Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-25817
Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and prior to 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recomme...
Nextcloud Nextcloud Server
7.1
CVSSv3
CVE-2023-25818
Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit `704eb3aa` password reset attempts are n...
Nextcloud Nextcloud Server
7.8
CVSSv3
CVE-2023-25820
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x before 25.0.5 and versions 24.0.x before 24.0.10 as well as ...
Nextcloud Nextcloud Server
4.3
CVSSv3
CVE-2023-26041
Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk ...
Nextcloud Nextcloud Talk
6.5
CVSSv3
CVE-2023-25816
Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, before 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3...
Nextcloud Nextcloud Server
7.5
CVSSv3
CVE-2023-25821
Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, before 24.0.7, and 25.0.0 and above, before 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in ...
Nextcloud Nextcloud Server 25.0.0
Nextcloud Nextcloud Server
7.5
CVSSv3
CVE-2023-25579
Nextcloud server is a self hosted home cloud product. In affected versions the `OC\Files\Node\Folder::getFullPath()` function was validating and normalizing the string in the wrong order. The function is used in the `newFile()` and `newFolder()` items, which may allow to creation...
Nextcloud Nextcloud Server
5.3
CVSSv3
CVE-2023-25161
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowd...
Nextcloud Nextcloud Server 25.0.0
Nextcloud Nextcloud Server
5.3
CVSSv3
CVE-2023-25162
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server before 24.0.8 and 23.0.12 and Nextcloud Enterprise server before 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclo...
Nextcloud Nextcloud Server
5.3
CVSSv3
CVE-2023-25160
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, ...
Nextcloud Mail
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »