Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Nextcloud - HackerOne Reports

View on HackerOne

508

Total Reports

10

Critical

46

High

173

Medium

179

Low

Create alias does not validate account id

Reported by: kesselb | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Non-admin users can reset app allowlist to the default

Reported by: ryotak | Disclosed:

Medium

Weakness: Business Logic Errors

W3 Total Cache plugin multiple vulnerabilities

Reported by: funt0m | Disclosed:

Files Drop: WebDAV endpoint is leaking existence of resources

Reported by: lukasreschke | Disclosed:

Low

Weakness: Information Disclosure

Blind SSRF Vulnerability in Appstore Release Upload Form

Reported by: offensiveops | Disclosed:

Low

Weakness: Improper Access Control - Generic

[nextcloud/server] Moment.js vulnerable to Inefficient Regular Expression Complexity

Reported by: mik-patient | Disclosed:

Weakness: Improper Authentication - Generic

CVEs: CVE-2022-31129

Acting under any different user via DB-stored credentials

Reported by: alexanderhofstaetter | Disclosed:

High

Weakness: Improper Access Control - Generic

XSS in Desktop Client in call notification popup

Reported by: b911bade858ce8e6a0f50f8 | Disclosed:

Low

Weakness: Resource Injection

XSS in Desktop Client in the notifications

Reported by: b911bade858ce8e6a0f50f8 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $750.00

Basic auth header on WebDAV requests is not bruteforce protected

Reported by: hackit_bharat | Disclosed:

High

Weakness: Improper Restriction of Authentication Attempts

Reflected Self-XSS Vulnerability in the Comment section of Files Information

Reported by: naveenv | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $100.00

Reflected Self-XSS Vulnerability in the Comment section of Files (Different-payloads)

Reported by: shivakumar143 | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Click Jacking Nextcloud

Reported by: enz0 | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

Information disclosure

Reported by: amirisme | Disclosed:

Weakness: Information Disclosure

Content spoofing in cloud.nextcloud.com

Reported by: ahsan | Disclosed:

Weakness: Violation of Secure Design Principles

Blind Stored XSS on iOS App due to Unsanitized Webview

Reported by: n00bsec | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $100.00

Wordpress Vulnerable to Potential Unauthorized Password Reset

Reported by: japz | Disclosed:

Low

CVEs: CVE-2017-8295

Nextcloud Server Remote Command Execution

Reported by: sniperpex | Disclosed:

High

A vulnerability classified as critical has been found in gsi-openssh-server 7.9p1 on Fedora (Connectivity Software) on server (http://95.217.64.181:22

Reported by: ibrahim71192 | Disclosed:

Low

CVEs: CVE-2019-7639

Code injection possible with malformed Nextcloud Talk chat commands

Reported by: covert-spectre | Disclosed:

High

Weakness: Code Injection

Previous Page 6 of 26 Next