VYPR

Nextcloud Enterprise Server

by Nextcloud

Source repositories

CVEs (133)

  • CVE-2020-8150MedNov 9, 2020
    risk 0.27cvss 4.1epss 0.00

    A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.

  • CVE-2021-32655LowJun 1, 2021
    risk 0.23cvss 3.5epss 0.01

    Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the…

  • CVE-2017-0895LowMay 8, 2017
    risk 0.23cvss 3.5epss 0.01

    Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.

  • CVE-2017-0892LowMay 8, 2017
    risk 0.23cvss 3.5epss 0.01

    Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

  • CVE-2026-45279MedJun 1, 2026
    risk 0.22cvss 4.4epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config value, non-admin users can in some cases copy arbitrary files (depending on…

  • CVE-2018-16463LowOct 30, 2018
    risk 0.20cvss 3.1epss 0.01

    A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.

  • CVE-2021-32653LowJun 1, 2021
    risk 0.18cvss 2.7epss 0.01

    Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and…

  • CVE-2020-8173LowNov 2, 2020
    risk 0.14cvss 2.2epss 0.00

    A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.

  • CVE-2026-45155LowJun 1, 2026
    risk 0.10cvss 2.6epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have…

  • CVE-2025-66552Dec 5, 2025
    risk 0.00cvss epss 0.00

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This…

  • CVE-2025-66510Dec 5, 2025
    risk 0.00cvss epss 0.00

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names,…

  • CVE-2025-47794LowMay 16, 2025
    risk 0.00cvss 2.6epss 0.00

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files…

  • CVE-2025-47793MedMay 16, 2025
    risk 0.00cvss 4.3epss 0.01

    Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9,…

  • CVE-2025-47791MedMay 16, 2025
    risk 0.00cvss 4.3epss 0.00

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing…

  • CVE-2025-47790MedMay 16, 2025
    risk 0.00cvss 6.4epss 0.00

    Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the…

  • CVE-2024-52514MedNov 15, 2024
    risk 0.00cvss 4.1epss 0.00

    Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access…

  • CVE-2024-52513LowNov 15, 2024
    risk 0.00cvss 2.6epss 0.01

    Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud…

  • CVE-2024-52525LowNov 15, 2024
    risk 0.00cvss 1.8epss 0.00

    Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process…

  • CVE-2024-52523MedNov 15, 2024
    risk 0.00cvss 4.6epss 0.01

    Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access…

  • CVE-2024-52521LowNov 15, 2024
    risk 0.00cvss 2.6epss 0.00

    Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing…

Page 4 of 7