VYPR

Server

by Nextcloud

Source repositories

CVEs (87)

  • CVE-2026-45691MedJun 1, 2026
    risk 0.31cvss 5.9epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful password authentication but before TOTP completion) could be reused as a Bearer…

  • CVE-2026-45690MedJun 1, 2026
    risk 0.31cvss 5.9epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor…

  • CVE-2017-0894MedMay 8, 2017
    risk 0.28cvss 4.3epss 0.01

    Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.

  • CVE-2017-0888MedApr 5, 2017
    risk 0.28cvss 4.3epss 0.02

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.

  • CVE-2017-0887MedApr 5, 2017
    risk 0.28cvss 4.3epss 0.01

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than…

  • CVE-2017-0885MedApr 5, 2017
    risk 0.28cvss 4.3epss 0.01

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing…

  • CVE-2017-0884MedApr 5, 2017
    risk 0.28cvss 4.3epss 0.01

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this…

  • CVE-2016-9464MedMar 28, 2017
    risk 0.28cvss 4.3epss 0.02

    Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare…

  • CVE-2016-9462MedMar 28, 2017
    risk 0.28cvss 4.3epss 0.02

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only…

  • CVE-2016-9461MedMar 28, 2017
    risk 0.28cvss 4.3epss 0.02

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a…

  • CVE-2017-0895LowMay 8, 2017
    risk 0.23cvss 3.5epss 0.01

    Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.

  • CVE-2017-0892LowMay 8, 2017
    risk 0.23cvss 3.5epss 0.01

    Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

  • CVE-2026-45279MedJun 1, 2026
    risk 0.22cvss 4.4epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config value, non-admin users can in some cases copy arbitrary files (depending on…

  • CVE-2026-45266LowJun 1, 2026
    risk 0.16cvss 3.5epss 0.00

    Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions…

  • CVE-2023-26482Mar 30, 2023
    risk 0.03cvss epss 0.04

    Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order…

  • CVE-2025-64011Dec 12, 2025
    risk 0.00cvss epss 0.00

    Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of…

  • CVE-2025-66547Dec 5, 2025
    risk 0.00cvss epss 0.00

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.

  • CVE-2025-66512Dec 5, 2025
    risk 0.00cvss epss 0.00

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an…

  • CVE-2025-47794May 16, 2025
    risk 0.00cvss epss 0.00

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files…

  • CVE-2025-47791May 16, 2025
    risk 0.00cvss epss 0.00

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing…

Page 2 of 5