Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Cloudflare Public Bug Bounty - HackerOne Reports

View on HackerOne

40

Total Reports

5

Critical

13

High

11

Medium

10

Low

Ability to bypass Admin override on Cloudflare WARP Android

Reported by: harshdranjan | Disclosed:

High

Weakness: Client-Side Enforcement of Server-Side Security

Bounty: $1100.00

I found another way to bypass Cloudflare Warp lock!

Reported by: oracularhades | Disclosed:

High

Weakness: Client-Side Enforcement of Server-Side Security

Bounty: $1000.00

Permanent CASB Integration Takeover due to Improper Access Controls+Confused Deputy Problem

Reported by: matured_kazama | Disclosed:

High

Weakness: Improper Access Control - Generic

Blind SSRF on platform.dash.cloudflare.com Due to Sentry misconfiguration

Reported by: lohigowda | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

Cloudflare is not properly deleting user's account

Reported by: csc_ | Disclosed:

Medium

Weakness: Business Logic Errors

Hijack all emails sent to any domain that uses Cloudflare Email Forwarding

Reported by: albertspedersen | Disclosed:

Critical

Weakness: Improper Authorization

Bounty: $6000.00

Using special IPv4-mapped IPv6 addresses to bypass local IP ban

Reported by: albertspedersen | Disclosed:

Critical

Bounty: $7500.00

Lack of Packet Sanitation in Goflow Results in Multiple DoS Attack Vectors and Bugs

Reported by: path_network | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Bounty: $500.00

2FA BYPASS

Reported by: imtheking | Disclosed:

High

Weakness: Improper Access Control - Generic

Sign in with Apple works on existing accounts, bypasses 2FA

Reported by: mattipv4 | Disclosed:

High

Weakness: Improper Authentication - Generic

Bounty: $1000.00

Accessing apps protected via ZT's Access when user account is deleted/disabled even after clearing user session/seat

Reported by: matured_kazama | Disclosed:

High

Weakness: Improper Authentication - Generic

Origin IP address disclosure through Pingora response header

Reported by: smither | Disclosed:

Medium

Weakness: Information Exposure Through an Error Message

Session mismatch leading to potential account takeover (local access required)

Reported by: spaced | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bypass R2 payment screen

Reported by: bun | Disclosed:

Medium

Weakness: Improper Restriction of Authentication Attempts

Bounty: $350.00

YAML schema injection risk in Swagger UI via schema_url parameter at developers.cloudflare.com

Reported by: aliend89 | Disclosed:

Low

Weakness: Resource Injection

Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts

Reported by: mattipv4 | Disclosed:

Low

Weakness: Improper Authentication - Generic

Bounty: $250.00

Bypassing Cache Deception Armor using .avif extension file

Reported by: bombon | Disclosed:

Medium

Weakness: Information Disclosure

Password Policy Restriction Bypass

Reported by: lohigowda | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Misconfigured build on websites "abuse.cloudflare.com"

Reported by: paradessiaa | Disclosed:

Low

Bounty: $100.00

API docs expose an active token for the sample domain theburritobot.com

Reported by: sainaen | Disclosed:

High

Weakness: Information Disclosure

Bounty: $500.00

Page 1 of 2 Next