LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.3	CVE-2025-66546	Nextcloud Calendar app allowed booking appointments without the generated token_CVE-2025-66546 Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a...	nextcloud	security-advisories >= 6.0.0-rc.1, < 6.0.1	Dec 5, 2025	CVE
LOW 3.3	CVE-2025-66548	Nextcloud Deck app allows to spoof file extensions by using RTLO characters_CVE-2025-66548 Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior t...	nextcloud	security-advisories >= 1.15.0-beta.1, < 1.15.1	Dec 5, 2025	CVE
LOW 3.5	CVE-2025-66514	Nextcloud Mail stored HTML injection in subject text_CVE-2025-66514 Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's messag...	nextcloud	security-advisories >= 5.2.0-beta.1, < 5.5.3	Dec 5, 2025	CVE
LOW 2.7	CVE-2025-66515	Nextcloud Approval app allows users to request approval for other users file_CVE-2025-66515 The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requ...	nextcloud	security-advisories >= 2.0.0, < 2.5.0	Dec 5, 2025	CVE
LOW 2.4	CVE-2025-66549	Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory_CVE-2025-66549 Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted dir...	nextcloud	security-advisories < 3.16.5	Dec 5, 2025	CVE
LOW 3.5	CVE-2025-66545	Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin_CVE-2025-66545 Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8...	nextcloud	security-advisories < 14.0.11	Dec 5, 2025	CVE
LOW 3.5	CVE-2025-66554	Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field_CVE-2025-66554 Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a m...	nextcloud	security-advisories >= 7.0.0-alpha.1, < 7.2.5	Dec 5, 2025	CVE
LOW 3.5	CVE-2025-66556	Nextcloud talk allows participants to blindly delete poll drafts of other users by ID_CVE-2025-66556 Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delet...	nextcloud	security-advisories < 20.1.8	Dec 5, 2025	CVE
LOW 3.1	CVE-2025-66558	Nextcloud Twofactor WebAuthn app was updated based on public key_CVE-2025-66558 Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an atta...	nextcloud	security-advisories < 1.4.2	Dec 5, 2025	CVE
LOW 1.3	CVE-2025-66581	Frappe LMS is Missing Server-Side Authorization in Business Logic_CVE-2025-66581 Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side a...	frappe	lms < 2.41.0	Dec 5, 2025	CVE