CVE-2026-45157
- EPSS 0.23%
- Veröffentlicht 01.06.2026 17:17:09
- Zuletzt bearbeitet 01.06.2026 18:14:29
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also ac...
CVE-2026-45155
- EPSS 0.2%
- Veröffentlicht 01.06.2026 17:17:09
- Zuletzt bearbeitet 01.06.2026 18:14:29
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circle...
CVE-2026-45810
- EPSS 0.25%
- Veröffentlicht 01.06.2026 17:13:21
- Zuletzt bearbeitet 04.06.2026 16:51:19
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read th...
CVE-2026-45691
- EPSS 0.29%
- Veröffentlicht 01.06.2026 17:09:48
- Zuletzt bearbeitet 04.06.2026 16:50:50
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful password authentication but before TOTP completion)...
CVE-2026-45690
- EPSS 0.29%
- Veröffentlicht 01.06.2026 17:08:04
- Zuletzt bearbeitet 04.06.2026 16:50:29
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circum...
CVE-2026-45283
- EPSS 0.21%
- Veröffentlicht 01.06.2026 16:53:50
- Zuletzt bearbeitet 03.06.2026 17:02:29
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ownership of files when processing DAV lock and unloc...
CVE-2026-45282
- EPSS 0.29%
- Veröffentlicht 01.06.2026 16:53:18
- Zuletzt bearbeitet 03.06.2026 17:09:13
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumve...
CVE-2026-45281
- EPSS 0.28%
- Veröffentlicht 01.06.2026 16:52:57
- Zuletzt bearbeitet 03.06.2026 17:11:29
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain ful...
CVE-2026-45279
- EPSS 0.39%
- Veröffentlicht 01.06.2026 16:52:18
- Zuletzt bearbeitet 03.06.2026 17:15:56
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config value, non-admin users can in some cases copy arbi...
CVE-2025-66552
- EPSS 0.27%
- Veröffentlicht 05.12.2025 16:36:39
- Zuletzt bearbeitet 10.12.2025 15:14:47
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders i...