Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-32802
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. T...
Nextcloud Nextcloud Server
5.7
CVSSv3
CVE-2018-16464
A missing access check in Nextcloud Server before 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.
Nextcloud Nextcloud Server
5.3
CVSSv3
CVE-2018-16465
Missing state in Nextcloud Server before 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.
Nextcloud Nextcloud Server
5.4
CVSSv3
CVE-2018-3780
A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.
Nextcloud Nextcloud Server
4.3
CVSSv3
CVE-2021-32652
Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail prior to 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workaround...
Nextcloud Nextcloud Mail
9.1
CVSSv3
CVE-2021-32654
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploite...
Nextcloud Nextcloud Server
4.3
CVSSv3
CVE-2021-32657
Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server before 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud in...
Nextcloud Nextcloud Server
4.3
CVSSv3
CVE-2021-32707
Nextcloud Mail is a mail app for Nextcloud. In versions before 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images ...
Nextcloud Nextcloud Mail
5.3
CVSSv3
CVE-2021-32725
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There a...
Nextcloud Nextcloud Server
9.8
CVSSv3
CVE-2021-32726
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. Th...
Nextcloud Nextcloud Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »