Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Cloudflare Public Bug Bounty - HackerOne Reports

View on HackerOne

41

Total Reports

5

Critical

13

High

11

Medium

10

Low

Blind SSRF on platform.dash.cloudflare.com Due to Sentry misconfiguration

Reported by: lohigowda | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

Completely remove VPN profile from locked WARP iOS cient.

Reported by: oracularhades | Disclosed:

High

Weakness: Client-Side Enforcement of Server-Side Security

Bounty: $1000.00

I found another way to bypass Cloudflare Warp lock!

Reported by: oracularhades | Disclosed:

High

Weakness: Client-Side Enforcement of Server-Side Security

Bounty: $1000.00

Cloudflare is not properly deleting user's account

Reported by: csc_ | Disclosed:

Medium

Weakness: Business Logic Errors

Hijack all emails sent to any domain that uses Cloudflare Email Forwarding

Reported by: albertspedersen | Disclosed:

Critical

Weakness: Improper Authorization

Bounty: $6000.00

Accessing apps protected via ZT's Access when user account is deleted/disabled even after clearing user session/seat

Reported by: matured_kazama | Disclosed:

High

Weakness: Improper Authentication - Generic

Origin IP address disclosure through Pingora response header

Reported by: smither | Disclosed:

Medium

Weakness: Information Exposure Through an Error Message

Session mismatch leading to potential account takeover (local access required)

Reported by: spaced | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bypass R2 payment screen

Reported by: bun | Disclosed:

Medium

Weakness: Improper Restriction of Authentication Attempts

Bounty: $350.00

YAML schema injection risk in Swagger UI via schema_url parameter at developers.cloudflare.com

Reported by: aliend89 | Disclosed:

Low

Weakness: Resource Injection

Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts

Reported by: mattipv4 | Disclosed:

Low

Weakness: Improper Authentication - Generic

Bounty: $250.00

Sign in with Apple works on existing accounts, bypasses 2FA

Reported by: mattipv4 | Disclosed:

High

Weakness: Improper Authentication - Generic

Bounty: $1000.00

Extraction of Pages build scripts, config values, tokens, etc. via symlinks

Reported by: mattipv4 | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $500.00

Bypassing Cache Deception Armor using .avif extension file

Reported by: bombon | Disclosed:

Medium

Weakness: Information Disclosure

Misconfigured build on websites "abuse.cloudflare.com"

Reported by: paradessiaa | Disclosed:

Low

Bounty: $100.00

API docs expose an active token for the sample domain theburritobot.com

Reported by: sainaen | Disclosed:

High

Weakness: Information Disclosure

Bounty: $500.00

Yet Another CASB Integration Takeover of Active Integrations

Reported by: matured_kazama | Disclosed:

High

HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function

Reported by: albertspedersen | Disclosed:

Critical

Weakness: HTTP Request Smuggling

Bounty: $6000.00

A malicious actor could rotate tokens of a victim, given that he knows the victim's token ID

Reported by: esx | Disclosed:

High

Weakness: Improper Access Control - Generic

Permanent CASB Integration Takeover due to Improper Access Controls+Confused Deputy Problem

Reported by: matured_kazama | Disclosed:

High

Weakness: Improper Access Control - Generic

Page 1 of 3 Next