Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how nextcloud compares to other vendors in security performance

View Risk Score →

Software

nextcloud server
175
nextcloud
27
nextcloud desktop client
25
nextcloud talk
22
nextcloud deck
17
nextcloud enterprise server
16
nextcloud mail
15
nextcloud calendar
9
nextcloud richdocuments
8
nextcloud openid connect user backend
7
nextcloud nextcloud server
6
nextcloud contacts
5
nextcloud circles
3
nextcloud groupfolders
3
nextcloud tables
3
nextcloud tables nextcloud
3
nextcloud desktop
2
nextcloud end-to-end encryption
2
nextcloud guests
2
nextcloud nextcloud
2
nextcloud nextcloud enterprise server
2
nextcloud nextcloud tables
2
nextcloud notes
2
nextcloud preferred providers
2
nextcloud social
2
nextcloud user oidc
2
nextcloud/calendar
2
nextcloud approval nextcloud
1
nextcloud cookbook
1
nextcloud extract
1
nextcloud files access control
1
nextcloud flow
1
nextcloud global site selector
1
nextcloud group folders
1
nextcloud lookup server
1
nextcloud mail nextcloud
1
nextcloud news
1
nextcloud nextcloud android
1
nextcloud nextcloud calendar
1
nextcloud nextcloud deck
1
nextcloud nextcloud desktop
1
nextcloud nextcloud iphone os
1
nextcloud nextcloud mail
1
nextcloud nextcloud news
1
nextcloud nextcloud talk
1
nextcloud officeonline
1
nextcloud password policy
1
nextcloud sso & saml authentication
1
nextcloud two-factor webauthn
1
nextcloud zipper
1

Nextcloud Nextcloud NewsNextcloud News: Authenticated blind SSRF via feed URL

Risk 25
Severity
2.3
First published (updated )
CVE-2026-44515

Windmill WindmillWindmill < 1.615.0 Operator Role Missing Authorization Checks RCE

Risk 79
Severity
8.7
First published (updated )
CVE-2026-22683

Nextcloud NextCloud ServerNextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/pre…

Risk 22
Severity
4.3
First published (updated )
CVE-2025-64011

nextcloud/twofactor_webauthnNextcloud Twofactor WebAuthn app was updated based on public key

Risk 22
Severity
4.3
First published (updated )
CVE-2025-66558

Nextcloud TalkNextcloud talk allows participants to blindly delete poll drafts of other users by ID

Risk 22
Severity
4.3
First published (updated )
CVE-2025-66556
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Nextcloud ContactsNextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field

Risk 34
Severity
5.4
First published (updated )
CVE-2025-66554

Nextcloud Nextcloud DesktopNextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory

Risk 16
Severity
2.7
First published (updated )
CVE-2025-66549

Nextcloud Group FoldersNextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin

Risk 22
Severity
4.3
First published (updated )
CVE-2025-66545

nextcloud/approvalNextcloud Approval app allows users to request approval for other users file

Risk 16
Severity
2.7
First published (updated )
CVE-2025-66515

Nextcloud Nextcloud mailNextcloud Mail stored HTML injection in subject text

Risk 34
Severity
5.4
First published (updated )
CVE-2025-66514
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Nextcloud DeckNextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners

Risk 34
Severity
5.4
First published (updated )
CVE-2025-66557

Nextcloud DeckNextcloud Deck app allows to spoof file extensions by using RTLO characters

Risk 31
Severity
5.5
First published (updated )
CVE-2025-66548

Nextcloud Tables NextcloudNextcloud Tables app allowed users to view columns metadata information of any table

Risk 22
Severity
4.3
First published (updated )
CVE-2025-66553

Nextcloud Tables NextcloudNextcloud Tables is missing an ownership check which allows moving columns into tables of other users

Risk 43
Severity
6.3
First published (updated )
CVE-2025-66551

Nextcloud Tables NextcloudNextcloud Tables app share information not limited to relevant users

Risk 27
Severity
5.3
First published (updated )
CVE-2025-66513
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Nextcloud calendarNextcloud Calendar attachments of local files are offered to downloaded

Risk 33
Severity
5.7
First published (updated )
CVE-2025-66550

Nextcloud calendarNextcloud Calendar app allowed booking appointments without the generated token

Risk 18
Severity
3.3
First published (updated )
CVE-2025-66546

nextcloud/calendarNextcloud Calendar app used predictable proposal participant tokens

Risk 40
Severity
6.5
First published (updated )
CVE-2025-66511

Nextcloud NextCloud ServerNextcloud Server admin_audit does not log all actions on files in groupfolders

Risk 22
Severity
4.3
First published (updated )
CVE-2025-66552

Nextcloud NextCloud ServerNextcloud Server users can modify tags on files that do not belong to them

Risk 22
Severity
4.3
First published (updated )
CVE-2025-66547
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Nextcloud NextCloud ServerNextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud

Risk 38
Severity
6.1
First published (updated )
CVE-2025-66512

Nextcloud NextCloud ServerNextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list

Risk 30
Severity
4.9
First published (updated )
CVE-2025-66510

Nextcloud NextCloud ServerXSS

Risk 39
Severity
6.4
First published (updated )
CVE-2025-59788

Nextcloud TablesNextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table

Risk 38
Severity
6.5
First published (updated )
CVE-2025-58051

Nextcloud NextCloud ServerNextcloud Server vulnerable to insecure temporary file creation, race with write access and permission

Risk 16
Severity
4.3
EPSS
0.02%
First published (updated )
CVE-2025-47794
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Nextcloud NextCloud ServerNextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file

Risk 27
Severity
6.5
EPSS
0.02%
First published (updated )
CVE-2025-47793

Nextcloud DesktopNextcloud Desktop 3rdparty applications can create share links via socket API

Risk 31
Severity
6.1
EPSS
0.01%
First published (updated )
CVE-2025-47792

Nextcloud NextCloud ServerNextcloud Server's test remote endpoint is not rate limited

Risk 19
Severity
5.3
EPSS
0.03%
First published (updated )
CVE-2025-47791

Nextcloud NextCloud ServerNextcloud Server doesn't request second factor after session timeout

Risk 36
Severity
6.4
EPSS
0.02%
First published (updated )
CVE-2025-47790

Nextcloud Mail NextcloudNextcloud Mail app does not respect download permissions in shares

Risk 33
Severity
5.7
First published (updated )
CVE-2024-52509
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203