Every CVE whose affected-product data names Nextcloud User Oidc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-32074 — CVSS 8.0 (high): user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended…
CVE-2024-37312 — CVSS 6.3 (medium): user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register…
CVE-2024-37886 — CVSS 5.4 (medium): user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is…
CVE-2023-28848 — CVSS 4.8 (medium): user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until…
CVE-2023-39953 — CVSS 4.8 (medium): user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to…
CVE-2026-45284 — CVSS 4.6 (medium): Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users…
CVE-2023-39954 — CVSS 3.8 (low): user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to…
CVE-2024-52512 — CVSS 3.3 (low): user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the…
CVE-2026-45278 — CVSS 3.3 (low): Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that…