Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Nextcloud - HackerOne Reports

View on HackerOne

508

Total Reports

10

Critical

46

High

173

Medium

179

Low

Code injection in Nextcloud Desktop Client for macOS

Reported by: lourcode | Disclosed:

Weakness: Code Injection

Bounty: $250.00

Chat room member disclosure via autocomplete API

Reported by: lukasreschke | Disclosed:

Medium

Weakness: Improper Access Control - Generic

potential RCE and XSS via file upload requiring user account and default settings

Reported by: rcejules | Disclosed:

High

Weakness: Code Injection

RCE on 17 different Docker containers on your network

Reported by: 0x0luke | Disclosed:

Critical

Weakness: Code Injection

Name collision of shared folders

Reported by: aslfv | Disclosed:

Medium

Weakness: Use of Incorrectly-Resolved Name or Reference

RCE on Wordpress website

Reported by: lukasreschke | Disclosed:

Critical

Weakness: Deserialization of Untrusted Data

Potential DDoS when posting long data into workflow validation rules

Reported by: demonia | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Default Nextcloud allows http federated shares

Reported by: rtod | Disclosed:

Medium

[Thirdparty] Stored XSS in chat module - nextcloud server 9.0.51 installed in ubuntu 14.0.4 LTS

Reported by: egrep | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

SSRF via filter bypass due to lax checking on IPs

Reported by: obitorasu | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $250.00

Arbitrary read of all SVG files on a Nextcloud server

Reported by: bncrypted | Disclosed:

High

Weakness: Path Traversal

Bounty: $1250.00

No Rate Limit On Forgot Password on https://apps.nextcloud.com

Reported by: cyber_world_01 | Disclosed:

Weakness: Improper Authentication - Generic

Denial of Service when entring an Array in email at seetings

Reported by: stilobit | Disclosed:

Medium

Sensitive Information Disclosure via Back Button Post Logout on https://apps.nextcloud.com/account/

Reported by: vulnerability_is_here | Disclosed:

Low

Passwords being stored as plain text in logging

Reported by: xatom | Disclosed:

Low

Weakness: Cleartext Storage of Sensitive Information

Bad content-type in response header when getting document can lead to html injection

Reported by: trichimtrich_ | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Bypassing quota limit

Reported by: nordin | Disclosed:

Weakness: Privilege Escalation

Wordpress 4.7.1

Reported by: rbcafe | Disclosed:

Low

Sensitive files/ data exists post deletion of user account

Reported by: geekysherlock | Disclosed:

Low

Weakness: Improper Access Control - Generic

Bounty: $150.00

Code injection possible with malformed Nextcloud Talk chat commands

Reported by: covert-spectre | Disclosed:

High

Weakness: Code Injection

Previous Page 7 of 26 Next