How severe is CVE-2024-52515?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2024-52515?

This is classified as CWE-706, which is a common weakness in software security.

CVE-2024-52515

MEDIUM Year: 2024

CVSS v3 Score

5.7

Medium

Weakness Type

CWE-706

View all →

Vulnerability Description

Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended that the Nextcloud Server is upgraded to 27.1.10, 28.0.6 or 29.0.1 and Nextcloud Enterprise Server is upgraded to 24.0.12.15, 25.0.13.10, 26.0.13.4, 27.1.10, 28.0.6 or 29.0.1.

CVE-2021-47276

MEDIUM

CVSS:5.5(Medium)

In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftrace_bug() It was reported that a bug on arm64 caused a bad ip address to be used fo...

CWE-7062021

CVE-2021-37212

MEDIUM

CVSS:5.4(Medium)

The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific ...

CWE-7062021

CVE-2025-29914

MEDIUM

CVSS:5.4(Medium)

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME...

CWE-7062025

CVE-2021-32054

MEDIUM

CVSS:6.1(Medium)

Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim'...

CWE-7062021

CVE-2023-28628

MEDIUM

CVSS:6.1(Medium)

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and retur...

CWE-7062023

CVE-2019-0220

MEDIUM

CVSS:5.3(Medium)

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule ...

CWE-7062019

CVE-2024-52515

Vulnerability Description

Related Vulnerabilities

CVE-2021-47276

CVE-2021-37212

CVE-2025-29914

CVE-2021-32054

CVE-2023-28628

CVE-2019-0220