Approved changes feed: RSS · Atom
cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*
part: a version: * update: *
| Vendor | Nextcloud (e5ae4298-6932-564f-a40d-08cebea039a5) |
|---|---|
| Product | Tables (ba3d29a3-c6b0-5716-8127-8e1eb66e40da) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | nextcloud |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-66553 |
vulnerable | 2026-06-03 15:11:00.785137 |
Nextcloud Tables app allowed users to view columns metadata information of any table
MEDIUM (4.3)
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.
Published: 2025-12-05T17:18:09.776Z
Updated: 2025-12-05T18:44:14.388Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-66551 |
vulnerable | 2026-06-03 15:11:00.784013 |
Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users
MEDIUM (6.3)
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.
Published: 2025-12-05T17:15:16.927Z
Updated: 2025-12-09T20:09:26.339Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-66513 |
vulnerable | 2026-06-03 15:11:00.707800 |
Nextcloud Tables app share information not limited to relevant users
MEDIUM (4.3)
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.
Published: 2025-12-05T17:11:19.774Z
Updated: 2025-12-05T18:46:33.645Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-52511 |
vulnerable | 2026-06-03 14:57:29.751974 |
Nextcloud Tables has an Authorization Bypass Through User-Controlled Key in Tables
MEDIUM (6.3)
Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0.
Published: 2024-11-15T17:22:41.184Z
Updated: 2024-11-15T18:22:09.686Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-52507 |
vulnerable | 2026-06-03 14:57:29.746093 |
Share information of the Nextcloud Tables app is not limited to affected users
LOW (3.5)
Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1.
Published: 2024-11-15T17:24:50.173Z
Updated: 2024-11-15T18:21:07.458Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.