Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: nextcloud
Vulnerable W3 Total Cache plugin version in use on nextcloud.com
Nextcloud Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-06-21
Remote Code Execution via Extract App Plugin
Nextcloud OS Command Injection (CWE-78)CVE-2019-5441
High
2019-05-30
Stored XSS in OAuth redirect URI
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2019-05-11
Talk / spreed: Disclosure of Room names and participants for password protected rooms
Nextcloud Information Disclosure (CWE-200)
Medium
2019-04-17
NextCloud is also Accepting OCTET-STREAM Type of Documents instead of jpg or Imge Files Only
Nextcloud Improper Authentication - Generic (CWE-287)
Unknown
2019-04-11
Remote attacker can impersonate Social users via ActivityPub API
Nextcloud Deserialization of Untrusted Data (CWE-502)
Unknown
2019-02-01
Information Exposure Through Directory Listing - https://apps.nextcloud.com/static/
Nextcloud Information Exposure Through Directory Listing (CWE-548)
Low
2019-01-07
Ubuntu 12.04 Privilege Escalation
Nextcloud Privilege Escalation (CAPEC-233)
Unknown
2018-12-18
Github wikis are editable by anyone
Nextcloud Improper Access Control - Generic (CWE-284)
Medium
2018-12-07
Session fixation in password protected public download.
Nextcloud Session Fixation (CWE-384)CVE-2018-16463
Low
2018-10-25
Authentication Issue
Nextcloud Improper Authentication - Generic (CWE-287)CVE-2018-16464
Unknown
2018-10-25
twofactor_auth bypassable if provider fails to load
Nextcloud Improper Authentication - Generic (CWE-287)CVE-2018-16465
Low
2018-09-27
Shared file link - password protection bypass under certain conditions
Nextcloud Information Disclosure (CWE-200)CVE-2018-16467CVE-2019-5449
Medium
2018-09-25
Access control issue -- [Allow file system access not validated when using session auth]
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2018-16466
Medium
2018-09-25
HTML injection with AutoComplete suggestions
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2018-3781CVE-2018-3780
None
2018-08-10
[FG-VD-17-063] NextCloud Insufficient Attack Protection Vulnerability Notification
Nextcloud Code Injection (CWE-94)CVE-2018-3776
Low
2018-07-29
bypass of 2FA
Nextcloud Improper Authentication - Generic (CWE-287)CVE-2018-3775
High
2018-07-29
OAuth2 Access Token and App Password Security Vulnerability
Nextcloud Use of a Key Past its Expiration Date (CWE-324)CVE-2018-3761
Medium
2018-07-21
Accessing to download.nextcloud.com from original ip adreess | insecure Download
Nextcloud Cleartext Transmission of Sensitive Information (CWE-319)
Unknown
2018-07-12
The session token in the URL
Nextcloud Information Disclosure (CWE-200)
Medium
2018-06-19
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895