LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.3	CVE-2025-66548	Nextcloud Deck app allows to spoof file extensions by using RTLO characters_CVE-2025-66548 Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior t...	nextcloud	security-advisories >= 1.15.0-beta.1, < 1.15.1	Dec 5, 2025	CVE
LOW 3.5	CVE-2025-66514	Nextcloud Mail stored HTML injection in subject text_CVE-2025-66514 Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's messag...	nextcloud	security-advisories >= 5.2.0-beta.1, < 5.5.3	Dec 5, 2025	CVE
LOW 2.7	CVE-2025-66515	Nextcloud Approval app allows users to request approval for other users file_CVE-2025-66515 The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requ...	nextcloud	security-advisories >= 2.0.0, < 2.5.0	Dec 5, 2025	CVE
LOW 2.4	CVE-2025-66549	Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory_CVE-2025-66549 Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted dir...	nextcloud	security-advisories < 3.16.5	Dec 5, 2025	CVE
LOW 3.5	CVE-2025-66545	Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin_CVE-2025-66545 Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8...	nextcloud	security-advisories < 14.0.11	Dec 5, 2025	CVE
LOW 3.5	CVE-2025-66554	Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field_CVE-2025-66554 Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a m...	nextcloud	security-advisories >= 7.0.0-alpha.1, < 7.2.5	Dec 5, 2025	CVE
LOW 3.5	CVE-2025-66556	Nextcloud talk allows participants to blindly delete poll drafts of other users by ID_CVE-2025-66556 Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delet...	nextcloud	security-advisories < 20.1.8	Dec 5, 2025	CVE
LOW 3.1	CVE-2025-66558	Nextcloud Twofactor WebAuthn app was updated based on public key_CVE-2025-66558 Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an atta...	nextcloud	security-advisories < 1.4.2	Dec 5, 2025	CVE
LOW 1.3	CVE-2025-66581	Frappe LMS is Missing Server-Side Authorization in Business Logic_CVE-2025-66581 Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side a...	frappe	lms < 2.41.0	Dec 5, 2025	CVE
LOW 2.3	CVE-2025-14111	Rarlab RAR App com.rarlab.rar path traversal_CVE-2025-14111 A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rar...	Rarlab	RAR App 7.11 Build 127	Dec 5, 2025	CVE