Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Cloudflare Public Bug Bounty - HackerOne Reports

View on HackerOne

41

Total Reports

5

Critical

13

High

11

Medium

10

Low

cd=false (DNSSEC) not respected in DNS over HTTPS JSON requests

Reported by: mattipv4 | Disclosed:

Low

Weakness: Business Logic Errors

Bounty: $250.00

💥💥Crash report -Cloudflare WARP doesn't verify text length in "Excluded Host" name input data💥💥

Reported by: spaced | Disclosed:

Low

Weakness: Memory Corruption - Generic

Arbitrary file read from Cloudflare Pages build environment

Reported by: ryotak | Disclosed:

Medium

Signup with any Email and Enable 2-FA without verifying Email

Reported by: imtheking | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Bypassing creation of API tokens without email verification

Reported by: boy_child_ | Disclosed:

Low

Weakness: Improper Authentication - Generic

Take over subdomains of r2.dev using R2 custom domains

Reported by: albertspedersen | Disclosed:

Medium

Bounty: $1125.00

Bypass two-factor authentication

Reported by: ydvanjali | Disclosed:

Low

Weakness: Improper Authentication - Generic

Bounty: $250.00

Ability to bypass locked Cloudflare WARP on wifi networks.

Reported by: oracularhades | Disclosed:

High

Weakness: Client-Side Enforcement of Server-Side Security

Bounty: $1000.00

Basic XSS [WAF Bypasses]

Reported by: mega7 | Disclosed:

Bounty: $50.00

Using special IPv4-mapped IPv6 addresses to bypass local IP ban

Reported by: albertspedersen | Disclosed:

Critical

Bounty: $7500.00

Any WARP User Can Access Organization-Specific Application

Reported by: jai-kandepu | Disclosed:

Weakness: Improper Authentication - Generic

Lack of Packet Sanitation in Goflow Results in Multiple DoS Attack Vectors and Bugs

Reported by: path_network | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Bounty: $500.00

2FA BYPASS

Reported by: imtheking | Disclosed:

High

Weakness: Improper Access Control - Generic

Plaintext leakage of DNS requests in Windows 1.1.1.1 WARP client

Reported by: vanhoefm | Disclosed:

High

Weakness: Cleartext Transmission of Sensitive Information

Password Policy Restriction Bypass

Reported by: lohigowda | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Ability to bypass Admin override on Cloudflare WARP Android

Reported by: harshdranjan | Disclosed:

High

Weakness: Client-Side Enforcement of Server-Side Security

Bounty: $1100.00

Privilege escalation to root in Pages build image v2

Reported by: albertspedersen | Disclosed:

Low

Weakness: Privilege Escalation

Bounty: $350.00

HTTP request smuggling with Origin Rules using newlines in the host_header action parameter

Reported by: albertspedersen | Disclosed:

Critical

Weakness: HTTP Request Smuggling

Bounty: $3100.00

Cloudflare CASB Confused Deputy Problem

Reported by: albertspedersen | Disclosed:

Critical

Bounty: $3300.00

Bypass Cloudflare WARP lock on iOS.

Reported by: oracularhades | Disclosed:

Medium

Weakness: Client-Side Enforcement of Server-Side Security

Bounty: $500.00

Previous Page 2 of 3 Next