Improper access control in Nextcloud Deck 1.0.0 allowed an malicious user to inject tasks into other users decks.
nextcloud deck