Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud nextcloud 3.0.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-37886
user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.
NA
CVE-2024-37312
user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an malicious user to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user ...
NA
CVE-2024-22401
Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2...
Nextcloud Guests 3.0.0
Nextcloud Guests
Nextcloud Guests 2.5.0
NA
CVE-2024-22402
Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permiss...
Nextcloud Guests 3.0.0
Nextcloud Guests
Nextcloud Guests 2.5.0
NA
CVE-2023-28997
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Deskto...
Nextcloud Desktop
NA
CVE-2023-28998
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure...
Nextcloud Desktop
NA
CVE-2023-28999
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can ...
Nextcloud Desktop
Nextcloud Nextcloud
NA
CVE-2023-29000
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop clien...
Nextcloud Desktop
668
VMScore
CVE-2019-5454
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.
Nextcloud Nextcloud 1.0.0
Nextcloud Nextcloud 1.0.1
Nextcloud Nextcloud 1.1.0
Nextcloud Nextcloud 1.2.0
Nextcloud Nextcloud 1.3.0
Nextcloud Nextcloud 1.3.1
Nextcloud Nextcloud 1.4.0
Nextcloud Nextcloud 1.4.1
Nextcloud Nextcloud 1.4.2
Nextcloud Nextcloud 1.4.3
Nextcloud Nextcloud 2.0.0
Nextcloud Nextcloud 2.0.1
Nextcloud Nextcloud 3.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started