Browse all 261 CVE security advisories affecting nextcloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nextcloud operates as an open-source file sharing and collaboration platform, providing self-hosted alternatives to commercial cloud services. With 261 recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation or insecure default configurations within its PHP-based architecture. Notable incidents have involved unauthorized data access and server compromise, highlighting risks associated with complex plugin ecosystems and frequent updates. While the project maintains a public security policy and encourages responsible disclosure, the high volume of past CVEs indicates a need for rigorous code auditing and strict configuration management by administrators to mitigate potential exploitation vectors in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2018-3763 | Nextcloud Calendar 跨站脚本漏洞 — Nextcloud Calendar applicationCWE-79 | 4.8 | - | 2018-07-05 |
This page lists every published CVE security advisory associated with nextcloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.