Bug Bounty

HackerOne Bug Bounty Disclosure: post-based-cross-site-scripting-on-ibm-research-endpoint-youssifs

January 23, 2025

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:youssifs7Link to Submitters Profile:https://hackerone.com/youssifs7 Report Title:POST based Cross-Site Scripting on IBM research...

HackerOne Bug Bounty Disclosure: usage-of-unsafe-random-function-in-undici-for-choosing-boundary-parrot

January 23, 2025

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:parrot409Link to Submitters Profile:https://hackerone.com/parrot409 Report Title:Usage of unsafe random function in undici...

HackerOne Bug Bounty Disclosure: -bypass-email-verification-for-monitoring-at-monitor-mozilla-org–d-amrr

January 22, 2025

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:0d_amrrLink to Submitters Profile:https://hackerone.com/0d_amrr Report Title: Bypass Email verification for monitoring at...

HackerOne Bug Bounty Disclosure: disclosing-policypageassetgroup-in-private-programs-via-graphql-gid-hackerone-policypageassetgroupsindex-policypageassetgroup-id-haxta-ok

January 21, 2025

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:haxta4ok00Link to Submitters Profile:https://hackerone.com/haxta4ok00 Report Title:Disclosing PolicyPageAssetGroup in Private Programs via /graphql...

HackerOne Bug Bounty Disclosure: worker-permission-bypass-via-internalworker-leak-in-diagnostics-leodog

January 21, 2025

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:leodog896Link to Submitters Profile:https://hackerone.com/leodog896 Report Title:Worker permission bypass via InternalWorker leak in...

HackerOne Bug Bounty Disclosure: cve-apache-airflow-format-string-vulnerability-leixiao

January 18, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:leixiaoLink to Submitters Profile:https://hackerone.com/leixiao Report Title:CVE-2022-40604: Apache Airflow: Format String...

HackerOne Bug Bounty Disclosure: object-level-access-control-leads-to-reading-user-s-full-requests-sessions-and-error-messages-mester-x

January 18, 2025

Company Name: Yelp Company HackerOne URL: https://hackerone.com/yelp Submitted By:mester_xLink to Submitters Profile:https://hackerone.com/mester_x Report Title:Object Level access control leads to reading...

HackerOne Bug Bounty Disclosure: netrc-and-redirect-credential-leak-nyymi

January 15, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:nyymiLink to Submitters Profile:https://hackerone.com/nyymi Report Title:netrc and redirect credential leakReport...

HackerOne Bug Bounty Disclosure: critical-data-breach-big-data-for-all-domains-shezxi

January 14, 2025

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:shezxiLink to Submitters Profile:https://hackerone.com/shezxi Report Title:Critical Data Breach - Big Data for...

HackerOne Bug Bounty Disclosure: blind-ssrf-vulnerability-in-appstore-release-upload-form-offensiveops

January 14, 2025

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:offensiveopsLink to Submitters Profile:https://hackerone.com/offensiveops Report Title:Blind SSRF Vulnerability in Appstore Release Upload...

HackerOne Bug Bounty Disclosure: waf-bypass-and-java-script-incomplete-handling-of-unicode-characters-might-leads-to-dom-xss-clubbable

January 13, 2025

Company Name: Doppler Company HackerOne URL: https://hackerone.com/doppler Submitted By:clubbableLink to Submitters Profile:https://hackerone.com/clubbable Report Title:WAF bypass and java script incomplete handling...

HackerOne Bug Bounty Disclosure: unauthenticated-path-traversal-and-command-injection-in-trellix-enterprise-security-manager-r-v

January 12, 2025

Company Name: Trellix Company HackerOne URL: https://hackerone.com/trellix Submitted By:r4vLink to Submitters Profile:https://hackerone.com/r4v Report Title:Unauthenticated Path Traversal and Command Injection in...

HackerOne Bug Bounty Disclosure: yet-another-otp-code-leaked-in-the-api-response-tinopreter

January 8, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:tinopreterLink to Submitters Profile:https://hackerone.com/tinopreter Report Title:Yet Another OTP code Leaked in...

HackerOne Bug Bounty Disclosure: otp-code-leaked-in-api-response-tinopreter

January 8, 2025

HackerOne Bug Bounty Disclosure: sql-injection-in-url-path-leads-to-database-access-tinopreter

January 8, 2025

HackerOne Bug Bounty Disclosure: bypass-email-verification-on-add-email-monitoring-dotxml

January 7, 2025

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:dotxmlLink to Submitters Profile:https://hackerone.com/dotxml Report Title:Bypass Email Verification on Add Email MonitoringReport...

HackerOne Bug Bounty Disclosure: lack-of-url-validation-in-avatarurl-at-v-profile-marcotuliocnd

December 28, 2024

Company Name: Truecaller Company HackerOne URL: https://hackerone.com/truecaller Submitted By:marcotuliocndLink to Submitters Profile:https://hackerone.com/marcotuliocnd Report Title:Lack of URL Validation in avatarUrl at...

HackerOne Bug Bounty Disclosure: -oem-acronis-com-reflected-cross-site-scripting-darkdream

December 28, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:darkdreamLink to Submitters Profile:https://hackerone.com/darkdream Report Title:acroniscom] Reflected Cross Site Scripting Report Link:https://hackerone.com/reports/2038943Date...

HackerOne Bug Bounty Disclosure: hackers-attack-curl-vulnerability-accessing-sensitive-information-scottarterbury

December 27, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:scottarterburyLink to Submitters Profile:https://hackerone.com/scottarterbury Report Title:Hackers Attack Curl Vulnerability Accessing Sensitive InformationReport...

HackerOne Bug Bounty Disclosure: a-potential-risk-in-the-aws-lambda-ecs-run-task-which-can-be-used-to-privilege-escalation-zolaer

December 27, 2024

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:zolaer9527Link to Submitters Profile:https://hackerone.com/zolaer9527 Report Title:A potential risk in the aws-lambda-ecs-run-task...

HackerOne Bug Bounty Disclosure: reflected-xss-on-amazon-ec-instance-perigou

December 24, 2024

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:perigouLink to Submitters Profile:https://hackerone.com/perigou Report Title:Reflected XSS on Amazon EC2 InstanceReport...

HackerOne Bug Bounty Disclosure: cve-perigou

December 24, 2024

HackerOne Bug Bounty Disclosure: access-to-limited-confidential-information-of-private-program-as-a-ex-reporter-report-participant-external-user-ex-staff-member-sarthakbhingare

December 24, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:sarthakbhingare015Link to Submitters Profile:https://hackerone.com/sarthakbhingare015 Report Title:Access to limited confidential information of private...

HackerOne Bug Bounty Disclosure: bypass-upgrade-to-add-project-restriction-in-free-account-to-create-multiple-projects-without-upgrading-mrm-nk

December 20, 2024

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:mrm0nkLink to Submitters Profile:https://hackerone.com/mrm0nk Report Title:Bypass "Upgrade To Add Project" Restriction in...

Bug Bounty

HackerOne Bug Bounty Disclosure: post-based-cross-site-scripting-on-ibm-research-endpoint-youssifs

HackerOne Bug Bounty Disclosure: usage-of-unsafe-random-function-in-undici-for-choosing-boundary-parrot

HackerOne Bug Bounty Disclosure: -bypass-email-verification-for-monitoring-at-monitor-mozilla-org–d-amrr

HackerOne Bug Bounty Disclosure: disclosing-policypageassetgroup-in-private-programs-via-graphql-gid-hackerone-policypageassetgroupsindex-policypageassetgroup-id-haxta-ok

HackerOne Bug Bounty Disclosure: worker-permission-bypass-via-internalworker-leak-in-diagnostics-leodog

HackerOne Bug Bounty Disclosure: cve-apache-airflow-format-string-vulnerability-leixiao

HackerOne Bug Bounty Disclosure: object-level-access-control-leads-to-reading-user-s-full-requests-sessions-and-error-messages-mester-x

HackerOne Bug Bounty Disclosure: netrc-and-redirect-credential-leak-nyymi

HackerOne Bug Bounty Disclosure: critical-data-breach-big-data-for-all-domains-shezxi

HackerOne Bug Bounty Disclosure: blind-ssrf-vulnerability-in-appstore-release-upload-form-offensiveops

HackerOne Bug Bounty Disclosure: waf-bypass-and-java-script-incomplete-handling-of-unicode-characters-might-leads-to-dom-xss-clubbable

HackerOne Bug Bounty Disclosure: unauthenticated-path-traversal-and-command-injection-in-trellix-enterprise-security-manager-r-v

HackerOne Bug Bounty Disclosure: yet-another-otp-code-leaked-in-the-api-response-tinopreter

HackerOne Bug Bounty Disclosure: otp-code-leaked-in-api-response-tinopreter

HackerOne Bug Bounty Disclosure: sql-injection-in-url-path-leads-to-database-access-tinopreter

HackerOne Bug Bounty Disclosure: bypass-email-verification-on-add-email-monitoring-dotxml

HackerOne Bug Bounty Disclosure: lack-of-url-validation-in-avatarurl-at-v-profile-marcotuliocnd

HackerOne Bug Bounty Disclosure: -oem-acronis-com-reflected-cross-site-scripting-darkdream

HackerOne Bug Bounty Disclosure: hackers-attack-curl-vulnerability-accessing-sensitive-information-scottarterbury

HackerOne Bug Bounty Disclosure: a-potential-risk-in-the-aws-lambda-ecs-run-task-which-can-be-used-to-privilege-escalation-zolaer

HackerOne Bug Bounty Disclosure: reflected-xss-on-amazon-ec-instance-perigou

HackerOne Bug Bounty Disclosure: cve-perigou

HackerOne Bug Bounty Disclosure: access-to-limited-confidential-information-of-private-program-as-a-ex-reporter-report-participant-external-user-ex-staff-member-sarthakbhingare

HackerOne Bug Bounty Disclosure: bypass-upgrade-to-add-project-restriction-in-free-account-to-create-multiple-projects-without-upgrading-mrm-nk

CVE Alert: CVE-2025-0350

CVE Alert: CVE-2024-13562

CVE Alert: CVE-2024-35112

CVE Alert: CVE-2023-38012

CVE Alert: CVE-2023-38013

You may have missed