Known Vulnerabilities for Extract by Nextcloud
Listed below are 1 of the newest known vulnerabilities associated with "Extract" by "Nextcloud".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-61455 json | Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed siz... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-59873 json | node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on t... | Not Provided | 2026-07-08 | 2026-07-08 |
| CVE-2026-58198 json | ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.e... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-57453 json | Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim f... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-57303 json | Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allow... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-56876 json | extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a... | Not Provided | 2026-06-26 | 2026-06-30 |
| CVE-2026-56298 json | Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive ... | Not Provided | 2026-07-08 | 2026-07-08 |
| CVE-2026-56281 json | Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin_stats endpoint where the limit parame... | Not Provided | 2026-07-12 | 2026-07-12 |
| CVE-2026-56269 json | Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded default value 'Secre$t' for the... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-56218 json | Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information ... | Not Provided | 2026-06-20 | 2026-06-23 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Nextcloud | Extract | 1.2.0 | |||
| Application | Nextcloud | Extract | 1.1.1 | |||
| Application | Nextcloud | Extract | 1.1.0 | |||
| Application | Nextcloud | Extract | 1.0.0 | |||
| Application | Nextcloud | Extract | 0.0.4 | |||
| Application | Nextcloud | Extract | 0.0.3 | |||
| Application | Nextcloud | Extract | 0.0.2 | |||
| Application | Nextcloud | Extract | 0.0.1 |