← Back

Nextcloud

nextcloud

362 CVEs • 38 products

Products (38)

Click to collapse
Toggle
Nextcloud Server
nextcloud_server
185 CVEs
Nextcloud
nextcloud
28 CVEs
Desktop
desktop
27 CVEs
Talk
talk
20 CVEs
Deck
deck
17 CVEs
Mail
mail
15 CVEs
Calendar
calendar
9 CVEs
Richdocuments
richdocuments
8 CVEs
User Oidc
user_oidc
8 CVEs
Contacts
contacts
7 CVEs
Nextcloud Enterprise Server
nextcloud_enterprise_server
6 CVEs
Tables
tables
5 CVEs
Circles
circles
3 CVEs
Group Folders
group_folders
3 CVEs
Approval
approval
3 CVEs
Preferred Providers
preferred_providers
2 CVEs
Social
social
2 CVEs
End To End Encryption
end-to-end_encryption
2 CVEs
Server
server
2 CVEs
Openid Connect User Backend
openid_connect_user_backend
2 CVEs
Nextcloud Talk
nextcloud_talk
2 CVEs
Notes
notes
2 CVEs
Guests
guests
2 CVEs
Extract
extract
1 CVE
Lookup Server
lookup-server
1 CVE
Officeonline
officeonline
1 CVE
News
news
1 CVE
Nextcloud Mail
nextcloud_mail
1 CVE
Password Policy
password_policy
1 CVE
Files Access Control
files_access_control
1 CVE
Nextcloud Files Automated Tagging
nextcloud_files_automated_tagging
1 CVE
Cookbook
cookbook
1 CVE
Global Site Selector
global_site_selector
1 CVE
Sso & Saml Authentication
sso_&_saml_authentication
1 CVE
Zipper
zipper
1 CVE
Nextcloudpi
nextcloudpi
1 CVE
Two Factor Webauthn
two-factor_webauthn
1 CVE
Flow
flow
1 CVE

CVEs (362)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-9459
2Nextcloud
Owncloud
2Nextcloud Server
Owncloud
May 13, 2026
Mar 28, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log i...Show more
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.Show less
CVE-2016-7419
2Nextcloud
Owncloud
2Nextcloud Server
Owncloud
May 6, 2026
Sep 17, 2016
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML...Show more
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.Show less