VYPR

Server

by Nextcloud

Source repositories

CVEs (87)

  • CVE-2016-9463HigMar 28, 2017
    risk 0.53cvss 8.1epss 0.04

    Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB…

  • CVE-2026-45281HigJun 1, 2026
    risk 0.46cvss 8.1epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar.…

  • CVE-2017-0886MedApr 5, 2017
    risk 0.42cvss 6.5epss 0.01

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.

  • CVE-2017-0883MedApr 5, 2017
    risk 0.42cvss 6.4epss 0.01

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an…

  • CVE-2016-9466MedMar 28, 2017
    risk 0.40cvss 6.1epss 0.02

    Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence…

  • CVE-2016-9459MedMar 28, 2017
    risk 0.40cvss 6.1epss 0.01

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with…

  • CVE-2026-45810MedJun 1, 2026
    risk 0.37cvss 6.8epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It…

  • CVE-2026-45285MedJun 1, 2026
    risk 0.35cvss 6.4epss 0.00

    Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member (a person added via email address who does not have a…

  • CVE-2026-45282MedJun 1, 2026
    risk 0.35cvss 6.5epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or…

  • CVE-2026-45267MedJun 1, 2026
    risk 0.35cvss 6.5epss 0.00

    Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6.

  • CVE-2017-0893MedMay 8, 2017
    risk 0.35cvss 5.4epss 0.01

    Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict…

  • CVE-2017-0891MedMay 8, 2017
    risk 0.35cvss 5.4epss 0.01

    Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

  • CVE-2017-0890MedMay 8, 2017
    risk 0.35cvss 5.4epss 0.01

    Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

  • CVE-2016-9468MedMar 28, 2017
    risk 0.35cvss 5.3epss 0.02

    Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of…

  • CVE-2016-9467MedMar 28, 2017
    risk 0.35cvss 5.3epss 0.03

    Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and…

  • CVE-2016-9465MedMar 28, 2017
    risk 0.35cvss 5.4epss 0.01

    Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind…

  • CVE-2016-9460MedMar 28, 2017
    risk 0.35cvss 5.3epss 0.02

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use…

  • CVE-2016-7419MedSep 17, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.

  • CVE-2026-45283MedJun 1, 2026
    risk 0.34cvss 6.3epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated…

  • CVE-2026-45157MedJun 1, 2026
    risk 0.34cvss 6.3epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload…

Page 1 of 5