Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

security-advisories — Vulnerabilities & Security Advisories 245

All 245 CVE vulnerabilities found in security-advisories, with AI-generated Chinese analysis, references, and POCs.

The security-advisories vulnerability aggregation page provides a centralized resource for tracking common weakness types and tags across various software vendors. This page collects data on diverse vulnerability categories, including software flaws, configuration errors, and protocol weaknesses, covering security advisories released over the past decade. By accessing this comprehensive database, users can effectively track a specific vendor’s security advisory history to monitor their patching cadence and response times. Additionally, researchers and developers can analyze the characteristics of a particular weakness class to better understand its root causes and potential impact across different ecosystems. The platform also allows for detailed lookups of a product’s complete vulnerability history, enabling teams to identify recurring issues and prioritize remediation efforts based on historical trends. This structured approach facilitates a deeper understanding of security landscapes by correlating advisories with known weakness classifications. Users benefit from a unified view that simplifies the complex task of managing security risks across multiple products and vendors. The information presented here supports informed decision-making for security analysts, system administrators, and product managers who require accurate and up-to-date information on software vulnerabilities. By consolidating these resources, the page serves as an essential tool for maintaining robust security postures and ensuring that critical updates are applied promptly. This systematic organization of advisory data helps streamline security operations and enhances overall resilience against emerging threats.

Vendor: nextcloud

CVE IDTitleCVSSSeverityPublished
CVE-2023-28834 Full path of data directory exposed to Nextcloud server users CWE-212 3.5 Low2023-04-03
CVE-2023-28845 Chat room membership disclosed via autocompletion in Nextcloud talk CWE-284 3.5 Low2023-03-31
CVE-2023-28844 User without download rights can download older version of that file in nextcloud server CWE-284 5.7 Medium2023-03-31
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments CWE-284 5.7 Medium2023-03-31
CVE-2023-28835 Insecure randomness for default password in nextcloud CWE-338 3.5 Low2023-03-30
CVE-2023-28833 Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server CWE-22 2.4 Low2023-03-30
CVE-2023-28644 Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server CWE-400 5.7 Medium2023-03-30
CVE-2023-28643 Potential share collision for recipients when caching is enabled in nextcloud server CWE-706 5.5 Medium2023-03-30
CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server CWE-78 9.1 Critical2023-03-30
CVE-2023-28646 App lockout in nextcloud Android app can be bypassed via thirdparty apps CWE-287 4.4 Medium2023-03-30
CVE-2023-28647 App pin of the iOS app can be bypassed in Nextcloud iOS CWE-281 4.4 Medium2023-03-30
CVE-2023-25817 Delete permissions are not saved when creating public share in Nextcloud server CWE-281 3.5 Low2023-03-27
CVE-2023-25818 Missing brute force protection on password reset token in Nextcloud Server CWE-307 5.3 Medium2023-03-27
CVE-2023-25820 Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal CWE-307 4.2 Medium2023-03-22
CVE-2023-26041 Nextcloud Talk messages can still be seen on conversation after expiring when cron is misconfigured CWE-359 2.6 Low2023-02-27
CVE-2023-25821 Nextcloud download permissions can be changed by resharer CWE-284 5.7 Medium2023-02-24
CVE-2023-25816 nextcloud vulnerable to Uncontrolled Resource Consumption CWE-400 4.3 Medium2023-02-24
CVE-2023-25579 Directory traversal in Nextcloud server CWE-22 6.0 Medium2023-02-22
CVE-2023-25162 Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs CWE-918 5.3 Medium2023-02-13
CVE-2023-25161 Nextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails CWE-284 3.7 Low2023-02-13
CVE-2023-25160 IDOR Vulnerability in Nextcloud Mail CWE-639 4.1 Medium2023-02-13
CVE-2023-25159 Nextcloud Server previews are accessible without a watermark CWE-284 2.3 Low2023-02-13
CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users CWE-284 5.8 Medium2023-02-08
CVE-2023-23942 Self reflected HTML injection in Desktop client CWE-79 5.4 Medium2023-02-06
CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app CWE-918 5.0 Medium2023-02-06
CVE-2023-23944 Nexcloud Mail app temporarily stores cleartext password in database CWE-312 2.0 Low2023-02-06
CVE-2023-22471 Nextcloud Deck vulnerable to authorization bypass CWE-639 3.5 Low2023-01-14
CVE-2023-22470 Nextcloud Deck vulnerable to uncontrolled resource consumption CWE-400 3.5 Low2023-01-14
CVE-2023-22469 Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache CWE-922 5.8 Medium2023-01-10
CVE-2023-22473 Passcode bypass on Talk-Android app CWE-284 2.1 Low2023-01-09

All 245 known CVE vulnerabilities affecting security-advisories with full Chinese analysis, references, and POCs where available.