Skip to main content

Nextcloud

359 CVEs product

Monthly

CVE-2026-52782 CRITICAL PATCH Act Now

Cross-project folder hijacking in OpenProject before 17.3.3 and 17.4.1 lets a project-admin abuse an insecure direct object reference (CWE-639) to take over another project's managed Nextcloud or OneDrive storage folder. By PATCHing the storages_project_storage[project_folder_id] parameter on /projects/<id>/settings/project_storages/<ps_id>, an attacker writes a victim project's folder ID into their own ProjectStorage row, and the next managed-folder sync rewrites the target folder's ACL to the attacker's project member list. CVSS is 9.9 and the issue carries a scope change, but there is no public exploit identified at time of analysis and it is not on CISA KEV.

Authentication Bypass Nextcloud Openproject
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-48015 PHP MEDIUM PATCH GHSA This Month

Stored cross-site scripting in Shopware's media manager allows any authenticated admin to upload an unsanitized SVG file containing arbitrary JavaScript that executes in the Shopware domain context when the file is accessed by any user. The upload pipeline - spanning MediaUploadController, FileSaver, and TypeDetector - classifies SVG as a valid ImageType with VECTOR_GRAPHIC flag but performs zero content sanitization: no DOMPurify, no enshrined/svg-sanitize, no strip_tags on SVG XML content. In an e-commerce context this enables admin account takeover, customer data exfiltration, and malicious plugin installation. No public exploit identified at time of analysis and this vulnerability is not listed in CISA KEV.

Nextcloud XSS WordPress PHP
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-45810 MEDIUM PATCH This Month

Comment authorization bypass in Nextcloud Server 31.x and 32.x allows authenticated low-privilege users to read all file comments system-wide, bypassing file-level access controls. Affected are Nextcloud Server 31.0.0-31.0.11 and 32.0.0-32.0.2, plus a broad range of Nextcloud Enterprise Server branches. No public exploit has been identified at time of analysis and the vulnerability is absent from CISA KEV, but the CVSS Changed scope rating indicates sensitive organizational data embedded in comments - internal notes, credentials, review feedback - can be exposed cross-user without any file-access permission.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-45722 HIGH PATCH This Week

Blind SQL injection in the Nextcloud Tables app affects versions 0.9.0 through 0.9.6 and 1.0.0 through 1.0.1, allowing authenticated users with access to the Tables app to inject SQL into the ORDER BY clause of database queries. The flaw permits bit-by-bit data extraction or time-based exfiltration against the underlying database, and no public exploit identified at time of analysis. Patches are available in versions 0.9.7 and 1.0.2.

SQLi Nextcloud
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-45691 MEDIUM PATCH This Month

Two-factor authentication bypass in Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 enables a partially-authenticated attacker to access DAV endpoints (WebDAV, CalDAV, CardDAV) with full read/write privileges by reusing a pre-2FA intermediate session cookie as a Bearer token. The TEMPORARY_TOKEN issued after successful password authentication but before TOTP completion was not restricted to cookie-based requests, allowing it to be replayed in an HTTP Authorization: Bearer header against DAV APIs - entirely circumventing mandatory two-factor authentication enforcement. No public exploit has been identified at time of analysis, though a HackerOne report (3573399) documents the issue; vendor-confirmed patches are available.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-45690 MEDIUM PATCH This Month

Two-factor authentication bypass in Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 allows an authenticated attacker who possesses a valid user password to fully circumvent 2FA protections and gain unauthorized account access. During the login sequence, Nextcloud creates a temporary session token after credential validation but before the second factor is enforced; this token was not restricted from use in HTTP Basic Authentication or Bearer-header flows, enabling replay to authenticated API endpoints and effectively nullifying the 2FA control. Vendor-released patches exist as 32.0.9 and 33.0.3; no public exploit identified at time of analysis, though the fix PR makes the exploit mechanism technically transparent.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-45545 HIGH PATCH This Week

SQL injection in the Nextcloud Tables app allows authenticated users with access to the Tables feature to execute arbitrary SQL queries against the backend database via a stored injection vector. Although a 20-byte length limit is imposed on the injected payload, carefully crafted input can break out of this restriction, enabling data extraction and modification. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Nextcloud
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-45544 MEDIUM PATCH This Month

Nextcloud Tables versions 0.8.0 through 1.0.3 improperly disclose view filter criteria to authenticated users holding only read-only permissions on a shared view. The flaw in ViewService.php attempted to sanitize filter arrays for low-privileged users but instead exposed the full filter rules - potentially revealing sensitive column names, threshold values, or data organization logic the view owner intended to keep confidential. No public exploit code has been identified at time of analysis, and this CVE is not listed in CISA KEV, indicating no confirmed active exploitation.

Information Disclosure Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-45543 MEDIUM PATCH This Month

Broken share revocation in Nextcloud Forms versions 4.3.0 through 5.2.7 leaves former collaborators with persistent read access to uploaded respondent files after removal. The vulnerability stems from a two-layer share architecture where removing a collaborator deleted the Forms-layer share record but silently preserved the underlying Nextcloud Files-layer share on the uploaded files folder - meaning removed users retained filesystem-level access to sensitive form submission files. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but the low-complexity network vector (CVSS AV:N/AC:L/PR:N/UI:N) means a removed collaborator can exploit this passively without any additional action.

Information Disclosure Path Traversal Nextcloud
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45286 MEDIUM PATCH This Month

User enumeration via Nextcloud Calendar's attendee suggestion endpoint affects authenticated users on versions 5.5.13-5.5.16 and 6.2.0-6.2.2. The `searchAttendee` controller method in `ContactController.php` called the contacts manager search API without passing the instance's configured sharing restriction parameters - meaning enumeration-limiting settings (`shareapi_allow_share_dialog_user_enumeration`, `shareapi_only_share_with_group_members`, group-scoped restrictions) enforced on all other sharing endpoints were silently bypassed here. An authenticated low-privilege attacker can probe the endpoint with partial name or email strings to reconstruct the full user directory, disclosing usernames and email addresses that administrators had intentionally restricted. No public exploit identified at time of analysis and no confirmed active exploitation (CISA KEV not listed).

Information Disclosure Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-45284 MEDIUM PATCH This Month

Authentication bypass in Nextcloud's user_oidc app (versions 1.3.6 through 8.3.x) allows users deleted from LDAP to continue authenticating via OpenID Connect. The root cause is a boolean logic inversion in LdapService.php - the condition `isLDAPEnabled()` was used instead of `!isLDAPEnabled()`, causing the LDAP deletion check to execute only when LDAP was inactive, effectively skipping it in every real-world deployment. No public exploit code has been identified at time of analysis; the issue was responsibly disclosed via HackerOne report #3554696.

Authentication Bypass Nextcloud
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-45285 MEDIUM PATCH This Month

Nextcloud's Circles (Teams) sharing feature silently generates unauthenticated public access links when folders are shared with a Team containing external email-only members, links which are never surfaced in the sharing UI and cannot be revoked by the folder owner. Affected are Nextcloud versions 32.0.0-32.0.8 and 33.0.0-33.0.2 with the Circles app in use. Any party who receives or intercepts the emailed link obtains full read, write, delete, reshare, and download access to the shared folder without a Nextcloud account, and the folder owner has no visibility or revocation path through normal interfaces. No public exploit identified at time of analysis; the issue was disclosed via HackerOne.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-45283 MEDIUM PATCH This Month

Nextcloud Server's files_lock application failed to enforce file ownership during WebDAV DAV lock and unlock operations, allowing any authenticated low-privilege account to lock or unlock files belonging to other users by referencing their absolute WebDAV paths. Affected releases span Nextcloud Server 32.0.0-32.0.1 and 33.0.0, plus Nextcloud Enterprise Server in the 31.0.x, 32.x, and 33.x lines prior to their respective patches. Compounding the flaw, lock tokens were leaked in server error responses, enabling an attacker to silently remove token-based locks placed by legitimate sync clients - disrupting collaborative workflows without direct file access. No public exploit code or CISA KEV listing exists at time of analysis.

Authentication Bypass Nextcloud Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-45282 MEDIUM PATCH This Month

Nextcloud Server's link share attachment access bypasses password protection and download restrictions for authenticated users who possess a valid share token. Affecting versions 32.0.0-32.0.9 and 33.0.0-33.0.3 of Nextcloud Server (with broader version ranges for Enterprise), an attacker authenticated to the Nextcloud instance can retrieve attachments from password-protected or download-restricted link shares by supplying a documentId they own alongside a known share token-circumventing the intended access controls entirely. No public exploit has been identified at time of analysis, and no CISA KEV listing exists; however, the CVSS vector (AV:N/AC:L/PR:L/UI:N) indicates straightforward network exploitation by any authenticated user.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45281 HIGH PATCH This Week

Improper authorization in the Nextcloud Server CalDAV backend allows an authenticated user who knows another user's principal URL to gain full read/write access to that user's calendar in versions 32.0.0 to before 32.0.9 and 33.0.0 to before 33.0.3. The flaw was reported via HackerOne (report 3545964) and patched in PR 59962 by introducing dedicated ProxyRead/ProxyWrite ACL-aware classes; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-45279 MEDIUM PATCH This Month

{lang}` placeholder in the template directory config value. The root cause is insufficient sanitization of the `forceLanguage` HTTP request parameter and the `ACCEPT_LANGUAGE` header in `lib/private/L10N/Factory.php`, which were used unsanitized in filesystem path construction. No public exploit identified at time of analysis, though a HackerOne report (3468140) exists; CVSS scores this as Medium (4.4) due to high complexity and privilege preconditions, and impact is limited to confidentiality with no code execution possible.

Path Traversal Nextcloud
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-45278 LOW PATCH Monitor

Open redirect in Nextcloud's user_oidc plugin (versions 6.1.0 through 8.2.1) allows attackers to craft OIDC login links that silently redirect victims to arbitrary external websites upon successful authentication. The root cause is insufficient redirect URL sanitization in LoginController.php - a single regex stripping the protocol and domain could be bypassed using protocol-relative URLs (e.g., //attacker.com), which browsers resolve as full external URLs. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV; however, the phishing potential via trusted login flows warrants prompt patching in user-facing Nextcloud deployments.

Open Redirect Nextcloud
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-45277 LOW PATCH Monitor

Information disclosure in the Nextcloud Approval app prior to version 2.7.2 allows authenticated users to enumerate whether arbitrary files are enrolled in approval workflows, regardless of their access rights to those files. The root cause (CWE-200) is a missing file-access authorization check in ApprovalService.php before workflow association queries are processed, confirmed by the patch diff in PR #356. No public exploit exists and no active exploitation is confirmed; the practical impact is limited to organizational workflow metadata leakage rather than file content exposure.

Information Disclosure Nextcloud
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-45275 MEDIUM PATCH This Month

Privilege escalation in the Nextcloud Approval app (prior to version 2.7.2) allows authenticated users who lack sharing permissions to force the platform to distribute restricted files to approval workflow participants. By invoking the approval request flow with the createShares flag enabled, a user can bypass the system's file-sharing authorization controls entirely, causing files marked as non-shareable to be shared with designated approvers. No public exploit has been identified at time of analysis, but a vendor-confirmed patch and upstream PR diff are available.

Privilege Escalation Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45267 MEDIUM PATCH This Month

Unauthorized access to form submissions in Nextcloud Forms prior to version 5.2.6 allows any authenticated user to read survey or form responses submitted by other users. The root cause is a missing authorization check in the `getSubmission` API endpoint (`ApiController.php`), which failed to verify whether the requesting user held the PERMISSION_RESULTS privilege or was the original submitter. With a CVSS score of 6.5 (Medium) and no public exploit identified at time of analysis, real-world risk is bounded by the requirement for an authenticated session, but the confidentiality impact is rated High given unrestricted access to potentially sensitive form response data.

Information Disclosure Nextcloud
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45266 LOW PATCH Monitor

Improper access control in Nextcloud Talk's signaling layer allows a low-privileged authenticated user to forcibly mute other participants' microphones during calls on deployments without the High-performance Backend. The vulnerability exists in SignalingController::sendMessages(), which processed 'control' type signaling messages without first validating that the target session (decodedMessage['to']) was a legitimate room participant - allowing session-targeted control commands to reach arbitrary users. No public exploit or CISA KEV listing exists at time of analysis, and real-world impact is limited to call disruption with no data exposure.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-45159 LOW PATCH Monitor

Unauthorized file injection in the Nextcloud end-to-end encryption application (versions 1.15.0-1.18.x) allows a low-privileged user possessing a valid E2EE files drop share link to write files into other E2EE-encrypted folders owned by the same share owner. The impact is strictly integrity-limited - confidentiality is unaffected and existing files cannot be read or modified - consistent with the CVSS score of 3.5 (Low). No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog; it was responsibly disclosed via HackerOne report #3304830.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-45157 MEDIUM PATCH This Month

Unauthorized chunking upload access in Nextcloud Server allows an authenticated share recipient to read temporary part files during another user's active file upload. Affecting versions 32.0.0-32.0.8 and 33.0.0-33.0.2, the flaw stems from the WebDAV chunking upload collection failing to restrict directory listing or GET requests on intermediate upload objects when accessed via a share token - a boundary the fix explicitly closes by blocking reads on FutureFile and UploadFile node types. No public exploit has been identified and no CISA KEV listing exists at time of analysis, but the high confidentiality impact (CVSS C:H) means sensitive in-transit file contents are fully exposed to any malicious share recipient who times access during an active upload.

Authentication Bypass Nextcloud Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-45156 HIGH PATCH This Week

Authentication bypass in Nextcloud's User OIDC app (versions 0.3.0-3.0.x, 5.0.0-5.0.x, and 6.0.0-6.3.x) allows a malicious ID4me authority to impersonate arbitrary users due to missing JWT signature verification in the ID4me login flow. The flaw stems from a literal 'TODO: VALIATE SIGNATURE!' code comment that left ID tokens accepted without cryptographic validation, enabling identity spoofing once a victim is redirected through the attacker-controlled authority. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-45155 LOW PATCH Monitor

Nextcloud Server's Circles app exposes a missing access control check on the member-add API endpoint, allowing an authenticated user to add an arbitrary circle - identified only by its internal ID - as a member of another circle without verifying that the requesting user has any relationship to the target circle. Affected versions span 32.0.0-32.0.6 and 33.0.0, with Enterprise editions from 29.x through 31.x also impacted. Exploitation is severely constrained by the 62^15 entropy of circle IDs, making the vulnerability practically exploitable only when an attacker has obtained a valid circle ID through a separate information-disclosure path, at which point they could track or infer circle membership relationships. No public exploit exists and this is not listed in CISA KEV.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
2.6
EPSS
0.0%
CVE-2026-45154 LOW PATCH Monitor

Nextcloud Collectives versions 2.6.0 through 4.3.0 (exclusive) exposes deleted collective pages to unauthorized guests via a missing permission check in the public trash controller. Guests granted view-only access to a shared collective can bypass deletion-based access controls by directly querying trashbin endpoints, reading content that was intentionally removed. CVSS scores this at 2.6 (Low) with no public exploit identified at time of analysis and no CISA KEV listing, placing real-world priority at the lower end of the risk spectrum.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
2.6
EPSS
0.0%
CVE-2026-45153 MEDIUM PATCH This Month

PIN authentication bypass in the Nextcloud Files Android app (versions 33.0.0 through 33.0.x) allows a physically present attacker to circumvent the app's passcode lock screen by pressing the Android back button immediately after the host device is unlocked. The PassCodeActivity failed to intercept back-navigation events during PIN verification, granting direct file access without completing authentication. No public exploit identified at time of analysis and no CISA KEV listing; risk is tightly constrained by the physical access vector. Patched in version 33.1.0 via upstream PR #16896.

Google Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-45264 MEDIUM PATCH This Month

Rename permission bypass in Nextcloud's team folder (groupfolders) feature allows authenticated low-privileged users holding READ and CREATE permissions to rename files in team folders even when UPDATE permission is explicitly denied. Affecting Nextcloud versions 17.0.0 through 21.0.3, the flaw originates from a single-character bitwise operator error in ACLStorageWrapper.php - a `&` used instead of `|` when evaluating combined permission flags effectively nullifies the UPDATE permission check. No public exploit identified at time of analysis; vendor-released patches are available across all affected version branches.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-44515 LOW PATCH Monitor

Blind Server-Side Request Forgery in Nextcloud News prior to 28.3.0-beta.1 allows low-privileged authenticated users to weaponize the feed URL submission feature - available via both the web interface and API - to coerce the Nextcloud server into making outbound HTTP requests to attacker-specified internal or private IP ranges, including localhost. Response content is never relayed back to the attacker, constraining this to a reconnaissance primitive rather than a data-exfiltration channel. No public exploit has been identified at time of analysis, EPSS sits at 0.04% (12th percentile), and CISA has not listed this in KEV, collectively indicating a low-probability real-world exploitation scenario.

SSRF Nextcloud News
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-32012 MEDIUM PATCH This Month

OpenClaw before version 2026.2.25 fails to implement durable replay state validation for Nextcloud Talk webhook events, allowing attackers to capture and replay previously valid signed webhook requests to cause duplicate processing. This affects all versions of OpenClaw prior to the patched release, and an attacker with network access can exploit this vulnerability without authentication or user interaction to trigger integrity and availability impacts such as duplicate message processing or resource exhaustion.

Information Disclosure Nextcloud
NVD GitHub
CVSS 3.1
4.8
CVE-2026-28449 npm MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.25 suffer from a webhook replay vulnerability where valid signed Nextcloud Talk webhook requests lack durable replay state suppression, allowing attackers to capture and replay previously legitimate signed requests to trigger duplicate inbound message processing. This can result in message duplication, data integrity issues, and potential availability degradation. While the CVSS score of 4.8 is moderate, the attack requires no authentication and can be executed over the network with medium complexity, making it a viable attack vector for threat actors with network visibility to webhook traffic.

Information Disclosure Nextcloud
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-28474 npm CRITICAL PATCH Act Now

Authentication bypass in OpenClaw's Nextcloud Talk plugin versions ≤2026.2.2 allows remote unauthenticated attackers to bypass DM and room allowlists by spoofing display names. Attackers can change their Nextcloud display name to match an allowlisted user ID, gaining unauthorized access to restricted conversations without authentication. EPSS score is low (0.05%, 16th percentile), indicating low observed exploitation probability. No active exploitation confirmed; vulnerability was responsibly disclosed by AISLE Research Team and patched in version 2026.2.6.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2019-25368 MEDIUM POC This Month

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_password, Nextcloud_password_encryption, and Nextcloud_backupdir. [CVSS 5.4 MEDIUM]

PHP XSS Opnsense Nextcloud
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66558 LOW PATCH Monitor

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would then be prompted to register a new device on the next login. The attacker can not authenticate as the victim. This vulnerability is fixed in 1.4.2 and 2.4.1.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-66557 MEDIUM PATCH This Month

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.

Authentication Bypass Deck Nextcloud
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66556 LOW PATCH Monitor

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-66554 LOW POC PATCH Monitor

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked by the content security policy of the Nextcloud Server code. This vulnerability is fixed in 5.5.4, 6.0.6, and 7.2.5.

XSS Nextcloud
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-66553 MEDIUM PATCH This Month

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.

Authentication Bypass Tables Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66551 MEDIUM PATCH This Month

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.

Authentication Bypass Tables Nextcloud
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-66549 LOW PATCH Monitor

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is fixed in 3.16.5.

Information Disclosure Ubuntu Debian Nextcloud
NVD GitHub
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-66548 LOW PATCH Monitor

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension than what is displayed. This vulnerability is fixed in 1.12.7, 1.14.4, and 1.15.1.

Information Disclosure Nextcloud
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-66545 LOW PATCH Monitor

A security vulnerability in a group or team. (CVSS 3.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Nextcloud
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-66515 LOW PATCH Monitor

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-66514 LOW PATCH Monitor

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the Nextcloud Server code.

XSS Nextcloud
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-66513 MEDIUM PATCH This Month

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.

Authentication Bypass Tables Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66552 MEDIUM PATCH This Month

A security vulnerability in Nextcloud Server and Enterprise Server (CVSS 4.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Debian Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66550 MEDIUM POC PATCH This Month

A security vulnerability in Nextcloud Calendar (CVSS 5.7). Risk factors: public PoC available. Vendor patch is available.

Information Disclosure Calendar Nextcloud
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-66547 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.

Authentication Bypass Debian Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66546 LOW PATCH Monitor

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-66512 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.

XSS Debian Nextcloud Server Nextcloud Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66511 MEDIUM PATCH This Month

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The tokens are not purely random generated. This vulnerability is fixed in 6.0.3.

Information Disclosure Calendar Nextcloud
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-66510 MEDIUM PATCH This Month

A security vulnerability in Nextcloud Server (CVSS 4.5) that allows an authenticated user. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Debian Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-59788 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1...

XSS Nextcloud
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-66208 CRITICAL PATCH Act Now

Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702.

PHP Command Injection Online Nextcloud
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-47794 LOW Monitor

Nextcloud Server is a self hosted personal cloud system. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
2.6
EPSS
0.1%
CVE-2025-47793 MEDIUM PATCH Monitor

Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Group Folders Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-47792 MEDIUM PATCH This Month

Nextcloud Desktop is the desktop sync client for Nextcloud. Rated medium severity (CVSS 5.0).

Authentication Bypass Desktop Nextcloud
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-47791 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-47790 MEDIUM This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

PHP Authentication Bypass Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-52514 LOW PATCH Monitor

Nextcloud Server is a self hosted personal cloud system. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
3.5
EPSS
0.5%
CVE-2024-52513 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-52512 MEDIUM PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Nextcloud Open Redirect User Oidc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-52511 MEDIUM PATCH This Month

Nextcloud Tables allows users to to create tables with individual columns. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Tables
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-52510 HIGH PATCH This Week

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Desktop
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-52509 MEDIUM PATCH This Month

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Mail
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-52508 HIGH PATCH This Week

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Mail
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-52507 MEDIUM PATCH This Month

Nextcloud Tables allows users to to create tables with individual columns. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Tables
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-52525 HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis PHP Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-52523 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-52521 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-52520 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Nextcloud Denial Of Service Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-52519 HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-52518 MEDIUM This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-52517 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-52516 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-52515 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-46958 CRITICAL PATCH Act Now

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Desktop
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-37887 LOW PATCH Monitor

Nextcloud Server is a self hosted personal cloud system. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-37886 MEDIUM PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Nextcloud Information Disclosure User Oidc
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-37885 HIGH PATCH This Week

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Nextcloud RCE Apple Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-37884 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-37883 MEDIUM PATCH This Month

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Deck
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-37882 HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-37317 MEDIUM PATCH This Month

The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Notes
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-37316 MEDIUM PATCH This Month

Nextcloud Calendar is a calendar app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Calendar
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2024-37315 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-37314 LOW PATCH Monitor

Nextcloud Photos is a photo management app. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-37313 HIGH PATCH This Week

Nextcloud server is a self hosted personal cloud system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-37312 MEDIUM POC PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud User Oidc
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-22404 MEDIUM PATCH This Month

Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Zipper
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Cross-project folder hijacking in OpenProject before 17.3.3 and 17.4.1 lets a project-admin abuse an insecure direct object reference (CWE-639) to take over another project's managed Nextcloud or OneDrive storage folder. By PATCHing the storages_project_storage[project_folder_id] parameter on /projects/<id>/settings/project_storages/<ps_id>, an attacker writes a victim project's folder ID into their own ProjectStorage row, and the next managed-folder sync rewrites the target folder's ACL to the attacker's project member list. CVSS is 9.9 and the issue carries a scope change, but there is no public exploit identified at time of analysis and it is not on CISA KEV.

Authentication Bypass Nextcloud Openproject
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Stored cross-site scripting in Shopware's media manager allows any authenticated admin to upload an unsanitized SVG file containing arbitrary JavaScript that executes in the Shopware domain context when the file is accessed by any user. The upload pipeline - spanning MediaUploadController, FileSaver, and TypeDetector - classifies SVG as a valid ImageType with VECTOR_GRAPHIC flag but performs zero content sanitization: no DOMPurify, no enshrined/svg-sanitize, no strip_tags on SVG XML content. In an e-commerce context this enables admin account takeover, customer data exfiltration, and malicious plugin installation. No public exploit identified at time of analysis and this vulnerability is not listed in CISA KEV.

Nextcloud XSS WordPress +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Comment authorization bypass in Nextcloud Server 31.x and 32.x allows authenticated low-privilege users to read all file comments system-wide, bypassing file-level access controls. Affected are Nextcloud Server 31.0.0-31.0.11 and 32.0.0-32.0.2, plus a broad range of Nextcloud Enterprise Server branches. No public exploit has been identified at time of analysis and the vulnerability is absent from CISA KEV, but the CVSS Changed scope rating indicates sensitive organizational data embedded in comments - internal notes, credentials, review feedback - can be exposed cross-user without any file-access permission.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Blind SQL injection in the Nextcloud Tables app affects versions 0.9.0 through 0.9.6 and 1.0.0 through 1.0.1, allowing authenticated users with access to the Tables app to inject SQL into the ORDER BY clause of database queries. The flaw permits bit-by-bit data extraction or time-based exfiltration against the underlying database, and no public exploit identified at time of analysis. Patches are available in versions 0.9.7 and 1.0.2.

SQLi Nextcloud
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Two-factor authentication bypass in Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 enables a partially-authenticated attacker to access DAV endpoints (WebDAV, CalDAV, CardDAV) with full read/write privileges by reusing a pre-2FA intermediate session cookie as a Bearer token. The TEMPORARY_TOKEN issued after successful password authentication but before TOTP completion was not restricted to cookie-based requests, allowing it to be replayed in an HTTP Authorization: Bearer header against DAV APIs - entirely circumventing mandatory two-factor authentication enforcement. No public exploit has been identified at time of analysis, though a HackerOne report (3573399) documents the issue; vendor-confirmed patches are available.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Two-factor authentication bypass in Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 allows an authenticated attacker who possesses a valid user password to fully circumvent 2FA protections and gain unauthorized account access. During the login sequence, Nextcloud creates a temporary session token after credential validation but before the second factor is enforced; this token was not restricted from use in HTTP Basic Authentication or Bearer-header flows, enabling replay to authenticated API endpoints and effectively nullifying the 2FA control. Vendor-released patches exist as 32.0.9 and 33.0.3; no public exploit identified at time of analysis, though the fix PR makes the exploit mechanism technically transparent.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

SQL injection in the Nextcloud Tables app allows authenticated users with access to the Tables feature to execute arbitrary SQL queries against the backend database via a stored injection vector. Although a 20-byte length limit is imposed on the injected payload, carefully crafted input can break out of this restriction, enabling data extraction and modification. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Nextcloud
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Tables versions 0.8.0 through 1.0.3 improperly disclose view filter criteria to authenticated users holding only read-only permissions on a shared view. The flaw in ViewService.php attempted to sanitize filter arrays for low-privileged users but instead exposed the full filter rules - potentially revealing sensitive column names, threshold values, or data organization logic the view owner intended to keep confidential. No public exploit code has been identified at time of analysis, and this CVE is not listed in CISA KEV, indicating no confirmed active exploitation.

Information Disclosure Nextcloud
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Broken share revocation in Nextcloud Forms versions 4.3.0 through 5.2.7 leaves former collaborators with persistent read access to uploaded respondent files after removal. The vulnerability stems from a two-layer share architecture where removing a collaborator deleted the Forms-layer share record but silently preserved the underlying Nextcloud Files-layer share on the uploaded files folder - meaning removed users retained filesystem-level access to sensitive form submission files. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but the low-complexity network vector (CVSS AV:N/AC:L/PR:N/UI:N) means a removed collaborator can exploit this passively without any additional action.

Information Disclosure Path Traversal Nextcloud
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

User enumeration via Nextcloud Calendar's attendee suggestion endpoint affects authenticated users on versions 5.5.13-5.5.16 and 6.2.0-6.2.2. The `searchAttendee` controller method in `ContactController.php` called the contacts manager search API without passing the instance's configured sharing restriction parameters - meaning enumeration-limiting settings (`shareapi_allow_share_dialog_user_enumeration`, `shareapi_only_share_with_group_members`, group-scoped restrictions) enforced on all other sharing endpoints were silently bypassed here. An authenticated low-privilege attacker can probe the endpoint with partial name or email strings to reconstruct the full user directory, disclosing usernames and email addresses that administrators had intentionally restricted. No public exploit identified at time of analysis and no confirmed active exploitation (CISA KEV not listed).

Information Disclosure Nextcloud
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Authentication bypass in Nextcloud's user_oidc app (versions 1.3.6 through 8.3.x) allows users deleted from LDAP to continue authenticating via OpenID Connect. The root cause is a boolean logic inversion in LdapService.php - the condition `isLDAPEnabled()` was used instead of `!isLDAPEnabled()`, causing the LDAP deletion check to execute only when LDAP was inactive, effectively skipping it in every real-world deployment. No public exploit code has been identified at time of analysis; the issue was responsibly disclosed via HackerOne report #3554696.

Authentication Bypass Nextcloud
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Nextcloud's Circles (Teams) sharing feature silently generates unauthenticated public access links when folders are shared with a Team containing external email-only members, links which are never surfaced in the sharing UI and cannot be revoked by the folder owner. Affected are Nextcloud versions 32.0.0-32.0.8 and 33.0.0-33.0.2 with the Circles app in use. Any party who receives or intercepts the emailed link obtains full read, write, delete, reshare, and download access to the shared folder without a Nextcloud account, and the folder owner has no visibility or revocation path through normal interfaces. No public exploit identified at time of analysis; the issue was disclosed via HackerOne.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Nextcloud Server's files_lock application failed to enforce file ownership during WebDAV DAV lock and unlock operations, allowing any authenticated low-privilege account to lock or unlock files belonging to other users by referencing their absolute WebDAV paths. Affected releases span Nextcloud Server 32.0.0-32.0.1 and 33.0.0, plus Nextcloud Enterprise Server in the 31.0.x, 32.x, and 33.x lines prior to their respective patches. Compounding the flaw, lock tokens were leaked in server error responses, enabling an attacker to silently remove token-based locks placed by legitimate sync clients - disrupting collaborative workflows without direct file access. No public exploit code or CISA KEV listing exists at time of analysis.

Authentication Bypass Nextcloud Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud Server's link share attachment access bypasses password protection and download restrictions for authenticated users who possess a valid share token. Affecting versions 32.0.0-32.0.9 and 33.0.0-33.0.3 of Nextcloud Server (with broader version ranges for Enterprise), an attacker authenticated to the Nextcloud instance can retrieve attachments from password-protected or download-restricted link shares by supplying a documentId they own alongside a known share token-circumventing the intended access controls entirely. No public exploit has been identified at time of analysis, and no CISA KEV listing exists; however, the CVSS vector (AV:N/AC:L/PR:L/UI:N) indicates straightforward network exploitation by any authenticated user.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Improper authorization in the Nextcloud Server CalDAV backend allows an authenticated user who knows another user's principal URL to gain full read/write access to that user's calendar in versions 32.0.0 to before 32.0.9 and 33.0.0 to before 33.0.3. The flaw was reported via HackerOne (report 3545964) and patched in PR 59962 by introducing dedicated ProxyRead/ProxyWrite ACL-aware classes; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

{lang}` placeholder in the template directory config value. The root cause is insufficient sanitization of the `forceLanguage` HTTP request parameter and the `ACCEPT_LANGUAGE` header in `lib/private/L10N/Factory.php`, which were used unsanitized in filesystem path construction. No public exploit identified at time of analysis, though a HackerOne report (3468140) exists; CVSS scores this as Medium (4.4) due to high complexity and privilege preconditions, and impact is limited to confidentiality with no code execution possible.

Path Traversal Nextcloud
NVD GitHub VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Open redirect in Nextcloud's user_oidc plugin (versions 6.1.0 through 8.2.1) allows attackers to craft OIDC login links that silently redirect victims to arbitrary external websites upon successful authentication. The root cause is insufficient redirect URL sanitization in LoginController.php - a single regex stripping the protocol and domain could be bypassed using protocol-relative URLs (e.g., //attacker.com), which browsers resolve as full external URLs. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV; however, the phishing potential via trusted login flows warrants prompt patching in user-facing Nextcloud deployments.

Open Redirect Nextcloud
NVD GitHub VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Information disclosure in the Nextcloud Approval app prior to version 2.7.2 allows authenticated users to enumerate whether arbitrary files are enrolled in approval workflows, regardless of their access rights to those files. The root cause (CWE-200) is a missing file-access authorization check in ApprovalService.php before workflow association queries are processed, confirmed by the patch diff in PR #356. No public exploit exists and no active exploitation is confirmed; the practical impact is limited to organizational workflow metadata leakage rather than file content exposure.

Information Disclosure Nextcloud
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Privilege escalation in the Nextcloud Approval app (prior to version 2.7.2) allows authenticated users who lack sharing permissions to force the platform to distribute restricted files to approval workflow participants. By invoking the approval request flow with the createShares flag enabled, a user can bypass the system's file-sharing authorization controls entirely, causing files marked as non-shareable to be shared with designated approvers. No public exploit has been identified at time of analysis, but a vendor-confirmed patch and upstream PR diff are available.

Privilege Escalation Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unauthorized access to form submissions in Nextcloud Forms prior to version 5.2.6 allows any authenticated user to read survey or form responses submitted by other users. The root cause is a missing authorization check in the `getSubmission` API endpoint (`ApiController.php`), which failed to verify whether the requesting user held the PERMISSION_RESULTS privilege or was the original submitter. With a CVSS score of 6.5 (Medium) and no public exploit identified at time of analysis, real-world risk is bounded by the requirement for an authenticated session, but the confidentiality impact is rated High given unrestricted access to potentially sensitive form response data.

Information Disclosure Nextcloud
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Improper access control in Nextcloud Talk's signaling layer allows a low-privileged authenticated user to forcibly mute other participants' microphones during calls on deployments without the High-performance Backend. The vulnerability exists in SignalingController::sendMessages(), which processed 'control' type signaling messages without first validating that the target session (decodedMessage['to']) was a legitimate room participant - allowing session-targeted control commands to reach arbitrary users. No public exploit or CISA KEV listing exists at time of analysis, and real-world impact is limited to call disruption with no data exposure.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Unauthorized file injection in the Nextcloud end-to-end encryption application (versions 1.15.0-1.18.x) allows a low-privileged user possessing a valid E2EE files drop share link to write files into other E2EE-encrypted folders owned by the same share owner. The impact is strictly integrity-limited - confidentiality is unaffected and existing files cannot be read or modified - consistent with the CVSS score of 3.5 (Low). No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog; it was responsibly disclosed via HackerOne report #3304830.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Unauthorized chunking upload access in Nextcloud Server allows an authenticated share recipient to read temporary part files during another user's active file upload. Affecting versions 32.0.0-32.0.8 and 33.0.0-33.0.2, the flaw stems from the WebDAV chunking upload collection failing to restrict directory listing or GET requests on intermediate upload objects when accessed via a share token - a boundary the fix explicitly closes by blocking reads on FutureFile and UploadFile node types. No public exploit has been identified and no CISA KEV listing exists at time of analysis, but the high confidentiality impact (CVSS C:H) means sensitive in-transit file contents are fully exposed to any malicious share recipient who times access during an active upload.

Authentication Bypass Nextcloud Suse
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Authentication bypass in Nextcloud's User OIDC app (versions 0.3.0-3.0.x, 5.0.0-5.0.x, and 6.0.0-6.3.x) allows a malicious ID4me authority to impersonate arbitrary users due to missing JWT signature verification in the ID4me login flow. The flaw stems from a literal 'TODO: VALIATE SIGNATURE!' code comment that left ID tokens accepted without cryptographic validation, enabling identity spoofing once a victim is redirected through the attacker-controlled authority. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 2.6
LOW PATCH Monitor

Nextcloud Server's Circles app exposes a missing access control check on the member-add API endpoint, allowing an authenticated user to add an arbitrary circle - identified only by its internal ID - as a member of another circle without verifying that the requesting user has any relationship to the target circle. Affected versions span 32.0.0-32.0.6 and 33.0.0, with Enterprise editions from 29.x through 31.x also impacted. Exploitation is severely constrained by the 62^15 entropy of circle IDs, making the vulnerability practically exploitable only when an attacker has obtained a valid circle ID through a separate information-disclosure path, at which point they could track or infer circle membership relationships. No public exploit exists and this is not listed in CISA KEV.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 2.6
LOW PATCH Monitor

Nextcloud Collectives versions 2.6.0 through 4.3.0 (exclusive) exposes deleted collective pages to unauthorized guests via a missing permission check in the public trash controller. Guests granted view-only access to a shared collective can bypass deletion-based access controls by directly querying trashbin endpoints, reading content that was intentionally removed. CVSS scores this at 2.6 (Low) with no public exploit identified at time of analysis and no CISA KEV listing, placing real-world priority at the lower end of the risk spectrum.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

PIN authentication bypass in the Nextcloud Files Android app (versions 33.0.0 through 33.0.x) allows a physically present attacker to circumvent the app's passcode lock screen by pressing the Android back button immediately after the host device is unlocked. The PassCodeActivity failed to intercept back-navigation events during PIN verification, granting direct file access without completing authentication. No public exploit identified at time of analysis and no CISA KEV listing; risk is tightly constrained by the physical access vector. Patched in version 33.1.0 via upstream PR #16896.

Google Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Rename permission bypass in Nextcloud's team folder (groupfolders) feature allows authenticated low-privileged users holding READ and CREATE permissions to rename files in team folders even when UPDATE permission is explicitly denied. Affecting Nextcloud versions 17.0.0 through 21.0.3, the flaw originates from a single-character bitwise operator error in ACLStorageWrapper.php - a `&` used instead of `|` when evaluating combined permission flags effectively nullifies the UPDATE permission check. No public exploit identified at time of analysis; vendor-released patches are available across all affected version branches.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Blind Server-Side Request Forgery in Nextcloud News prior to 28.3.0-beta.1 allows low-privileged authenticated users to weaponize the feed URL submission feature - available via both the web interface and API - to coerce the Nextcloud server into making outbound HTTP requests to attacker-specified internal or private IP ranges, including localhost. Response content is never relayed back to the attacker, constraining this to a reconnaissance primitive rather than a data-exfiltration channel. No public exploit has been identified at time of analysis, EPSS sits at 0.04% (12th percentile), and CISA has not listed this in KEV, collectively indicating a low-probability real-world exploitation scenario.

SSRF Nextcloud News
NVD GitHub
CVSS 4.8
MEDIUM PATCH This Month

OpenClaw before version 2026.2.25 fails to implement durable replay state validation for Nextcloud Talk webhook events, allowing attackers to capture and replay previously valid signed webhook requests to cause duplicate processing. This affects all versions of OpenClaw prior to the patched release, and an attacker with network access can exploit this vulnerability without authentication or user interaction to trigger integrity and availability impacts such as duplicate message processing or resource exhaustion.

Information Disclosure Nextcloud
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.25 suffer from a webhook replay vulnerability where valid signed Nextcloud Talk webhook requests lack durable replay state suppression, allowing attackers to capture and replay previously legitimate signed requests to trigger duplicate inbound message processing. This can result in message duplication, data integrity issues, and potential availability degradation. While the CVSS score of 4.8 is moderate, the attack requires no authentication and can be executed over the network with medium complexity, making it a viable attack vector for threat actors with network visibility to webhook traffic.

Information Disclosure Nextcloud
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Authentication bypass in OpenClaw's Nextcloud Talk plugin versions ≤2026.2.2 allows remote unauthenticated attackers to bypass DM and room allowlists by spoofing display names. Attackers can change their Nextcloud display name to match an allowlisted user ID, gaining unauthorized access to restricted conversations without authentication. EPSS score is low (0.05%, 16th percentile), indicating low observed exploitation probability. No active exploitation confirmed; vulnerability was responsibly disclosed by AISLE Research Team and patched in version 2026.2.6.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_password, Nextcloud_password_encryption, and Nextcloud_backupdir. [CVSS 5.4 MEDIUM]

PHP XSS Opnsense +1
NVD Exploit-DB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would then be prompted to register a new device on the next login. The attacker can not authenticate as the victim. This vulnerability is fixed in 1.4.2 and 2.4.1.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.

Authentication Bypass Deck Nextcloud
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked by the content security policy of the Nextcloud Server code. This vulnerability is fixed in 5.5.4, 6.0.6, and 7.2.5.

XSS Nextcloud
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.

Authentication Bypass Tables Nextcloud
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.

Authentication Bypass Tables Nextcloud
NVD GitHub
EPSS 0% CVSS 2.4
LOW PATCH Monitor

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is fixed in 3.16.5.

Information Disclosure Ubuntu Debian +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension than what is displayed. This vulnerability is fixed in 1.12.7, 1.14.4, and 1.15.1.

Information Disclosure Nextcloud
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

A security vulnerability in a group or team. (CVSS 3.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Nextcloud
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the Nextcloud Server code.

XSS Nextcloud
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.

Authentication Bypass Tables Nextcloud
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A security vulnerability in Nextcloud Server and Enterprise Server (CVSS 4.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Debian Nextcloud Server +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM POC PATCH This Month

A security vulnerability in Nextcloud Calendar (CVSS 5.7). Risk factors: public PoC available. Vendor patch is available.

Information Disclosure Calendar Nextcloud
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.

Authentication Bypass Debian Nextcloud Server +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1.

Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.

XSS Debian Nextcloud Server +2
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The tokens are not purely random generated. This vulnerability is fixed in 6.0.3.

Information Disclosure Calendar Nextcloud
NVD GitHub
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

A security vulnerability in Nextcloud Server (CVSS 4.5) that allows an authenticated user. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Debian Nextcloud Server +1
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1...

XSS Nextcloud
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702.

PHP Command Injection Online +1
NVD GitHub
EPSS 0% CVSS 2.6
LOW Monitor

Nextcloud Server is a self hosted personal cloud system. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Nextcloud Server Nextcloud
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Group Folders Nextcloud Server +1
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Nextcloud Desktop is the desktop sync client for Nextcloud. Rated medium severity (CVSS 5.0).

Authentication Bypass Desktop Nextcloud
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Server Nextcloud
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

PHP Authentication Bypass Nextcloud Server +1
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Nextcloud Server is a self hosted personal cloud system. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Nextcloud Open Redirect User Oidc
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud Tables allows users to to create tables with individual columns. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Tables
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Desktop
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Mail
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Mail
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Tables allows users to to create tables with individual columns. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Tables
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis PHP Nextcloud +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Nextcloud Denial Of Service Nextcloud Server
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Desktop
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Nextcloud Server is a self hosted personal cloud system. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Nextcloud Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Nextcloud RCE +2
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Deck
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Notes
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Nextcloud Calendar is a calendar app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Calendar
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Nextcloud Photos is a photo management app. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Nextcloud server is a self hosted personal cloud system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud User Oidc
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Zipper
NVD GitHub
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy