Skip to main content

Nextcloud

359 CVEs product

Monthly

CVE-2024-22402 MEDIUM PATCH This Month

Nextcloud guests app is a utility to create guest users which can only see files shared with them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Guests
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-22401 MEDIUM PATCH This Month

Nextcloud guests app is a utility to create guest users which can only see files shared with them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Guests
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-22403 LOW PATCH Monitor

Nextcloud server is a self hosted personal cloud system. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
3.7
EPSS
0.5%
CVE-2024-22400 MEDIUM PATCH This Month

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Nextcloud Open Redirect Sso Saml Authentication
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-22213 MEDIUM POC PATCH This Month

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud XSS Deck
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-22212 CRITICAL PATCH Act Now

Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Nextcloud Global Site Selector
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49792 CRITICAL PATCH Act Now

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-49791 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-49790 MEDIUM PATCH This Month

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apple Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-48308 MEDIUM PATCH This Month

Nextcloud/Cloud is a calendar app for Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Calendar
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-49782 MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Microsoft Nextcloud Richdocumentscode
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-48314 MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Microsoft Nextcloud Collabora Online
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-48307 CRITICAL PATCH Act Now

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48306 CRITICAL POC Act Now

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-48305 MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-48304 MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-48303 LOW PATCH Monitor

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
2.7
EPSS
0.7%
CVE-2023-48302 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-48301 MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-48239 HIGH POC PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-45150 MEDIUM POC PATCH This Month

Nextcloud calendar is a calendar app for the Nextcloud server platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Nextcloud Calendar
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-45149 MEDIUM PATCH This Month

Nextcloud talk is a chat module for the Nextcloud server platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Talk
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-45660 MEDIUM PATCH This Month

Nextcloud mail is an email app for the Nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Denial Of Service Nextcloud Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-45151 HIGH PATCH This Week

Nextcloud server is an open source home cloud platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-45148 MEDIUM PATCH This Month

Nextcloud is an open source home cloud server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Redis Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-39960 HIGH PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39963 HIGH PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39962 HIGH PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.7
EPSS
0.8%
CVE-2023-39961 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-39959 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-39958 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-39957 HIGH PATCH This Week

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Google Nextcloud Talk
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39955 MEDIUM PATCH This Month

Notes is a note-taking app for Nextcloud, an open-source cloud platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nextcloud Notes
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-39954 HIGH PATCH This Week

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud User Oidc
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-39953 MEDIUM PATCH This Month

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Nextcloud User Oidc
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-39952 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-35928 HIGH This Week

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-35927 HIGH This Week

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-35173 MEDIUM PATCH This Month

Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud End To End Encryption
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-35172 CRITICAL Act Now

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-35171 MEDIUM POC PATCH This Month

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud Open Redirect Nextcloud Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-32320 HIGH PATCH This Week

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-33183 MEDIUM PATCH This Month

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Calendar
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-33182 MEDIUM PATCH This Month

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Contacts
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-33184 MEDIUM PATCH This Month

Nextcloud Mail is a mail app in Nextcloud. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32319 MEDIUM PATCH This Month

Nextcloud server is an open source personal cloud implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-31128 HIGH POC PATCH This Week

NextCloud Cookbook is a recipe library app. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Nextcloud Cookbook
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2023-32318 MEDIUM PATCH This Month

Nextcloud server provides a home for data. Rated medium severity (CVSS 6.7).

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32074 CRITICAL PATCH Act Now

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud User Oidc
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31145 MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Nextcloud Information Disclosure XSS +1
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28847 HIGH POC PATCH This Week

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-30540 MEDIUM PATCH This Month

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nextcloud Talk
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-30539 HIGH PATCH This Week

Nextcloud is a personal home server system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Files Automated Tagging Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-29000 MEDIUM PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28999 MEDIUM POC PATCH This Month

Nextcloud is an open-source productivity platform. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Apple Google Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.4
EPSS
0.7%
CVE-2023-28998 MEDIUM POC PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-28997 MEDIUM POC PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-28848 MEDIUM PATCH This Month

user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Nextcloud User Oidc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-28834 MEDIUM POC PATCH This Month

Nextcloud Server is an open source personal cloud server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-28845 LOW PATCH Monitor

Nextcloud talk is a video & audio conferencing app for Nextcloud. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Talk
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2023-28844 MEDIUM PATCH This Month

Nextcloud server is an open source home cloud implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28645 MEDIUM PATCH This Month

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Nextcloud Richdocuments
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28835 HIGH PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28833 HIGH PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28647 MEDIUM PATCH This Month

Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Apple Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-28646 LOW PATCH Monitor

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity.

Google Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
2.4
EPSS
0.2%
CVE-2023-28644 HIGH PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28643 HIGH POC PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-26482 HIGH POC PATCH Act Now

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2023-25817 HIGH PATCH This Week

Nextcloud server is an open source, personal cloud implementation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-25818 HIGH PATCH This Week

Nextcloud server is an open source, personal cloud implementation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-25820 HIGH PATCH This Week

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26041 MEDIUM POC PATCH This Month

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Talk
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-25821 HIGH POC PATCH This Week

Nextcloud is an Open Source private cloud software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-25816 MEDIUM POC PATCH This Month

Nextcloud is an Open Source private cloud software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-25579 HIGH PATCH This Week

Nextcloud server is a self hosted home cloud product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-25162 MEDIUM POC This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-25161 MEDIUM PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-25160 MEDIUM PATCH This Month

Nextcloud Mail is an email app for the Nextcloud home server platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Mail
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-25159 MEDIUM This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Nextcloud Nextcloud Server Richdocuments
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-25150 MEDIUM PATCH This Month

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Nextcloud Richdocuments
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-23943 MEDIUM POC PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-23942 MEDIUM PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-23944 MEDIUM PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Mail
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22471 MEDIUM PATCH This Month

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Deck
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-22470 MEDIUM PATCH This Month

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nextcloud Deck
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-22469 LOW POC PATCH Monitor

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Deck
NVD GitHub
CVSS 3.1
3.5
EPSS
0.7%
CVE-2023-22473 LOW POC PATCH Monitor

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Nextcloud Talk
NVD GitHub
CVSS 3.1
2.1
EPSS
0.6%
CVE-2023-22472 HIGH PATCH This Week

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Microsoft CSRF Nextcloud Desktop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-41971 MEDIUM This Month

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Google Nextcloud Talk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Nextcloud guests app is a utility to create guest users which can only see files shared with them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Guests
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud guests app is a utility to create guest users which can only see files shared with them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Guests
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Nextcloud server is a self hosted personal cloud system. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Nextcloud Open Redirect Sso Saml Authentication
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud XSS Deck
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Nextcloud Global Site Selector
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apple Authentication Bypass Nextcloud
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud/Cloud is a calendar app for Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Calendar
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Microsoft +2
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Microsoft +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 2.7
LOW PATCH Monitor

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Nextcloud calendar is a calendar app for the Nextcloud server platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Nextcloud Calendar
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud talk is a chat module for the Nextcloud server platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Talk
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud mail is an email app for the Nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Denial Of Service Nextcloud +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Nextcloud server is an open source home cloud platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud is an open source home cloud server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Redis Nextcloud +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 7.7
HIGH PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Google Nextcloud +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Notes is a note-taking app for Nextcloud, an open-source cloud platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nextcloud Notes
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud User Oidc
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Nextcloud User Oidc
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Nextcloud +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Nextcloud +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud End To End Encryption
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud Open Redirect Nextcloud Server
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Calendar
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Contacts
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nextcloud Mail is a mail app in Nextcloud. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud server is an open source personal cloud implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

NextCloud Cookbook is a recipe library app. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Nextcloud Cookbook
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Nextcloud server provides a home for data. Rated medium severity (CVSS 6.7).

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud User Oidc
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Nextcloud +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nextcloud Talk
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Nextcloud is a personal home server system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Files Automated Tagging +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Desktop
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM POC PATCH This Month

Nextcloud is an open-source productivity platform. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Apple Google +2
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Desktop
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Desktop
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Nextcloud User Oidc
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Nextcloud Server is an open source personal cloud server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Nextcloud talk is a video & audio conferencing app for Nextcloud. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Talk
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud server is an open source home cloud implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Nextcloud +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Apple Authentication Bypass Nextcloud
NVD GitHub
EPSS 0% CVSS 2.4
LOW PATCH Monitor

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity.

Google Authentication Bypass Nextcloud
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC PATCH Act Now

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Nextcloud server is an open source, personal cloud implementation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Nextcloud server is an open source, personal cloud implementation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Talk
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Nextcloud is an Open Source private cloud software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Nextcloud is an Open Source private cloud software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Nextcloud server is a self hosted home cloud product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nextcloud Nextcloud Server
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Nextcloud Mail is an email app for the Nextcloud home server platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Mail
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Nextcloud +2
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Nextcloud +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Nextcloud Mail
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nextcloud Desktop
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Mail
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Deck
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nextcloud Deck
NVD GitHub
EPSS 1% CVSS 3.5
LOW POC PATCH Monitor

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Deck
NVD GitHub
EPSS 1% CVSS 2.1
LOW POC PATCH Monitor

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Nextcloud +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Microsoft CSRF Nextcloud +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Google +1
NVD GitHub
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy