Every CVE whose affected-product data names Nextcloud Desktop, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2024-46958 — CVSS 9.1 (critical): In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or…
CVE-2021-22879 — CVSS 8.8 (high): Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious…
CVE-2020-8224 — CVSS 7.8 (high): A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed…
CVE-2020-8225 — CVSS 7.5 (high): A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their…
CVE-2021-37617 — CVSS 7.3 (high): The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its…
CVE-2023-28999 — CVSS 6.9 (medium): Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until…
CVE-2020-8227 — CVSS 6.8 (medium): Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files…
CVE-2023-28998 — CVSS 6.7 (medium): The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5…
CVE-2020-8140 — CVSS 6.7 (medium): A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with…
CVE-2023-28997 — CVSS 6.7 (medium): The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5…
CVE-2022-41882 — CVSS 6.6 (medium): The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received…
CVE-2021-32728 — CVSS 6.5 (medium): The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end…
CVE-2021-22895 — CVSS 5.9 (medium): Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when…
CVE-2020-8230 — CVSS 5.5 (medium): A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed…
CVE-2020-8229 — CVSS 5.5 (medium): A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
CVE-2023-29000 — CVSS 5.4 (medium): The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0…
CVE-2020-8189 — CVSS 5.4 (medium): A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with…
CVE-2023-23942 — CVSS 5.4 (medium): The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing…
CVE-2023-22472 — CVSS 5.3 (medium): Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is…
CVE-2025-47792 — CVSS 5.0 (medium): Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already…
CVE-2022-39333 — CVSS 4.6 (medium): Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop…
CVE-2022-39331 — CVSS 4.6 (medium): Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop…
CVE-2022-39332 — CVSS 4.6 (medium): Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop…
CVE-2024-52510 — CVSS 4.2 (medium): The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with…
CVE-2022-39334 — CVSS 3.9 (low): Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of…
CVE-2024-37885 — CVSS 3.8 (low): The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop…
CVE-2025-66549 — CVSS 2.4 (low): Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end…