Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-32652
Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail prior to 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workaround...
Nextcloud Nextcloud Mail
6.4
CVSSv2
CVE-2021-32654
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploite...
Nextcloud Nextcloud Server
3.5
CVSSv2
CVE-2021-32655
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the shar...
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2021-32707
Nextcloud Mail is a mail app for Nextcloud. In versions before 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images ...
Nextcloud Nextcloud Mail
5
CVSSv2
CVE-2021-32656
Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions before 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate serv...
Nextcloud Nextcloud Server
NA
CVE-2023-25162
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server before 24.0.8 and 23.0.12 and Nextcloud Enterprise server before 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclo...
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2022-29163
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23....
Nextcloud Nextcloud Server
5
CVSSv2
CVE-2022-24888
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects fi...
Nextcloud Nextcloud Server
1.9
CVSSv2
CVE-2020-8150
A cryptographic issue in Nextcloud Server 19.0.1 allowed an malicious user to downgrade the encryption scheme and break the integrity of encrypted files.
Nextcloud Nextcloud Server
2 Github repositories
3.5
CVSSv2
CVE-2020-8294
A missing link validation in Nextcloud Server prior to 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.
Nextcloud Nextcloud Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »