Nextcloud Server — набор клиент-серверных программ для создания и использования хранилища данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 437
CVE-2025-66552
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1.
CVE-2025-66552
Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...
CVE-2025-66547
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.
CVE-2025-66547
Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...
CVE-2025-66512
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.
CVE-2025-66512
Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...
CVE-2025-66510
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.
CVE-2025-66510
Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...
CVE-2025-47794
Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...
CVE-2025-47794
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2025-66552 Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1. | CVSS3: 4.3 | 0% Низкий | 13 дней назад |
| CVE-2025-66552 Nextcloud Server is a self hosted personal cloud system. In Nextcloud ... | CVSS3: 4.3 | 0% Низкий | 13 дней назад |
| CVE-2025-66547 Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1. | CVSS3: 4.3 | 0% Низкий | 13 дней назад |
| CVE-2025-66547 Nextcloud Server is a self hosted personal cloud system. In Nextcloud ... | CVSS3: 4.3 | 0% Низкий | 13 дней назад |
| CVE-2025-66512 Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page. | CVSS3: 5.4 | 0% Низкий | 13 дней назад |
| CVE-2025-66512 Nextcloud Server is a self hosted personal cloud system. In Nextcloud ... | CVSS3: 5.4 | 0% Низкий | 13 дней назад |
| CVE-2025-66510 Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts. | CVSS3: 4.5 | 0% Низкий | 13 дней назад |
| CVE-2025-66510 Nextcloud Server is a self hosted personal cloud system. In Nextcloud ... | CVSS3: 4.5 | 0% Низкий | 13 дней назад |
| CVE-2025-47794 Nextcloud Server is a self hosted personal cloud system. In Nextcloud ... | CVSS3: 2.6 | 0% Низкий | 7 месяцев назад |
| CVE-2025-47794 Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available. | CVSS3: 2.6 | 0% Низкий | 7 месяцев назад |
Уязвимостей на страницу