Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: nextcloud
XSS in image metadata field
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-08-05
Possible denial of service when entering a loooong password
Nextcloud Improper Restriction of Authentication Attempts (CWE-307)CVE-2020-8202
Medium
2020-07-29
Non-admin users can trigger writes to memcached by entering a malicious server as a share URL
Nextcloud CRLF Injection (CWE-93)CVE-2019-15616
Medium
2020-07-09
Cross site scripting - XSRF Token
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2020-06-14
Mail does not verify IMAP/SMTP host connected via TLS
Nextcloud Improper Certificate Validation (CWE-295)CVE-2020-8156
Medium
2020-06-03
User can delete data in shared folders he's not autorized to access
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2020-8153
Medium
2020-04-10
SSRF protection bypass
Nextcloud Server-Side Request Forgery (SSRF) (CWE-918)CVE-2020-8138
Medium
2020-03-14
Only the file extensions are checked, not the MIME types as configured
Nextcloud CVE-2019-15613
Medium
2020-03-14
Nextcloud 10.0 privilege escalation issue - Normal user can mask external storage shared by admin
Nextcloud Privilege Escalation (CAPEC-233)
Medium
2020-03-01
**minor issue ** -Nextcloud 10.0 session issue with desktop client and android client
Nextcloud Violation of Secure Design Principles (CWE-657)
Medium
2020-03-01
Access to all files of remote user through shared file
Nextcloud Information Disclosure (CWE-200)
Medium
2020-03-01
WebDAV Empty Property search leads to full CPU usage
Nextcloud Uncontrolled Resource Consumption (CWE-400)
Medium
2020-03-01
Unauthenticated 'display name' information leak on enumeration of login names
Nextcloud Information Disclosure (CWE-200)
Medium
2020-03-01
Missing SPF flags for customerupdates.nextcloud.com
Nextcloud
Medium
2020-03-01
Event privacy level does not work in Thunderbird
Nextcloud CVE-2020-8117
Medium
2020-03-01
WordPress vulnerable to multiple attacks at https://nextcloud.com
Nextcloud Violation of Secure Design Principles (CWE-657)
Medium
2020-03-01
User with read-only access to a share can gain write access to sub-folders in the share
Nextcloud Privilege Escalation (CAPEC-233)CVE-2019-15621
Medium
2020-03-01
xmlrpc.php is enabled - Nextcloud
Nextcloud Improper Access Control - Generic (CWE-284)
Medium
2020-03-01
Bypass configured 2FA provider with another provider that can be set up at login
Nextcloud Improper Authentication - Generic (CWE-287)CVE-2019-15617
Medium
2020-03-01
SSRF on local storage of iOS mobile
Nextcloud Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2020-03-01
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895