Nextcloud enterprise server
This hub aggregates every CVE we track for Nextcloud enterprise server, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.
31
CVEs tracked
1
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM18LOW9HIGH3CRITICAL1
Monthly trend
0
0
0
0
10
0
0
0
0
0
2
0
0
0
0
0
0
4
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Nextcloud enterprise server.
- CVE-2025-66552Nextcloud Server admin_audit does not log all actions on files in groupfolders4.3
- CVE-2025-66547Nextcloud Server users can modify tags on files that do not belong to them4.3
- CVE-2025-66510Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list4.5
- CVE-2025-59788Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 2...6.4
- CVE-2025-47793Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file4.3
- CVE-2025-47791Nextcloud Server's test remote endpoint is not rate limited4.3
- CVE-2024-52514Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control4.1
- CVE-2024-52515Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews5.7
- CVE-2024-52516Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them3.0
- CVE-2024-52517Nextcloud Server's global credentials of external storages are sent back to the frontend4.6
- CVE-2024-52518Nextcloud Server is missing password confirmation when changing external storage options4.4
- CVE-2024-52519Nextcloud Server's OAuth2 client secrets were stored in a recoverable way2.7
- CVE-2024-52520Nextcloud Server's link reference provider can be tricked into downloading bigger files than intended5.7
- CVE-2024-52521Nextcloud Server has a potential hash collision for background jobs could skip queuing them2.6
- CVE-2024-52523Nextcloud Server Custom defined credentials of external storages are sent back to the frontend4.6
Product normalization is registry-driven with AI assist and human review. How it works