Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Nextcloud - HackerOne Reports

View on HackerOne

508

Total Reports

10

Critical

46

High

173

Medium

179

Low

RTLO character allowed in shared files

Reported by: inhibitor181 | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Mail app - blind SSRF via smtpHost parameter

Reported by: supr4s | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

Android content provider exposes password-protected share password hashes

Reported by: netranger | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $75.00

Gallery: No feedback for invalid password

Reported by: foobar7 | Disclosed:

Low

Weakness: Business Logic Errors

Bounty: $50.00

user can bypass password enforcement when federated sharing is enabled

Reported by: michag86 | Disclosed:

Bounty: $250.00

Full path disclosure vulnerability via Upload .htaccess file

Reported by: rezasahubawa | Disclosed:

Weakness: Information Disclosure

Event create can create attachments that link to other websites

Reported by: simcard | Disclosed:

Medium

Weakness: Open Redirect

Bounty: $250.00

[nextcloud.com] Control character allowed in Submit Question

Reported by: lmhu | Disclosed:

Medium

Weakness: Improper Access Control - Generic

bug reporting template encourages users to paste config file with passwords

Reported by: hanno | Disclosed:

Medium

Weakness: Information Disclosure

Wordpress: Directory Traversal / Denial of Serivce

Reported by: tbehroz | Disclosed:

Weakness: Information Disclosure

\OCA\DAV\CardDAV\ImageExportPlugin allows serving arbitrary data with user-defined or empty mimetype

Reported by: lukasreschke | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Expired SSL certificate

Reported by: goethe_ | Disclosed:

Weakness: Violation of Secure Design Principles

Potential directory traversal in OC\Files\Node\Folder::getFullPath

Reported by: nickvergessen | Disclosed:

Medium

Weakness: Path Traversal: 'dir\..\..\filename'

Ownership check missing when updating or deleting attachments

Reported by: kesselb | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

I am because bug

Reported by: b69b1b97b19c1c71b0eed85 | Disclosed:

Critical

Generated passwords are not fully validated by HIBPValidator

Reported by: bjoernv | Disclosed:

Low

Weakness: Weak Cryptography for Passwords

Bounty: $100.00

HTML injection and limited XSS via logo image upload - Nextcloud 12.0.0

Reported by: netranger | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

Shared file link - password protection bypass under certain conditions

Reported by: netranger | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $50.00

Password policy changes not enforced for existing passwords

Reported by: rtod | Disclosed:

Low

Weakness: Weak Cryptography for Passwords

Targeted phishing attacks in Login flow v2

Reported by: rtod | Disclosed:

Medium

Weakness: Phishing

Previous Page 3 of 26 Next