Vulnerabilidades em nextcloud
288 resultadosCVE-2024-52525LOWNextcloud Server User password is available in memory of the PHP processEPSS 0.3%CVE-2023-28848MEDIUMCSRF protection on user_oidc login returned the expected token in case of an errorEPSS 0.3%CVE-2026-45156HIGHNextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDCEPSS 0.3%CVE-2023-39957HIGHPath traversal allows tricking the Talk Android app into writing files into it's root directoryEPSS 0.3%CVE-2025-47790MEDIUMNextcloud Server doesn't request second factor after session timeoutEPSS 0.3%CVE-2024-37885LOWCode injection in Nextcloud Desktop Client for macOSEPSS 0.3%CVE-2026-45545HIGHNextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL ExecutionEPSS 0.3%CVE-2025-47791MEDIUMNextcloud Server's test remote endpoint is not rate limitedEPSS 0.3%CVE-2024-37317MEDIUMNextcloud Notes app can be tricked into using a received share created before the user logged inEPSS 0.3%CVE-2021-32658MEDIUMSensitive data may not be removed from storage on account removalEPSS 0.3%CVE-2026-45722HIGHNextcloud: Tables app allows limited SQLi in ORDER BY with malicious sort order argument for Table ViewsEPSS 0.3%CVE-2025-66510MEDIUMNextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact listEPSS 0.3%CVE-2021-41181LOWNextcloud Talk app exposes chat messages on lockscreenEPSS 0.3%CVE-2026-45282MEDIUMNextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file accessEPSS 0.3%CVE-2026-45285MEDIUMNextcloud: Hidden Public Link creation when sharing to a Team External MemberEPSS 0.3%CVE-2026-45267MEDIUMNextcloud: Missing permission check for from submissionsEPSS 0.3%CVE-2026-45691MEDIUMNextcloud: Bypass of second factor authentication on DAV endpointsEPSS 0.3%CVE-2026-45690MEDIUMNextcloud: Two-Factor Authentication Bypass via Pending Session Token ReplayEPSS 0.3%CVE-2023-49790MEDIUMApp PIN code can be bypassed in Nextcloud Files iOSEPSS 0.3%CVE-2022-39210LOWAccess to internal files of the Nextcloud Android appEPSS 0.3%