Improper input validator in Nextcloud Server before 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.
nextcloud nextcloud server