud Server
NA
CVE-2022-31120
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. ...
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2022-31131
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail before 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It i...
Nextcloud Nextcloud Mail
5
CVSSv2
CVE-2022-24888
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects fi...
Nextcloud Nextcloud Server
4.3
CVSSv2
CVE-2022-24889
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus ex...
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2021-32652
Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail prior to 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workaround...
Nextcloud Nextcloud Mail
4
CVSSv2
CVE-2021-32653
Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions before 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0....
Nextcloud Nextcloud Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »