Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

security-advisories — Vulnerabilities & Security Advisories 245

All 245 CVE vulnerabilities found in security-advisories, with AI-generated Chinese analysis, references, and POCs.

The security-advisories vulnerability aggregation page provides a centralized resource for tracking common weakness types and tags across various software vendors. This page collects data on diverse vulnerability categories, including software flaws, configuration errors, and protocol weaknesses, covering security advisories released over the past decade. By accessing this comprehensive database, users can effectively track a specific vendor’s security advisory history to monitor their patching cadence and response times. Additionally, researchers and developers can analyze the characteristics of a particular weakness class to better understand its root causes and potential impact across different ecosystems. The platform also allows for detailed lookups of a product’s complete vulnerability history, enabling teams to identify recurring issues and prioritize remediation efforts based on historical trends. This structured approach facilitates a deeper understanding of security landscapes by correlating advisories with known weakness classifications. Users benefit from a unified view that simplifies the complex task of managing security risks across multiple products and vendors. The information presented here supports informed decision-making for security analysts, system administrators, and product managers who require accurate and up-to-date information on software vulnerabilities. By consolidating these resources, the page serves as an essential tool for maintaining robust security postures and ensuring that critical updates are applied promptly. This systematic organization of advisory data helps streamline security operations and enhances overall resilience against emerging threats.

Vendor: nextcloud

CVE IDTitleCVSSSeverityPublished
CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites CWE-241 4.6 Medium2024-06-14
CVE-2024-37315 Nextcloud Server's read-only users can restore old versions CWE-284 3.5 Low2024-06-14
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal CWE-284 3.5 Low2024-06-14
CVE-2024-37313 Nextcloud server allows the by-pass the second factor CWE-287 7.3 High2024-06-14
CVE-2024-37312 Nextcloud user_oidc app's ID4me feature is available even when disabled CWE-284 6.3 Medium2024-06-14
CVE-2024-22402 Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist CWE-281 5.4 Medium2024-01-18
CVE-2024-22401 All users can reset the allowed apps list for Nextcloud Guest App users CWE-281 4.1 Medium2024-01-18
CVE-2024-22404 Permissions bypass in Nextcloud with the files zip app CWE-281 4.1 Medium2024-01-18
CVE-2024-22403 OAuth2 authorization codes are valid indefinetly in Nextcloud server CWE-613 3.0 Low2024-01-18
CVE-2024-22400 Open redirect in user_saml via RelayState parameter in Nextcloud User Saml CWE-601 3.1 Low2024-01-18
CVE-2024-22213 Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app CWE-79--2024-01-18
CVE-2024-22212 Nextcloud global site selector authentication bypass CWE-306 9.7 Critical2024-01-18
CVE-2023-49792 Bruteforce protection can be bypassed with misconfigured proxy CWE-307 5.3 Medium2023-12-22
CVE-2023-49791 Workflows do not require password confirmation on API level CWE-284 5.4 Medium2023-12-22
CVE-2023-49790 App PIN code can be bypassed in Nextcloud Files iOS CWE-287 4.3 Medium2023-12-22
CVE-2023-48308 Calendar app returns full stacktrace when an error happens while editing appointment CWE-1258 3.5 Low2023-12-21
CVE-2023-48307 Nextcloud Mail app vulnerable to Server-Side Request Forgery CWE-918 3.5 Low2023-11-21
CVE-2023-48306 Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF CWE-918 5.0 Medium2023-11-21
CVE-2023-48305 Nextcloud Server user_ldap app logs user passwords in the log file on level debug CWE-312 4.2 Medium2023-11-21
CVE-2023-48304 Nextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user CWE-639 4.3 Medium2023-11-21
CVE-2023-48303 Nextcloud Server admins can change authentication details of user configured external storage CWE-284 2.4 Low2023-11-21
CVE-2023-48302 Nextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V CWE-79 3.5 Low2023-11-21
CVE-2023-48301 Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name CWE-79 3.5 Low2023-11-21
CVE-2023-48239 Nextcloud Server users can make external storage mount points inaccessible for other users CWE-284 8.5 High2023-11-21
CVE-2023-45150 Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive CWE-400 4.3 Medium2023-10-16
CVE-2023-45149 Password of talk conversations can be bruteforced in Nextcloud CWE-307 4.3 Medium2023-10-16
CVE-2023-45148 Rate limiter not working reliable when Memcached is installed in Nextcloud CWE-307 4.3 Medium2023-10-16
CVE-2023-45151 OAuth2 client_secret stored in plain text in the Nextcloud database CWE-312 6.5 Medium2023-10-16
CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail CWE-918 4.3 Medium2023-10-16
CVE-2023-39960 Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint CWE-307 5.0 Medium2023-10-13

All 245 known CVE vulnerabilities affecting security-advisories with full Chinese analysis, references, and POCs where available.