Known Vulnerabilities for products from Owncloud

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Owncloud".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2025-53831 json Not Provided 2026-07-06 2026-07-06
CVE-2025-53830 json Not Provided 2026-07-06 2026-07-06
CVE-2025-53829 json Not Provided 2026-07-06 2026-07-06
CVE-2025-53828 json Not Provided 2026-07-06 2026-07-07
CVE-2025-53827 json Not Provided 2026-07-06 2026-07-06
CVE-2023-49105 json 9.8 - CRITICAL 2023-11-21 2023-11-30
CVE-2023-49104 json 6.1 - MEDIUM 2023-11-21 2023-12-01
CVE-2023-49103 json 7.5 - HIGH 2023-11-21 2023-12-05
CVE-2023-24804 json The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app ha... 4.4 - MEDIUM 2023-02-13 2023-02-22
CVE-2023-23948 json The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud A... 5.5 - MEDIUM 2023-02-13 2023-02-21
CVE-2022-43679 json The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless... 5.3 - MEDIUM 2022-11-10 2022-11-15
CVE-2022-31649 json ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. 7.5 - HIGH 2022-06-09 2022-11-29
CVE-2022-25339 json ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. 5.5 - MEDIUM 2022-04-07 2022-04-15
CVE-2022-25338 json ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. 6.8 - MEDIUM 2022-04-07 2022-04-13
CVE-2021-44537 json ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to rem... 7.8 - HIGH 2022-01-15 2023-11-07
CVE-2021-40537 json Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. ... 2.7 - LOW 2021-09-08 2021-09-15
CVE-2021-35949 json The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload o... 5.3 - MEDIUM 2021-09-07 2021-09-14
CVE-2021-35948 json Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the pas... 5.4 - MEDIUM 2021-09-07 2021-09-15
CVE-2021-35947 json The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path an... 5.3 - MEDIUM 2021-09-07 2021-09-14
CVE-2021-35946 json A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions an... 9.8 - CRITICAL 2021-09-07 2021-09-14

Known software with vulnerabilities from Owncloud

Type Vendor Product Version
ApplicationOwncloudFiles Antivirus0.11.2
ApplicationOwncloudOwncloud-
ApplicationOwncloudOwncloud Client1.0.1
ApplicationOwncloudOwncloud Desktop2.2.2
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report