Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nextcloud — Vulnerabilities & Security Advisories 261

Browse all 261 CVE security advisories affecting nextcloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nextcloud operates as an open-source file sharing and collaboration platform, providing self-hosted alternatives to commercial cloud services. With 261 recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation or insecure default configurations within its PHP-based architecture. Notable incidents have involved unauthorized data access and server compromise, highlighting risks associated with complex plugin ecosystems and frequent updates. While the project maintains a public security policy and encourages responsible disclosure, the high volume of past CVEs indicates a need for rigorous code auditing and strict configuration management by administrators to mitigate potential exploitation vectors in production environments.

Top products by nextcloud: security-advisories Nextcloud Server com.nextcloud.client Nextcloud Calendar application Nextcloud Contacts application nextcloud/server nextcloud/talk nextcloud-dialogs news-android android cookbook nextcloudpi Nextcloud
CVE IDTitleCVSSSeverityPublished
CVE-2022-24888 Possible Injection in Nextcloud Server — security-advisoriesCWE-74 4.3 Medium2022-04-27
CVE-2022-24887 Open Redirect in Nextcloud Talk — security-advisoriesCWE-601 4.3 Medium2022-04-27
CVE-2022-24886 Exposure of Sensitive Information to an Unauthorized Actor in com.nextcloud.client — security-advisoriesCWE-200 2.2 Low2022-04-27
CVE-2022-24885 Improper Authentication in Nextcloud Android Files — security-advisoriesCWE-287 2.0 Low2022-04-27
CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar — security-advisoriesCWE-74 5.3 Medium2022-04-11
CVE-2021-41233 Missing authorization in Nextcloud text — security-advisoriesCWE-862 6.5 Medium2022-03-10
CVE-2022-24741 High memory usage in Nextcloud server — security-advisoriesCWE-400 3.5 Low2022-03-09
CVE-2021-41241 Advanced permissions is not respected for subfolders in Nextcloud server — security-advisoriesCWE-863 4.3 Medium2022-03-08
CVE-2021-41239 User enumeration setting not respected in Nextcloud server — security-advisoriesCWE-200 5.3 Medium2022-03-08
CVE-2021-41181 Nextcloud Talk app exposes chat messages on lockscreen — security-advisoriesCWE-200 2.4 Low2022-03-08
CVE-2021-41180 Geolocation preview links can be set to arbitrary links in nextcloud talk — security-advisoriesCWE-601 4.7 Medium2022-03-08
CVE-2021-41166 Permission bypass in Nextcloud Android App — security-advisoriesCWE-276 4.3 Medium2022-01-26
CVE-2021-43863 SQL Injection in FileContentProvider (GHSL-2021-1007) — androidCWE-89 7.5 High2022-01-25
CVE-2021-41256 Intent URI permissions manipulation in nextcloud news-android — news-androidCWE-829 5.8 Medium2021-11-30
CVE-2021-39222 XSS in Talk — security-advisoriesCWE-434 6.4 Medium2021-11-15
CVE-2021-41179 Two-Factor Authentication not enforced for pages marked as public — security-advisoriesCWE-304 6.5 Medium2021-10-25
CVE-2021-41178 File Traversal affecting SVG files on Nextcloud Server — security-advisoriesCWE-23 8.8 High2021-10-25
CVE-2021-41177 Rate-limits not working on instances without configured memory cache backend — security-advisoriesCWE-799 8.1 High2021-10-25
CVE-2021-39224 File path disclosure of shared files in OfficeOnline application — security-advisoriesCWE-200 3.5 Low2021-10-25
CVE-2021-39225 Missing permission check on Deck API — security-advisoriesCWE-639 8.1 High2021-10-25
CVE-2021-39223 File path disclosure of shared files in Richdocuments application — security-advisoriesCWE-200 4.8 Medium2021-10-25
CVE-2021-39221 XSS in Contacts — security-advisoriesCWE-434 6.4 Medium2021-10-25
CVE-2021-39220 Bypass of image blocking in Nextcloud Mail — security-advisoriesCWE-20 3.5 Low2021-10-25
CVE-2021-32802 Preview generation used third-party library not suited for user-generated content in Nextcloud server — security-advisoriesCWE-829 9.3 Critical2021-09-07
CVE-2021-32801 Exceptions may have logged Encryption-at-Rest key content in Nextcloud server — security-advisoriesCWE-532 5.5 Medium2021-09-07
CVE-2021-32800 Bypass of Two Factor Authentication in Nextcloud server — security-advisoriesCWE-306 8.1 High2021-09-07
CVE-2021-32766 Nextcloud Text app can disclose existence of folders in "File Drop" link share — security-advisoriesCWE-209 5.3 Medium2021-09-07
CVE-2021-37629 Lack of ratelimit on Richdocuments OCS endpoint in nextcloud — security-advisoriesCWE-200 5.3 Medium2021-09-07
CVE-2021-37628 File Drop can be bypassed using Richdocuments app in nextcloud — security-advisoriesCWE-639 7.5 High2021-09-07
CVE-2021-32782 Cross-Site Scripting in Nextcloud Circles — security-advisoriesCWE-79 5.8 Medium2021-09-07

This page lists every published CVE security advisory associated with nextcloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.