CVE Tools

owncloud

Cloud & SaaSDEcommercial

149

Cumulative CVEs

22

Monthly snapshots

#2

Peak rank

Top products

files antivirus2 owncloud desktop client1

Latest CVEs

The 15 most recently published vulnerabilities affecting owncloud.

CVE-2019-25337OwnCloud 8.1.8 - Username Disclosure9.8Feb 12, 2026
CVE-2025-59716ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswor...5.3Nov 5, 2025
CVE-2023-49105An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has ...9.8Nov 21, 2023
CVE-2023-49104An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently ...8.7Nov 21, 2023
CVE-2023-49103An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL i...KEV10.0Nov 21, 2023
CVE-2023-23948ownCloud Android app vulnerable to SQL Injection6.2Feb 13, 2023
CVE-2023-24804ownCloud Android app vulnerable to Path Traversal5.0Feb 13, 2023
CVE-2022-43679The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.4.2Nov 10, 2022
CVE-2022-31649ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.7.5Jun 9, 2022
CVE-2022-25339ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.5.5Apr 7, 2022
CVE-2022-25338ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.6.8Apr 7, 2022
CVE-2021-33827The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.7.2Jan 15, 2022
CVE-2021-33828The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon dete...8.8Jan 15, 2022
CVE-2021-44537ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.7.8Jan 15, 2022
CVE-2021-40537Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.2.7Sep 8, 2021