Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,217
CVE-linked
1,854
Programs
342
New This Week
12
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: nextcloud
Possible to enumerate valid files in password protected shares/files drop shares as well as spam folder with files
Nextcloud Information Disclosure (CWE-200)
Low
2025-02-21
Blind SSRF Vulnerability in Appstore Release Upload Form
Nextcloud Improper Access Control - Generic (CWE-284)
Low
2025-01-14
X-E2EE-SIGNATURE verification can be bypassed, leading to loss of confidentiality of end-to-end encrypted files
Nextcloud Improper Certificate Validation (CWE-295)CVE-2024-52510
Medium
2024-12-15
Incomplete sanitization in SVG preview provider
Nextcloud Information Disclosure (CWE-200)CVE-2024-52515
Medium
2024-12-15
Nextcloud mail does not respect download permissions in shares
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-52509
Low
2024-12-15
Invisible Salamanders Attack against end_to_end_encryption in Nextcloud
Nextcloud Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
Medium
2024-12-03
External storage - global credentials returned to the client side in plaintext
Nextcloud Information Disclosure (CWE-200)CVE-2024-52517
Medium
2024-11-21
Share information of Tables app is not limited to affected users
Nextcloud Insecure Direct Object Reference (IDOR) (CWE-639)CVE-2024-52507
Low
2024-11-18
Nextcloud Tables app - inserting rows to an arbitrary table possible
Nextcloud CVE-2024-52511
Medium
2024-11-17
User can copy locked folders and gain access to the contents
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-52514
Medium
2024-11-16
Open redirect when logging in with user_oidc
Nextcloud Open Redirect (CWE-601)CVE-2024-52512
Unknown
2024-11-15
Attachments folder for Text app is accessible on Files Drop/Password protected shares
Nextcloud Information Disclosure (CWE-200)CVE-2024-52513
Low
2024-11-15
Mail auto configurator can be tricked into sending account information to wrong servers
Nextcloud Information Disclosure (CWE-200)CVE-2024-52508
High
2024-11-15
ID4ME does not validate signature or expiration
Nextcloud Improper Verification of Cryptographic Signature (CWE-347)CVE-2024-37886
Medium
2024-07-14
Re-emergence of Security Vulnerability in Nextcloud Version 28 Previously Fixed in 25.0.4
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-37884
Medium
2024-07-14
Can reshare read&share only folder with more permissions
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-37882
High
2024-07-14
Event create can create attachments that link to other websites
Nextcloud Open Redirect (CWE-601)CVE-2024-37316
Medium
2024-07-14
Missing permission check when removing a photo from an album
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-37314
Low
2024-07-14
Ability to by-pass second factor
Nextcloud Improper Authentication - Generic (CWE-287)CVE-2024-37313
Medium
2024-07-14
Notes app can be tricked into using a received share created before the user logged in
Nextcloud Business Logic Errors (CWE-840)CVE-2024-37317
Medium
2024-06-19
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895