Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv3
CVE-2020-8152
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an malicious user to replace the public key to decrypt them later on.
Nextcloud Nextcloud Server
2 Github repositories
7.7
CVSSv3
CVE-2020-8154
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an malicious user to remote wipe devices of other users when sending a malicious request directly to the endpoint.
Nextcloud Nextcloud Server
8.1
CVSSv3
CVE-2020-8259
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an malicious user to replace the encryption keys.
Nextcloud Nextcloud Server
7.8
CVSSv3
CVE-2023-25820
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x before 25.0.5 and versions 24.0.x before 24.0.10 as well as ...
Nextcloud Nextcloud Server
9.8
CVSSv3
CVE-2023-48306
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 2...
Nextcloud Nextcloud Server
4.8
CVSSv3
CVE-2019-15618
Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location.
Nextcloud Nextcloud Server
9.8
CVSSv3
CVE-2021-32726
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. Th...
Nextcloud Nextcloud Server
4.3
CVSSv3
CVE-2022-24888
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects fi...
Nextcloud Nextcloud Server
4.3
CVSSv3
CVE-2017-0884
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that thi...
Nextcloud Nextcloud Server
7.5
CVSSv3
CVE-2023-25579
Nextcloud server is a self hosted home cloud product. In affected versions the `OC\Files\Node\Folder::getFullPath()` function was validating and normalizing the string in the wrong order. The function is used in the `newFile()` and `newFolder()` items, which may allow to creation...
Nextcloud Nextcloud Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »