Talk
by Google
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-66556 | 0.00 | — | 0.00 | Dec 5, 2025 | Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and… | |||
| CVE-2023-45149 | 0.00 | — | 0.00 | Oct 16, 2023 | Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is… | |||
| CVE-2023-30540 | 0.00 | — | 0.01 | Apr 17, 2023 | Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in… | |||
| CVE-2023-28845 | 0.00 | — | 0.00 | Mar 31, 2023 | Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation,… | |||
| CVE-2023-26041 | 0.00 | — | 0.01 | Feb 27, 2023 | Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk… | |||
| CVE-2022-39212 | 0.00 | — | 0.01 | Sep 16, 2022 | Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is… | |||
| CVE-2022-35932 | 0.00 | — | 0.01 | Aug 12, 2022 | Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk… | |||
| CVE-2022-24890 | 0.00 | — | 0.01 | May 17, 2022 | Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5… | |||
| CVE-2022-24887 | 0.00 | — | 0.01 | Apr 27, 2022 | Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs.… | |||
| CVE-2021-41180 | 0.00 | — | 0.01 | Mar 8, 2022 | Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user… | |||
| CVE-2019-15620 | 0.00 | — | 0.01 | Feb 4, 2020 | Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature. | |||
| CVE-2019-15619 | 0.00 | — | 0.01 | Feb 4, 2020 | Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project. | |||
| CVE-2005-3899 | 0.00 | — | 0.01 | Nov 29, 2005 | The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature… | |||
| CVE-2005-3678 | 0.00 | — | 0.01 | Nov 18, 2005 | Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender. |
- CVE-2025-66556Dec 5, 2025risk 0.00cvss —epss 0.00
Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and…
- CVE-2023-45149Oct 16, 2023risk 0.00cvss —epss 0.00
Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is…
- CVE-2023-30540Apr 17, 2023risk 0.00cvss —epss 0.01
Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in…
- CVE-2023-28845Mar 31, 2023risk 0.00cvss —epss 0.00
Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation,…
- CVE-2023-26041Feb 27, 2023risk 0.00cvss —epss 0.01
Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk…
- CVE-2022-39212Sep 16, 2022risk 0.00cvss —epss 0.01
Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is…
- CVE-2022-35932Aug 12, 2022risk 0.00cvss —epss 0.01
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk…
- CVE-2022-24890May 17, 2022risk 0.00cvss —epss 0.01
Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5…
- CVE-2022-24887Apr 27, 2022risk 0.00cvss —epss 0.01
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs.…
- CVE-2021-41180Mar 8, 2022risk 0.00cvss —epss 0.01
Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user…
- CVE-2019-15620Feb 4, 2020risk 0.00cvss —epss 0.01
Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.
- CVE-2019-15619Feb 4, 2020risk 0.00cvss —epss 0.01
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
- CVE-2005-3899Nov 29, 2005risk 0.00cvss —epss 0.01
The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature…
- CVE-2005-3678Nov 18, 2005risk 0.00cvss —epss 0.01
Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender.