Bug Bounty

HackerOne Bug Bounty Disclosure: endpoint-redirects-to-admin-page-and-provides-admin-role-bulldawg

July 19, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:bulldawgLink to Submitters Profile:https://hackerone.com/bulldawg Report Title:Endpoint Redirects to Admin...

HackerOne Bug Bounty Disclosure: xml-external-entity-xxe-injection-maskedpersian

July 19, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:maskedpersianLink to Submitters Profile:https://hackerone.com/maskedpersian Report Title:XML External Entity (XXE)...

HackerOne Bug Bounty Disclosure: restrict-any-user-from-login-to-their-account-prakhar-x

July 19, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:prakhar0x01Link to Submitters Profile:https://hackerone.com/prakhar0x01 Report Title:Restrict any user from...

HackerOne Bug Bounty Disclosure: local-file-inclusion-in-download-php-tokyoenigma

July 19, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:tokyoenigmaLink to Submitters Profile:https://hackerone.com/tokyoenigma Report Title:Local File Inclusion in...

HackerOne Bug Bounty Disclosure: automatic-admin-access-bulldawg

July 19, 2024

HackerOne Bug Bounty Disclosure: idor-leads-to-pii-leak-prakhar-x

July 19, 2024

HackerOne Bug Bounty Disclosure: authentication-bypass-on-hxxps-bulldawg

July 19, 2024

HackerOne Bug Bounty Disclosure: idor-modify-other-users-demographic-details-prakhar-x

July 19, 2024

HackerOne Bug Bounty Disclosure: idor-leads-to-view-other-user-biographical-details-possible-pii-leak-prakhar-x

July 19, 2024

HackerOne Bug Bounty Disclosure: xss-in-ibm-infocenter-redyetihacks

July 17, 2024

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:redyetihacksLink to Submitters Profile:https://hackerone.com/redyetihacks Report Title:XSS in IBM InfoCenterReport Link:https://hackerone.com/reports/2343548Date Submitted:17 July...

HackerOne Bug Bounty Disclosure: permission-model-improperly-processes-unc-paths-tniessen

July 15, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:tniessenLink to Submitters Profile:https://hackerone.com/tniessen Report Title:Permission model improperly processes UNC pathsReport Link:https://hackerone.com/reports/2079103Date...

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-http-response-splitting-cve-orange

July 13, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:orangeLink to Submitters Profile:https://hackerone.com/orange Report Title:moderate: Apache HTTP Server: HTTP...

HackerOne Bug Bounty Disclosure: account-takeover-via-authentication-bypass-in-tiktok-account-recovery-xtt-k

July 13, 2024

Company Name: TikTok Company HackerOne URL: https://hackerone.com/tiktok Submitted By:xtt0kLink to Submitters Profile:https://hackerone.com/xtt0k Report Title:Account Takeover via Authentication Bypass in TikTok...

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-proxy-encoding-problem-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-with-encoded-question-marks-in-backreferences-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-may-use-exploitable-malicious-backend-application-output-to-run-local-handlers-via-internal-redirect-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-in-mod-rewrite-when-first-segment-of-substitution-matches-filesystem-path-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-crash-resulting-in-denial-of-service-in-mod-proxy-via-a-malicious-request-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-on-windows-unc-ssrf-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: file-sizes-may-be-manipulated-into-negative-numbers-when-uploading-yinmo

July 10, 2024

Company Name: LY Corporation Company HackerOne URL: https://hackerone.com/line Submitted By:yinmoLink to Submitters Profile:https://hackerone.com/yinmo Report Title:File sizes may be manipulated into...

HackerOne Bug Bounty Disclosure: xss-on-line-careers-nightm-re

July 10, 2024

Company Name: LY Corporation Company HackerOne URL: https://hackerone.com/line Submitted By:nightm4reLink to Submitters Profile:https://hackerone.com/nightm4re Report Title:XSS on LINE CAREERSReport Link:https://hackerone.com/reports/2403554Date Submitted:10...

HackerOne Bug Bounty Disclosure: fs-lstat-bypasses-permission-model-haxatron

July 9, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:haxatron1Link to Submitters Profile:https://hackerone.com/haxatron1 Report Title:fslstat bypasses permission modelReport Link:https://hackerone.com/reports/2145862Date Submitted:09 July...

HackerOne Bug Bounty Disclosure: bypass-incomplete-fix-of-cve-tianst

July 9, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:tianstLink to Submitters Profile:https://hackerone.com/tianst Report Title:Bypass incomplete fix of CVE-2024-27980Report Link:https://hackerone.com/reports/2461831Date Submitted:09...

HackerOne Bug Bounty Disclosure: path-traversal-in-deeplink-query-parameter-can-expose-any-user-s-private-info-to-a-public-directory-one-click-fr-via

July 9, 2024

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:fr4viaLink to Submitters Profile:https://hackerone.com/fr4via Report Title:Path traversal in deeplink query parameter can...

Bug Bounty

HackerOne Bug Bounty Disclosure: endpoint-redirects-to-admin-page-and-provides-admin-role-bulldawg

HackerOne Bug Bounty Disclosure: xml-external-entity-xxe-injection-maskedpersian

HackerOne Bug Bounty Disclosure: restrict-any-user-from-login-to-their-account-prakhar-x

HackerOne Bug Bounty Disclosure: local-file-inclusion-in-download-php-tokyoenigma

HackerOne Bug Bounty Disclosure: automatic-admin-access-bulldawg

HackerOne Bug Bounty Disclosure: idor-leads-to-pii-leak-prakhar-x

HackerOne Bug Bounty Disclosure: authentication-bypass-on-hxxps-bulldawg

HackerOne Bug Bounty Disclosure: idor-modify-other-users-demographic-details-prakhar-x

HackerOne Bug Bounty Disclosure: idor-leads-to-view-other-user-biographical-details-possible-pii-leak-prakhar-x

HackerOne Bug Bounty Disclosure: xss-in-ibm-infocenter-redyetihacks

HackerOne Bug Bounty Disclosure: permission-model-improperly-processes-unc-paths-tniessen

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-http-response-splitting-cve-orange

HackerOne Bug Bounty Disclosure: account-takeover-via-authentication-bypass-in-tiktok-account-recovery-xtt-k

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-proxy-encoding-problem-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-with-encoded-question-marks-in-backreferences-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-may-use-exploitable-malicious-backend-application-output-to-run-local-handlers-via-internal-redirect-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-in-mod-rewrite-when-first-segment-of-substitution-matches-filesystem-path-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-crash-resulting-in-denial-of-service-in-mod-proxy-via-a-malicious-request-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-on-windows-unc-ssrf-cve-orange

HackerOne Bug Bounty Disclosure: file-sizes-may-be-manipulated-into-negative-numbers-when-uploading-yinmo

HackerOne Bug Bounty Disclosure: xss-on-line-careers-nightm-re

HackerOne Bug Bounty Disclosure: fs-lstat-bypasses-permission-model-haxatron

HackerOne Bug Bounty Disclosure: bypass-incomplete-fix-of-cve-tianst

HackerOne Bug Bounty Disclosure: path-traversal-in-deeplink-query-parameter-can-expose-any-user-s-private-info-to-a-public-directory-one-click-fr-via

[LYNX] – Ransomware Victim: amethystgroup[.]co[.]uk

[LYNX] – Ransomware Victim: R&N Manufacturing

[QILIN] – Ransomware Victim: parrishleasing[.]com

CVE Alert: CVE-2025-43963

CVE Alert: CVE-2025-43973

You may have missed