VYPR

Bitnami package

nextcloud

pkg:bitnami/nextcloud

Vulnerabilities (26)

  • CVE-2026-45810MedJun 1, 2026
    affected >= 31.0.0, < 31.0.12fixed 31.0.12

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It

  • CVE-2026-45691MedJun 1, 2026
    affected >= 32.0.0, < 32.0.9fixed 32.0.9

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful password authentication but before TOTP completion) could be reused as a Bearer t

  • CVE-2026-45690MedJun 1, 2026
    affected >= 32.0.0, < 32.0.9fixed 32.0.9

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication

  • CVE-2026-45281HigJun 1, 2026
    affected >= 32.0.0, < 32.0.9fixed 32.0.9

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Th

  • CVE-2026-45157MedJun 1, 2026
    affected >= 32.0.0, < 32.0.9fixed 32.0.9

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload direc

  • CVE-2026-45153MedJun 1, 2026
    affected >= 33.0.0, < 33.1.0fixed 33.1.0

    Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud Files app PIN. This issue has been patched in version 33.1.0.

  • CVE-2025-66552MedDec 5, 2025
    affected < 31.0.9fixed 31.0.9

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulne

  • CVE-2025-66547MedDec 5, 2025
    affected < 31.0.1fixed 31.0.1

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.

  • CVE-2025-66510MedDec 5, 2025
    affected >= 31.0.0, < 31.0.10fixed 31.0.10

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identi

  • CVE-2023-49790MedDec 22, 2023
    affected < 4.9.2fixed 4.9.2

    The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. N

  • CVE-2023-28999MedApr 4, 2023
    affected >= 3.0.5, < 4.8.0fixed 4.8.0

    Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can

  • CVE-2023-28647MedMar 30, 2023
    affected < 4.7.0fixed 4.7.0

    Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password prote

  • CVE-2023-28646MedMar 30, 2023
    affected >= 3.7.0, < 3.24.1fixed 3.24.1

    Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This a

  • CVE-2022-39210LowSep 17, 2022
    affected < 3.21.0fixed 3.21.0

    Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a

  • CVE-2022-29160LowMay 20, 2022
    affected < 3.19.0fixed 3.19.0

    Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information.

  • CVE-2022-24886LowApr 27, 2022
    affected < 3.19.0fixed 3.19.0

    Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. V

  • CVE-2022-24885LowApr 27, 2022
    affected < 3.19.1fixed 3.19.1

    Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are cur

  • CVE-2021-41166MedJan 26, 2022
    affected < 3.17.1fixed 3.17.1

    The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may v

  • CVE-2021-43863HigJan 25, 2022
    affected < 3.18.1fixed 3.18.1

    The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security

  • CVE-2021-32727MedJul 12, 2021
    affected < 3.16.1fixed 3.16.1

    Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client check

Page 1 of 2