Bug Bounty

HackerOne Bug Bounty Disclosure: cve-apache-tomcat-dos-vulnerability-in-http-connector-devme-f

July 5, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:devme4fLink to Submitters Profile:https://hackerone.com/devme4f Report Title:CVE-2024-34750 Apache Tomcat DoS vulnerability...

HackerOne Bug Bounty Disclosure: authentication-registration-bypass-in-newspack-extended-access-xurizaemon

July 5, 2024

Company Name: Automattic Company HackerOne URL: https://hackerone.com/automattic Submitted By:xurizaemon0Link to Submitters Profile:https://hackerone.com/xurizaemon0 Report Title:Authentication & Registration Bypass in Newspack Extended...

HackerOne Bug Bounty Disclosure: rce-by-parsing-rdoc-options-in-rdoc-ooooooo-q

July 3, 2024

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:RCE by parsing `rdoc_options` in RDocReport Link:https://hackerone.com/reports/1187477Date...

HackerOne Bug Bounty Disclosure: default-admin-account-lead-to-full-access-control-at-hxxps-desk-demo-fareharbor-engineering-tuantv

July 3, 2024

Company Name: Booking.com Company HackerOne URL: https://hackerone.com/bookingcom Submitted By:tuantv89Link to Submitters Profile:https://hackerone.com/tuantv89 Report Title:Default Admin Account lead to full access...

HackerOne Bug Bounty Disclosure: reflected-xss-of-media-indrive-com-zxwo

July 2, 2024

Company Name: inDrive Company HackerOne URL: https://hackerone.com/indrive Submitted By:zxwoLink to Submitters Profile:https://hackerone.com/zxwo Report Title:Reflected XSS of mediaindrivecomReport Link:https://hackerone.com/reports/2503113Date Submitted:02 July...

HackerOne Bug Bounty Disclosure: unlimited-fake-rate-to-the-passenger-in-city-to-city-affected-endpoint-api-v-reviews-ride-id-driver-bugsv

July 2, 2024

Company Name: inDrive Company HackerOne URL: https://hackerone.com/indrive Submitted By:bugsv2Link to Submitters Profile:https://hackerone.com/bugsv2 Report Title:Unlimited fake rate to the passenger in...

HackerOne Bug Bounty Disclosure: cve-in-nginx-noentry

July 1, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:noentryLink to Submitters Profile:https://hackerone.com/noentry Report Title:CVE-2024-35200 in nginxReport Link:https://hackerone.com/reports/2526041Date Submitted:01...

HackerOne Bug Bounty Disclosure: cve-in-nginx-noentry

July 1, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:noentryLink to Submitters Profile:https://hackerone.com/noentry Report Title:CVE-2024-32760 in nginxReport Link:https://hackerone.com/reports/2526046Date Submitted:01...

HackerOne Bug Bounty Disclosure: cve-in-nginx-noentry

July 1, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:noentryLink to Submitters Profile:https://hackerone.com/noentry Report Title:CVE-2024-31079 in nginxReport Link:https://hackerone.com/reports/2526051Date Submitted:01...

HackerOne Bug Bounty Disclosure: -cve-actiontext-contentattachments-can-contain-unsanitized-html-ooooooo-q

June 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title: ActionText ContentAttachments can Contain...

HackerOne Bug Bounty Disclosure: account-takeover-arbitrary-file-read-and-deletion-partial-code-execution-intent-redirection-through-com-mercadopago-wallet-splash-splashactivity-fr-via

June 28, 2024

Company Name: MercadoLibre Company HackerOne URL: https://hackerone.com/mercadolibre Submitted By:fr4viaLink to Submitters Profile:https://hackerone.com/fr4via Report Title:Account Takeover / Arbitrary File read and...

HackerOne Bug Bounty Disclosure: idor-leading-unauthenticated-attacker-to-download-documents-discloses-pii-of-users-and-soldiers-via-hxxps-www-download-aspx-id-htus-berserker

June 27, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:berserker1999Link to Submitters Profile:https://hackerone.com/berserker1999 Report Title:IDOR leading unauthenticated attacker...

HackerOne Bug Bounty Disclosure: local-file-disclosure-on-the-hxxps-edu-leads-to-the-full-source-code-disclosure-and-credentials-leak-sp-d-rs

June 27, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:sp1d3rsLink to Submitters Profile:https://hackerone.com/sp1d3rs Report Title:Local File Disclosure on...

HackerOne Bug Bounty Disclosure: subdomain-takeover-mil-martinvw

June 27, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:martinvwLink to Submitters Profile:https://hackerone.com/martinvw Report Title:Subdomain takeover milReport Link:https://hackerone.com/reports/2499178Date...

HackerOne Bug Bounty Disclosure: subdomain-takeover-of-ci-support-booking-com-pointing-to-zendesk-jub-bs

June 25, 2024

Company Name: Booking.com Company HackerOne URL: https://hackerone.com/bookingcom Submitted By:jub0bsLink to Submitters Profile:https://hackerone.com/jub0bs Report Title:Subdomain takeover of ci-supportbookingcom (pointing to Zendesk)Report...

HackerOne Bug Bounty Disclosure: dos-with-crafted-range-header-ooooooo-q

June 25, 2024

Company Name: Ruby on Rails Company HackerOne URL: https://hackerone.com/rails Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:DoS with crafted "Range" headerReport...

HackerOne Bug Bounty Disclosure: monitoring-prow-canary-k-s-io-is-vulnerable-to-cve-grafana-day-jub-bs

June 25, 2024

Company Name: Kubernetes Company HackerOne URL: https://hackerone.com/kubernetes Submitted By:jub0bsLink to Submitters Profile:https://hackerone.com/jub0bs Report Title:monitoringprow-canaryk8sio is vulnerable to CVE-2022-21703 (Grafana 0-day)Report...

HackerOne Bug Bounty Disclosure: ability-to-bulk-submit-reports-via-query-named-based-batching–x

June 19, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0x999Link to Submitters Profile:https://hackerone.com/0x999 Report Title:Ability to bulk submit reports via query...

HackerOne Bug Bounty Disclosure: cloudflare-cdn-cgi-path-allows-resizing-images-from-unauthorised-sources-on-enjinusercontent-com–whoami

June 19, 2024

Company Name: Enjin Company HackerOne URL: https://hackerone.com/enjin Submitted By:19whoami19Link to Submitters Profile:https://hackerone.com/19whoami19 Report Title:Cloudflare /cdn-cgi/ path allows resizing images from...

HackerOne Bug Bounty Disclosure: -meetup-world-id-oidc-insufficient-filtering-of-state-parameter-in-response-mode-form-post-leads-to-xss-and-ato-lauritz

June 19, 2024

Company Name: Tools for Humanity Company HackerOne URL: https://hackerone.com/toolsforhumanity Submitted By:lauritzLink to Submitters Profile:https://hackerone.com/lauritz Report Title: Insufficient Filtering of "state"...

Bug Bounty

HackerOne Bug Bounty Disclosure: cve-apache-tomcat-dos-vulnerability-in-http-connector-devme-f

HackerOne Bug Bounty Disclosure: authentication-registration-bypass-in-newspack-extended-access-xurizaemon

HackerOne Bug Bounty Disclosure: rce-by-parsing-rdoc-options-in-rdoc-ooooooo-q

HackerOne Bug Bounty Disclosure: default-admin-account-lead-to-full-access-control-at-hxxps-desk-demo-fareharbor-engineering-tuantv

HackerOne Bug Bounty Disclosure: reflected-xss-of-media-indrive-com-zxwo

HackerOne Bug Bounty Disclosure: unlimited-fake-rate-to-the-passenger-in-city-to-city-affected-endpoint-api-v-reviews-ride-id-driver-bugsv

HackerOne Bug Bounty Disclosure: cve-in-nginx-noentry

HackerOne Bug Bounty Disclosure: cve-in-nginx-noentry

HackerOne Bug Bounty Disclosure: cve-in-nginx-noentry

HackerOne Bug Bounty Disclosure: -cve-actiontext-contentattachments-can-contain-unsanitized-html-ooooooo-q

HackerOne Bug Bounty Disclosure: account-takeover-arbitrary-file-read-and-deletion-partial-code-execution-intent-redirection-through-com-mercadopago-wallet-splash-splashactivity-fr-via

HackerOne Bug Bounty Disclosure: idor-leading-unauthenticated-attacker-to-download-documents-discloses-pii-of-users-and-soldiers-via-hxxps-www-download-aspx-id-htus-berserker

HackerOne Bug Bounty Disclosure: local-file-disclosure-on-the-hxxps-edu-leads-to-the-full-source-code-disclosure-and-credentials-leak-sp-d-rs

HackerOne Bug Bounty Disclosure: subdomain-takeover-mil-martinvw

HackerOne Bug Bounty Disclosure: subdomain-takeover-of-ci-support-booking-com-pointing-to-zendesk-jub-bs

HackerOne Bug Bounty Disclosure: dos-with-crafted-range-header-ooooooo-q

HackerOne Bug Bounty Disclosure: monitoring-prow-canary-k-s-io-is-vulnerable-to-cve-grafana-day-jub-bs

HackerOne Bug Bounty Disclosure: ability-to-bulk-submit-reports-via-query-named-based-batching–x

HackerOne Bug Bounty Disclosure: cloudflare-cdn-cgi-path-allows-resizing-images-from-unauthorised-sources-on-enjinusercontent-com–whoami

HackerOne Bug Bounty Disclosure: -meetup-world-id-oidc-insufficient-filtering-of-state-parameter-in-response-mode-form-post-leads-to-xss-and-ato-lauritz

HackerOne Bug Bounty Disclosure: program-member-could-duplicate-report-to-a-non-related-program-original-report-v-id

HackerOne Bug Bounty Disclosure: null-dereference-when-encoding-dn-of-x-certificate-z

HackerOne Bug Bounty Disclosure: -idor-improper-access-control-on-embedded-submission-form-japz

HackerOne Bug Bounty Disclosure: -package-name-can-be-set-as-desired-when-submitting-a-pentest-opportunity-form-iam-srpk

CVE Alert: CVE-2024-51963

CVE Alert: CVE-2024-51966

CVE Alert: CVE-2024-51956

CVE Alert: CVE-2024-5888

CVE Alert: CVE-2024-51957

You may have missed