An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8154.json"