Nextcloud Nextcloud Server — known CVE vulnerabilities
Every CVE whose affected-product data names Nextcloud Nextcloud Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (189)
CVE-2021-22915 — CVSS 9.8 (critical): Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in…
CVE-2021-32802 — CVSS 9.3 (critical): Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content…
CVE-2023-26482 — CVSS 9.0 (critical): Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create…
CVE-2018-3775 — CVSS 8.8 (high): Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2…
CVE-2021-32688 — CVSS 8.8 (high): Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication…
CVE-2023-32320 — CVSS 8.7 (high): Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel…
CVE-2023-35172 — CVSS 8.7 (high): NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud…
CVE-2021-32656 — CVSS 8.6 (high): Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11…
CVE-2023-48239 — CVSS 8.5 (high): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions…
CVE-2023-35928 — CVSS 8.4 (high): Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until…
CVE-2020-8121 — CVSS 8.1 (high): A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
CVE-2016-9463 — CVSS 8.1 (high): Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass…
CVE-2023-39963 — CVSS 8.1 (high): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions…
CVE-2024-37882 — CVSS 8.1 (high): Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with…
CVE-2021-41177 — CVSS 8.1 (high): Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not…
CVE-2021-32800 — CVSS 8.1 (high): Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor…
CVE-2023-32319 — CVSS 8.1 (high): Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth…
CVE-2026-45281 — CVSS 8.1 (high): Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before…
CVE-2021-32654 — CVSS 8.1 (high): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able…
CVE-2018-16466 — CVSS 8.1 (high): Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by…
CVE-2020-8259 — CVSS 8.1 (high): Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.
CVE-2018-3761 — CVSS 8.1 (high): Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially…
CVE-2019-15613 — CVSS 8.0 (high): A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
CVE-2023-39962 — CVSS 7.7 (high): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions…
CVE-2020-8154 — CVSS 7.7 (high): An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when…
CVE-2023-35927 — CVSS 7.6 (high): NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud…
CVE-2020-8295 — CVSS 7.5 (high): A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
CVE-2020-8183 — CVSS 7.5 (high): A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
CVE-2024-37313 — CVSS 7.3 (high): Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after…
CVE-2023-32318 — CVSS 7.2 (high): Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app…
CVE-2021-32726 — CVSS 7.1 (high): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were…
CVE-2020-8236 — CVSS 6.8 (medium): A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification…
CVE-2026-45810 — CVSS 6.8 (medium): Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to…
CVE-2020-8296 — CVSS 6.7 (medium): Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.
CVE-2023-30539 — CVSS 6.5 (medium): Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of…
CVE-2023-39952 — CVSS 6.5 (medium): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions…
CVE-2019-15621 — CVSS 6.5 (medium): Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the…
CVE-2017-0886 — CVSS 6.5 (medium): Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an…
CVE-2020-8138 — CVSS 6.5 (medium): A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery…
CVE-2020-8139 — CVSS 6.5 (medium): A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when…
CVE-2020-8223 — CVSS 6.5 (medium): A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than…
CVE-2020-8293 — CVSS 6.5 (medium): A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules…
CVE-2021-22877 — CVSS 6.5 (medium): A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage…
CVE-2026-45282 — CVSS 6.5 (medium): Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before…
CVE-2021-41233 — CVSS 6.5 (medium): Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text…
CVE-2022-31118 — CVSS 6.5 (medium): Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing…
CVE-2023-45151 — CVSS 6.5 (medium): Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an…
CVE-2025-47790 — CVSS 6.4 (medium): Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise…
CVE-2017-0883 — CVSS 6.4 (medium): Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue…
CVE-2025-59788 — CVSS 6.4 (medium): Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33…
CVE-2026-45285 — CVSS 6.4 (medium): Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user…
CVE-2022-36074 — CVSS 6.4 (medium): Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which…
CVE-2026-45283 — CVSS 6.3 (medium): Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before…
CVE-2016-9459 — CVSS 6.1 (medium): Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a…
CVE-2020-8120 — CVSS 6.1 (medium): A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
CVE-2016-9466 — CVSS 6.1 (medium): Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery…
CVE-2023-25579 — CVSS 6.0 (medium): Nextcloud server is a self hosted home cloud product. In affected versions the `OC\Files\Node\Folder::getFullPath()` function was…
CVE-2026-45691 — CVSS 5.9 (medium): Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before…
CVE-2026-45690 — CVSS 5.9 (medium): Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before…
CVE-2019-15612 — CVSS 5.9 (medium): A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.
CVE-2023-39958 — CVSS 5.8 (medium): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions…
CVE-2023-28844 — CVSS 5.7 (medium): Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can…
CVE-2024-52515 — CVSS 5.7 (medium): Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user…
CVE-2017-0936 — CVSS 5.7 (medium): Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing…
CVE-2024-52520 — CVSS 5.7 (medium): Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked…
CVE-2023-28644 — CVSS 5.7 (medium): Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation…
CVE-2018-16464 — CVSS 5.7 (medium): A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner…
CVE-2023-25821 — CVSS 5.7 (medium): Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1…
CVE-2021-32801 — CVSS 5.5 (medium): Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging…
CVE-2023-28643 — CVSS 5.5 (medium): Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name…
CVE-2020-8294 — CVSS 5.4 (medium): A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet…
CVE-2018-3780 — CVSS 5.4 (medium): A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring…
CVE-2020-8155 — CVSS 5.4 (medium): An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening…
CVE-2023-49791 — CVSS 5.4 (medium): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and…
CVE-2016-9465 — CVSS 5.4 (medium): Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image…
CVE-2025-66512 — CVSS 5.4 (medium): Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing…
CVE-2017-0893 — CVSS 5.4 (medium): Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which…
CVE-2017-0890 — CVSS 5.4 (medium): Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be…
CVE-2017-0891 — CVSS 5.4 (medium): Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS…
CVE-2022-31014 — CVSS 5.4 (medium): Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The…
CVE-2019-15617 — CVSS 5.4 (medium): A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.
CVE-2016-7419 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before…
CVE-2018-3776 — CVSS 5.3 (medium): Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit…
CVE-2021-32705 — CVSS 5.3 (medium): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of…
CVE-2021-32703 — CVSS 5.3 (medium): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of…
CVE-2020-8133 — CVSS 5.3 (medium): A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.
CVE-2023-25818 — CVSS 5.3 (medium): Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of…
CVE-2021-32766 — CVSS 5.3 (medium): Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud…
CVE-2019-15623 — CVSS 5.3 (medium): Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup…
CVE-2018-16465 — CVSS 5.3 (medium): Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second…
CVE-2018-16467 — CVSS 5.3 (medium): A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.
CVE-2023-25162 — CVSS 5.3 (medium): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and…
CVE-2021-41239 — CVSS 5.3 (medium): Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not…
CVE-2016-9468 — CVSS 5.3 (medium): Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The…
CVE-2016-9467 — CVSS 5.3 (medium): Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The…
CVE-2021-32741 — CVSS 5.3 (medium): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of…
CVE-2023-49792 — CVSS 5.3 (medium): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and…
CVE-2020-8118 — CVSS 5.0 (medium): An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new…
CVE-2023-48306 — CVSS 5.0 (medium): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions…
CVE-2023-39960 — CVSS 5.0 (medium): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to…
CVE-2019-15624 — CVSS 4.9 (medium): Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
CVE-2021-32733 — CVSS 4.8 (medium): Nextcloud Text is a collaborative document editing application that uses Markdown. A cross-site scripting vulnerability is present in…
CVE-2021-22878 — CVSS 4.8 (medium): Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in…
CVE-2022-39330 — CVSS 4.8 (medium): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10…
CVE-2019-15618 — CVSS 4.8 (medium): Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location.
CVE-2019-15619 — CVSS 4.8 (medium): Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud…
CVE-2019-5451 — CVSS 4.6 (medium): Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing…
CVE-2024-52517 — CVSS 4.6 (medium): Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds…
CVE-2024-52523 — CVSS 4.6 (medium): Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed…
CVE-2025-66510 — CVSS 4.5 (medium): Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server…
CVE-2020-8152 — CVSS 4.4 (medium): Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to…
CVE-2024-52518 — CVSS 4.4 (medium): Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the…
CVE-2026-45279 — CVSS 4.4 (medium): Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to…
CVE-2020-8119 — CVSS 4.3 (medium): Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the…
CVE-2016-9461 — CVSS 4.3 (medium): Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The…
CVE-2016-9462 — CVSS 4.3 (medium): Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The…
CVE-2016-9464 — CVSS 4.3 (medium): Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as…
CVE-2017-0884 — CVSS 4.3 (medium): Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to…
CVE-2017-0885 — CVSS 4.3 (medium): Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in…
CVE-2017-0887 — CVSS 4.3 (medium): Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by…
CVE-2017-0888 — CVSS 4.3 (medium): Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar…
CVE-2017-0894 — CVSS 4.3 (medium): Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting…
CVE-2018-3762 — CVSS 4.3 (medium): Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still…
CVE-2019-5449 — CVSS 4.3 (medium): A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying…
CVE-2020-8117 — CVSS 4.3 (medium): Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
CVE-2020-8122 — CVSS 4.3 (medium): A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
CVE-2021-32657 — CVSS 4.3 (medium): Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a…
CVE-2021-41241 — CVSS 4.3 (medium): Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows…
CVE-2022-24888 — CVSS 4.3 (medium): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8…
CVE-2022-29243 — CVSS 4.3 (medium): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4…
CVE-2023-25816 — CVSS 4.3 (medium): Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource…
CVE-2023-45148 — CVSS 4.3 (medium): Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could…
CVE-2023-48304 — CVSS 4.3 (medium): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions…
CVE-2025-47791 — CVSS 4.3 (medium): Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise…
CVE-2025-47793 — CVSS 4.3 (medium): Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by…
CVE-2025-64011 — CVSS 4.3 (medium): Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user…
CVE-2025-66547 — CVSS 4.3 (medium): Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users…
CVE-2025-66552 — CVSS 4.3 (medium): Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect…
CVE-2023-48305 — CVSS 4.2 (medium): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions…
CVE-2023-25820 — CVSS 4.2 (medium): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the…
CVE-2024-52514 — CVSS 4.1 (medium): Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files…
CVE-2023-35171 — CVSS 4.1 (medium): NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in…
CVE-2020-8150 — CVSS 4.1 (medium): A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of…
CVE-2022-39364 — CVSS 4.0 (medium): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions…
CVE-2023-25161 — CVSS 3.7 (low): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise…
CVE-2021-32678 — CVSS 3.7 (low): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not…
CVE-2022-41968 — CVSS 3.5 (low): Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated…
CVE-2023-25817 — CVSS 3.5 (low): Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their…
CVE-2021-32655 — CVSS 3.5 (low): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able…
CVE-2023-48301 — CVSS 3.5 (low): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions…
CVE-2023-48302 — CVSS 3.5 (low): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions…
CVE-2023-39961 — CVSS 3.5 (low): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions…
CVE-2022-39346 — CVSS 3.5 (low): Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names…
CVE-2024-37314 — CVSS 3.5 (low): Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the…
CVE-2024-37315 — CVSS 3.5 (low): Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a…
CVE-2022-39329 — CVSS 3.5 (low): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise…
CVE-2024-37884 — CVSS 3.5 (low): Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they…
CVE-2024-37887 — CVSS 3.5 (low): Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It…
CVE-2022-29163 — CVSS 3.5 (low): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a…
CVE-2022-24741 — CVSS 3.5 (low): Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of…
CVE-2021-32725 — CVSS 3.5 (low): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share…
CVE-2021-32679 — CVSS 3.5 (low): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not…
CVE-2017-0895 — CVSS 3.5 (low): Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note…
CVE-2017-0892 — CVSS 3.5 (low): Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to…
CVE-2023-28835 — CVSS 3.5 (low): Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creating a share…
CVE-2023-28834 — CVSS 3.5 (low): Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as…
CVE-2023-39959 — CVSS 3.5 (low): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions…
CVE-2021-32680 — CVSS 3.3 (low): Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server…
CVE-2018-16463 — CVSS 3.1 (low): A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access…
CVE-2023-28847 — CVSS 3.1 (low): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to…
CVE-2021-32734 — CVSS 3.1 (low): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text…
CVE-2024-52516 — CVSS 3.0 (low): Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own…
CVE-2022-39211 — CVSS 3.0 (low): Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found…
CVE-2024-22403 — CVSS 3.0 (low): Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access…
CVE-2024-52519 — CVSS 2.7 (low): Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker…
CVE-2021-32653 — CVSS 2.7 (low): Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user…
CVE-2024-52521 — CVSS 2.6 (low): Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased…
CVE-2025-47794 — CVSS 2.6 (low): Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise…
CVE-2022-41970 — CVSS 2.6 (low): Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow…
CVE-2024-52513 — CVSS 2.6 (low): Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user…
CVE-2022-24889 — CVSS 2.4 (low): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and…
CVE-2022-41969 — CVSS 2.4 (low): Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit…
CVE-2023-48303 — CVSS 2.4 (low): Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions…
CVE-2023-28833 — CVSS 2.4 (low): Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a…
CVE-2023-25159 — CVSS 2.3 (low): Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document…
CVE-2020-8173 — CVSS 2.2 (low): A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
CVE-2022-31120 — CVSS 2.1 (low): Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been…
CVE-2024-52525 — CVSS 1.8 (low): Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the…