nextcloud gmbh
Latest CVEs
The 15 most recently published vulnerabilities affecting nextcloud gmbh.
- CVE-2025-64011Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other u...4.3
- CVE-2025-66554Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field3.5
- CVE-2025-66514Nextcloud Mail stored HTML injection in subject text3.5
- CVE-2025-66550Nextcloud Calendar attachments of local files are offered to downloaded5.7
- CVE-2025-66546Nextcloud Calendar app allowed booking appointments without the generated token3.3
- CVE-2025-66511Nextcloud Calendar app used predictable proposal participant tokens4.8
- CVE-2025-66552Nextcloud Server admin_audit does not log all actions on files in groupfolders4.3
- CVE-2025-66547Nextcloud Server users can modify tags on files that do not belong to them4.3
- CVE-2025-66512Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud5.4
- CVE-2025-66510Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list4.5
- CVE-2025-59788Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 2...6.4
- CVE-2025-47793Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file4.3
- CVE-2025-47792Nextcloud Desktop 3rdparty applications can create share links via socket API5.0
- CVE-2025-47791Nextcloud Server's test remote endpoint is not rate limited4.3
- CVE-2024-52509Nextcloud Mail app does not respect download permissions in shares3.5