Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Nextcloud - HackerOne Reports

View on HackerOne

508

Total Reports

10

Critical

46

High

173

Medium

179

Low

Registered users can change app password permissions for any user

Reported by: netranger | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $100.00

Notes app can be tricked into using a received share created before the user logged in

Reported by: maholli | Disclosed:

Medium

Weakness: Business Logic Errors

Improper input-size validation on the user new session name can result in server-side DDoS.

Reported by: demonia | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

minor issue -Nextcloud 10.0 session issue with desktop client and android client

Reported by: egrep | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Nextcloud 10.0 privilege escalation issue - Normal user can mask external storage shared by admin

Reported by: egrep | Disclosed:

Medium

Weakness: Privilege Escalation

Passcode Protection in Android Devices Can be Bypassed.

Reported by: ctulhu | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Content spoofing on https://surveyserver.nextcloud.com

Reported by: mik317 | Disclosed:

Low

Weakness: Resource Injection

Improper access control to messages of Social app

Reported by: sanktjodel | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Missing memory corruption protection on Windows release built

Reported by: secconsult | Disclosed:

Medium

Weakness: Memory Corruption - Generic

Ubuntu 12.04 Privilege Escalation

Reported by: ezk | Disclosed:

Weakness: Privilege Escalation

Combination of content provider allows private data disclosure

Reported by: doragon | Disclosed:

Low

Weakness: Improper Access Control - Generic

Bounty: $100.00

Clickjacking URLS

Reported by: tinkerermaruthu | Disclosed:

demo.nextcloud.com: Content spoofing due to default Apache Error Page

Reported by: sysecure | Disclosed:

Weakness: Violation of Secure Design Principles

Arbitrary File Upload in Logo & Log in image Theming setting.

Reported by: bastianwelfrid | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Access to all files of remote user through shared file

Reported by: xuesheng | Disclosed:

Medium

Weakness: Information Disclosure

Circle email-members have still access to a shared folder/file after they are removed from the circle

Reported by: michag86 | Disclosed:

Low

Weakness: Improper Access Control - Generic

Bounty: $200.00

Expired reshare links allow access to all files in share

Reported by: frr | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Linux client is vulnerable to directory traversal when downloading files

Reported by: netranger | Disclosed:

Medium

Weakness: Path Traversal

Bounty: $250.00

Error when editing a calendar appointment returns stacktrace and query

Reported by: st0nzyy | Disclosed:

Medium

Weakness: Information Disclosure

Email Spoofing Vulnerability from nextcloud.

Reported by: cloudyvirus | Disclosed:

High

Previous Page 2 of 26 Next