HIGH8.1CVE-2026-45281Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update >= 32.0.0, < 32.0.9, >= 33.0.0, < 33.0.3
HIGH7.5CVE-2021-43863SQL Injection in FileContentProvider (GHSL-2021-1007) from 0, < 3.18.1
HIGH7.5CVE-2021-32727End-to-end encryption device setup did not verify public key from 0, < 3.16.1
MEDIUM6.8Nextcloud: Propfind requests for file comments allowed to load comments for other files
>= 31.0.0, < 31.0.12, >= 32.0.0, < 32.0.3
MEDIUM6.8App pin of the iOS app can be bypassed in Nextcloud iOS
from 0, < 4.7.0
MEDIUM6.5Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by defa…
from 0, < 3.4.2
MEDIUM6.5Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being perfo…
from 0, < 3.16.0
MEDIUM6.4Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders
>= 3.0.5, < 4.8.0
MEDIUM6.3Nextcloud: Valid share tokens allow to access tempory upload files of share owner
>= 32.0.0, < 32.0.9, >= 33.0.0, < 33.0.3
MEDIUM5.9Nextcloud: Bypass of second factor authentication on DAV endpoints
>= 32.0.0, < 32.0.9, >= 33.0.0, < 33.0.3
MEDIUM5.9Nextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay
>= 32.0.0, < 32.0.9, >= 33.0.0, < 33.0.3
MEDIUM5.5Access to internal files of the Nextcloud Android app
from 0, < 3.21.0
MEDIUM5.5Malicious Android application can crash the Nextcloud Android Client
from 0, < 3.15.1
MEDIUM5.3Permission bypass in Nextcloud Android App
from 0, < 3.17.1
MEDIUM4.6Nextcloud: PIN bypass in PassCodeActivity via back button
>= 33.0.0, < 33.1.0
MEDIUM4.6Sensitive data may not be removed from storage on account removal
from 0, < 3.16.1
MEDIUM4.3Nextcloud Server users can modify tags on files that do not belong to them
from 0, < 31.0.1
MEDIUM4.3App PIN code can be bypassed in Nextcloud Files iOS
from 0, < 4.9.2
MEDIUM4.3Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to cr…
from 0, < 1.9.5
LOW3.8Exposure of Sensitive Information to an Unauthorized Actor in com.nextcloud.client
from 0, < 3.19.0
LOW3.3Sensitive files/data exist after deletion of user account in Nextcloud Android
from 0, < 3.19.0
LOW3.3Malicious Android app could access Shared Preferences of the Nextcloud Android client
from 0, < 3.16.1
LOW2.4App lockout in nextcloud Android app can be bypassed via thirdparty apps
>= 3.7.0, < 3.24.1
LOW2.4Improper Authentication in Nextcloud Android Files
from 0, < 3.19.1