Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

security-advisories — Vulnerabilities & Security Advisories 245

All 245 CVE vulnerabilities found in security-advisories, with AI-generated Chinese analysis, references, and POCs.

The security-advisories vulnerability aggregation page provides a centralized resource for tracking common weakness types and tags across various software vendors. This page collects data on diverse vulnerability categories, including software flaws, configuration errors, and protocol weaknesses, covering security advisories released over the past decade. By accessing this comprehensive database, users can effectively track a specific vendor’s security advisory history to monitor their patching cadence and response times. Additionally, researchers and developers can analyze the characteristics of a particular weakness class to better understand its root causes and potential impact across different ecosystems. The platform also allows for detailed lookups of a product’s complete vulnerability history, enabling teams to identify recurring issues and prioritize remediation efforts based on historical trends. This structured approach facilitates a deeper understanding of security landscapes by correlating advisories with known weakness classifications. Users benefit from a unified view that simplifies the complex task of managing security risks across multiple products and vendors. The information presented here supports informed decision-making for security analysts, system administrators, and product managers who require accurate and up-to-date information on software vulnerabilities. By consolidating these resources, the page serves as an essential tool for maintaining robust security postures and ensuring that critical updates are applied promptly. This systematic organization of advisory data helps streamline security operations and enhances overall resilience against emerging threats.

Vendor: nextcloud

CVE IDTitleCVSSSeverityPublished
CVE-2025-47794 Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission CWE-284 2.6 Low2025-05-16
CVE-2025-47793 Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file CWE-770 4.3 Medium2025-05-16
CVE-2025-47792 Nextcloud Desktop 3rdparty applications can create share links via socket API CWE-284 5.0 Medium2025-05-16
CVE-2025-47791 Nextcloud Server's test remote endpoint is not rate limited CWE-918 4.3 Medium2025-05-16
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout CWE-287 6.4 Medium2025-05-16
CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares CWE-284 3.5 Low2024-11-15
CVE-2024-52508 Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers CWE-200 8.2 High2024-11-15
CVE-2024-52510 Nextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty CWE-295 4.2 Medium2024-11-15
CVE-2024-52507 Share information of the Nextcloud Tables app is not limited to affected users CWE-639 3.5 Low2024-11-15
CVE-2024-52511 Nextcloud Tables has an Authorization Bypass Through User-Controlled Key in Tables CWE-639 6.3 Medium2024-11-15
CVE-2024-52512 Nextcloud User OIDC has an open redirection when logging in with User OIDC CWE-601 3.3 Low2024-11-15
CVE-2024-52513 Nextcloud Server's Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares CWE-200 2.6 Low2024-11-15
CVE-2024-52514 Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control CWE-284 4.1 Medium2024-11-15
CVE-2024-52515 Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews CWE-706 5.7 Medium2024-11-15
CVE-2024-52516 Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them CWE-269 3.0 Low2024-11-15
CVE-2024-52517 Nextcloud Server's global credentials of external storages are sent back to the frontend CWE-200 4.6 Medium2024-11-15
CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options CWE-287 4.4 Medium2024-11-15
CVE-2024-52519 Nextcloud Server's OAuth2 client secrets were stored in a recoverable way CWE-922 2.7 Low2024-11-15
CVE-2024-52520 Nextcloud Server's link reference provider can be tricked into downloading bigger files than intended CWE-400 5.7 Medium2024-11-15
CVE-2024-52521 Nextcloud Server has a potential hash collision for background jobs could skip queuing them CWE-328 2.6 Low2024-11-15
CVE-2024-52523 Nextcloud Server Custom defined credentials of external storages are sent back to the frontend CWE-200 4.6 Medium2024-11-15
CVE-2024-52525 Nextcloud Server User password is available in memory of the PHP process CWE-312 1.8 Low2024-11-15
CVE-2024-40636 Basic Auth Credential Leakage to Logs After Fetch Registry Error in Steeltoe.Discovery.Eureka with Peer Awareness CWE-532 5.3 Medium2024-07-17
CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions CWE-284 3.5 Low2024-06-14
CVE-2024-37886 Nextcloud user_oidc's ID4me does not validate signature or expiration CWE-347 5.4 Medium2024-06-14
CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS CWE-94 3.8 Low2024-06-14
CVE-2024-37884 Nextcloud Server's users can delete old versions of read-only shared files CWE-284 3.5 Low2024-06-14
CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards CWE-284 4.3 Medium2024-06-14
CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions CWE-284 8.1 High2024-06-14
CVE-2024-37317 Nextcloud Notes app can be tricked into using a received share created before the user logged in CWE-284 4.6 Medium2024-06-14

All 245 known CVE vulnerabilities affecting security-advisories with full Chinese analysis, references, and POCs where available.