Bug Bounty

HackerOne Bug Bounty Disclosure: blind-stored-xss-in-shopify-internal-parquet-viewer-testingforbugs

February 8, 2024

Company Name: Shopify Company HackerOne URL: https://hackerone.com/shopify Submitted By:testingforbugsLink to Submitters Profile:https://hackerone.com/testingforbugs Report Title:Blind Stored XSS in shopify internal Parquet...

HackerOne Bug Bounty Disclosure: xmlrpc-php-wp-cron-php-files-are-enabled-and-will-used-for-ddos-dos-and-broutforce-users-attack-cyber-tech

February 8, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:cyber-techLink to Submitters Profile:https://hackerone.com/cyber-tech Report Title:xmlrpcphp &wp-cronphp files are enabled, and will...

HackerOne Bug Bounty Disclosure: idor-on-graphql-queries-billingdocumentdownload-and-billdetails-blaklis

February 8, 2024

Company Name: Shopify Company HackerOne URL: https://hackerone.com/shopify Submitted By:blaklisLink to Submitters Profile:https://hackerone.com/blaklis Report Title:IDOR on GraphQL queries BillingDocumentDownload and BillDetailsReport...

HackerOne Bug Bounty Disclosure: request-smuggling-in-apache-tomcat-important-cve-mukeran

February 7, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:mukeranLink to Submitters Profile:https://hackerone.com/mukeran Report Title:Request Smuggling in Apache Tomcat...

HackerOne Bug Bounty Disclosure: infromation-disclosure-to-use-of-hard-coded-cryptographic-key-ahmed-abdo

February 6, 2024

Company Name: Reddit Company HackerOne URL: https://hackerone.com/reddit Submitted By:ahmed-abdoLink to Submitters Profile:https://hackerone.com/ahmed-abdo Report Title:Infromation Disclosure To Use of Hard-coded Cryptographic...

HackerOne Bug Bounty Disclosure: csrf-to-delete-a-pet-on-dr-m

February 5, 2024

Company Name: Mars Company HackerOne URL: https://hackerone.com/mars Submitted By:dr34m14Link to Submitters Profile:https://hackerone.com/dr34m14 Report Title:CSRF to delete a pet on Report...

HackerOne Bug Bounty Disclosure: account-creation-with-invalid-email-addresses-email-is-accepting-and-d-a-line-termination-chars-resett-r

February 4, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:resett3rLink to Submitters Profile:https://hackerone.com/resett3r Report Title:Account creation with invalid email addresses /...

HackerOne Bug Bounty Disclosure: hackerone-saml-signup-domain-enforcement-bypass-results-in-unauthorized-access-to-hackerone-pullrequest-organization–xacb

February 4, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0xacbLink to Submitters Profile:https://hackerone.com/0xacb Report Title:HackerOne SAML signup domain enforcement bypass results...

HackerOne Bug Bounty Disclosure: vulnerability-report-no-rate-limit-password-reset-cyb-r-assass-n

February 2, 2024

Company Name: Trellix Company HackerOne URL: https://hackerone.com/trellix Submitted By:cyb3r_assass1nLink to Submitters Profile:https://hackerone.com/cyb3r_assass1n Report Title:Vulnerability Report: NO RATE LIMIT Password RESETReport...

HackerOne Bug Bounty Disclosure: b-default-credentials-at-https-b-forcedrofes

February 1, 2024

Company Name: b'Trellix' Company HackerOne URL: https://hackerone.com/trellix Submitted By:b'forcedrofes'Link to Submitters Profile:https://hackerone.com/b'forcedrofes' Report Title:b'default credentials at https://52.42.105.71/'Report Link:https://hackerone.com/reports/2160178Date Submitted:01 February...

HackerOne Bug Bounty Disclosure: b-port-smpt-open-can-send-any-mail-remotely-from-the-internal-mail-users-to-company-mail-id-s-b-harshniture

February 1, 2024

Company Name: b'SideFX' Company HackerOne URL: https://hackerone.com/sidefx Submitted By:b'harshniture12'Link to Submitters Profile:https://hackerone.com/b'harshniture12' Report Title:b"Port 587 SMPT Open: Can send any...

HackerOne Bug Bounty Disclosure: b-xss-in-subdomain-of-duckduckgo-b-mr-r-boot

February 1, 2024

Company Name: b'DuckDuckGo' Company HackerOne URL: https://hackerone.com/duckduckgo Submitted By:b'mr_r3boot'Link to Submitters Profile:https://hackerone.com/b'mr_r3boot' Report Title:b'XSS in Subdomain of DuckDuckGo'Report Link:https://hackerone.com/reports/395734Date Submitted:01...

HackerOne Bug Bounty Disclosure: b-memory-corruption-via-large-pixels-b-mr-r-boot

February 1, 2024

Company Name: b'Infogram' Company HackerOne URL: https://hackerone.com/infogram Submitted By:b'mr_r3boot'Link to Submitters Profile:https://hackerone.com/b'mr_r3boot' Report Title:b'Memory Corruption via Large Pixels'Report Link:https://hackerone.com/reports/282518Date Submitted:01...

HackerOne Bug Bounty Disclosure: b-cve-ocsp-verification-bypass-with-tls-session-reuse-b-kurohiro

January 31, 2024

Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'kurohiro'Link to Submitters Profile:https://hackerone.com/b'kurohiro' Report Title:b'CVE-2024-0853: OCSP verification bypass with TLS session...

HackerOne Bug Bounty Disclosure: b-cors-misconfiguration-on-b-k-hacker

January 31, 2024

Company Name: b'Publitas' Company HackerOne URL: https://hackerone.com/publitas Submitted By:b'2k_hacker'Link to Submitters Profile:https://hackerone.com/b'2k_hacker' Report Title:b'CORS Misconfiguration on 'Report Link:https://hackerone.com/reports/2332728Date Submitted:31 January...

HackerOne Bug Bounty Disclosure: b-pickle-deserialization-vulnerability-in-xcoms-b-zpbrent

January 29, 2024

Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'zpbrent'Link to Submitters Profile:https://hackerone.com/b'zpbrent' Report Title:b'Pickle deserialization vulnerability in XComs'Report...

HackerOne Bug Bounty Disclosure: b-html-injection-in-event-description-b-khaledx

January 29, 2024

Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'khaledx'Link to Submitters Profile:https://hackerone.com/b'khaledx' Report Title:b'Html injection in event Description 'Report Link:https://hackerone.com/reports/2215418Date...

HackerOne Bug Bounty Disclosure: b-xss-on-terra-indriverapp-com-b-maxdha

January 29, 2024

Company Name: b'inDrive' Company HackerOne URL: https://hackerone.com/indrive Submitted By:b'maxdha'Link to Submitters Profile:https://hackerone.com/b'maxdha' Report Title:b'XSS on terra-6.indriverapp.com'Report Link:https://hackerone.com/reports/1969696Date Submitted:29 January 2024...

HackerOne Bug Bounty Disclosure: b-argo-cd-csrf-leads-to-kubernetes-cluster-compromise-b-tint

January 29, 2024

Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'tint0'Link to Submitters Profile:https://hackerone.com/b'tint0' Report Title:b'Argo CD CSRF leads to...

HackerOne Bug Bounty Disclosure: b-exposed-cdn-access-token-allows-modification-of-all-newly-uploaded-snapmatic-photos-b-bugstar

January 26, 2024

Company Name: b'Rockstar Games' Company HackerOne URL: https://hackerone.com/rockstargames Submitted By:b'bugstar'Link to Submitters Profile:https://hackerone.com/b'bugstar' Report Title:b'Exposed CDN access token allows modification...

HackerOne Bug Bounty Disclosure: b-reflected-xss-on-help-shopify-com-b-ssilvass

January 25, 2024

Company Name: b'Shopify' Company HackerOne URL: https://hackerone.com/shopify Submitted By:b'ssilvass'Link to Submitters Profile:https://hackerone.com/b'ssilvass' Report Title:b'Reflected XSS on help.shopify.com'Report Link:https://hackerone.com/reports/1940245Date Submitted:25 January...

HackerOne Bug Bounty Disclosure: b-lack-of-tenant-scoping-enables-limited-cross-tenant-data-querying-and-mutation-b-tushar-rec-n

January 25, 2024

Company Name: b'Enjin' Company HackerOne URL: https://hackerone.com/enjin Submitted By:b'tushar_rec0n'Link to Submitters Profile:https://hackerone.com/b'tushar_rec0n' Report Title:b'Lack of Tenant Scoping Enables Limited Cross-Tenant...

HackerOne Bug Bounty Disclosure: b-reflected-xss-on-https-travel-line-me-b-mheranco

January 18, 2024

Company Name: b'LY Corporation' Company HackerOne URL: https://hackerone.com/line Submitted By:b'mheranco'Link to Submitters Profile:https://hackerone.com/b'mheranco' Report Title:b'Reflected XSS on https://travel.line.me'Report Link:https://hackerone.com/reports/1880607Date Submitted:18...

HackerOne Bug Bounty Disclosure: b-improper-handling-of-request-urls-in-nextcloud-guests-allows-guest-users-to-bypass-app-allowlist-b-ryotak

January 18, 2024

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'ryotak'Link to Submitters Profile:https://hackerone.com/b'ryotak' Report Title:b'Improper handling of request URLs in nextcloud/guests...

Bug Bounty

HackerOne Bug Bounty Disclosure: blind-stored-xss-in-shopify-internal-parquet-viewer-testingforbugs

HackerOne Bug Bounty Disclosure: xmlrpc-php-wp-cron-php-files-are-enabled-and-will-used-for-ddos-dos-and-broutforce-users-attack-cyber-tech

HackerOne Bug Bounty Disclosure: idor-on-graphql-queries-billingdocumentdownload-and-billdetails-blaklis

HackerOne Bug Bounty Disclosure: request-smuggling-in-apache-tomcat-important-cve-mukeran

HackerOne Bug Bounty Disclosure: infromation-disclosure-to-use-of-hard-coded-cryptographic-key-ahmed-abdo

HackerOne Bug Bounty Disclosure: csrf-to-delete-a-pet-on-dr-m

HackerOne Bug Bounty Disclosure: account-creation-with-invalid-email-addresses-email-is-accepting-and-d-a-line-termination-chars-resett-r

HackerOne Bug Bounty Disclosure: hackerone-saml-signup-domain-enforcement-bypass-results-in-unauthorized-access-to-hackerone-pullrequest-organization–xacb

HackerOne Bug Bounty Disclosure: vulnerability-report-no-rate-limit-password-reset-cyb-r-assass-n

HackerOne Bug Bounty Disclosure: b-default-credentials-at-https-b-forcedrofes

HackerOne Bug Bounty Disclosure: b-port-smpt-open-can-send-any-mail-remotely-from-the-internal-mail-users-to-company-mail-id-s-b-harshniture

HackerOne Bug Bounty Disclosure: b-xss-in-subdomain-of-duckduckgo-b-mr-r-boot

HackerOne Bug Bounty Disclosure: b-memory-corruption-via-large-pixels-b-mr-r-boot

HackerOne Bug Bounty Disclosure: b-cve-ocsp-verification-bypass-with-tls-session-reuse-b-kurohiro

HackerOne Bug Bounty Disclosure: b-cors-misconfiguration-on-b-k-hacker

HackerOne Bug Bounty Disclosure: b-pickle-deserialization-vulnerability-in-xcoms-b-zpbrent

HackerOne Bug Bounty Disclosure: b-html-injection-in-event-description-b-khaledx

HackerOne Bug Bounty Disclosure: b-xss-on-terra-indriverapp-com-b-maxdha

HackerOne Bug Bounty Disclosure: b-argo-cd-csrf-leads-to-kubernetes-cluster-compromise-b-tint

HackerOne Bug Bounty Disclosure: b-exposed-cdn-access-token-allows-modification-of-all-newly-uploaded-snapmatic-photos-b-bugstar

HackerOne Bug Bounty Disclosure: b-reflected-xss-on-help-shopify-com-b-ssilvass

HackerOne Bug Bounty Disclosure: b-lack-of-tenant-scoping-enables-limited-cross-tenant-data-querying-and-mutation-b-tushar-rec-n

HackerOne Bug Bounty Disclosure: b-reflected-xss-on-https-travel-line-me-b-mheranco

HackerOne Bug Bounty Disclosure: b-improper-handling-of-request-urls-in-nextcloud-guests-allows-guest-users-to-bypass-app-allowlist-b-ryotak

CVE Alert: CVE-2024-51952

CVE Alert: CVE-2024-51954

CVE Alert: CVE-2024-51950

CVE Alert: CVE-2024-51953

CVE Alert: CVE-2024-51951

You may have missed