Bug Bounty

HackerOne Bug Bounty Disclosure: bypass-of-this-fixed-inadequate-protocol-restriction-enforcement-in-curl-hackeriron

December 19, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:hackeriron1Link to Submitters Profile:https://hackerone.com/hackeriron1 Report Title:bypass of this Fixed #2437131 Report Link:https://hackerone.com/reports/2905552Date...

HackerOne Bug Bounty Disclosure: forced-oauth-authorization-using-button-id-in-hash-and-holding-space-j-r-an

December 17, 2024

Company Name: LinkedIn Company HackerOne URL: https://hackerone.com/linkedin Submitted By:j0r1anLink to Submitters Profile:https://hackerone.com/j0r1an Report Title:Forced OAuth authorization using button ID in...

HackerOne Bug Bounty Disclosure: nextcloud-mail-does-not-respect-download-permissions-in-shares-rullzer

December 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:rullzerLink to Submitters Profile:https://hackerone.com/rullzer Report Title:Nextcloud mail does not respect download permissions...

HackerOne Bug Bounty Disclosure: x-e-ee-signature-verification-can-be-bypassed-leading-to-loss-of-confidentiality-of-end-to-end-encrypted-files-d-xuan

December 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:d-xuanLink to Submitters Profile:https://hackerone.com/d-xuan Report Title:X-E2EE-SIGNATURE verification can be bypassed, leading to...

HackerOne Bug Bounty Disclosure: incomplete-sanitization-in-svg-preview-provider-pulsejet

December 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:pulsejetLink to Submitters Profile:https://hackerone.com/pulsejet Report Title:Incomplete sanitization in SVG preview providerReport Link:https://hackerone.com/reports/2484499Date...

HackerOne Bug Bounty Disclosure: netrc-redirect-credential-leak-nyymi

December 11, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:nyymiLink to Submitters Profile:https://hackerone.com/nyymi Report Title:netrc + redirect credential leakReport Link:https://hackerone.com/reports/2829063Date Submitted:11...

HackerOne Bug Bounty Disclosure: rce-on-worker-host-due-to-unsanitized-env-variable-name-in-task-definition-on-community-tc-services-mozilla-com-ebrietas

December 8, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:ebrietasLink to Submitters Profile:https://hackerone.com/ebrietas Report Title:RCE on worker host due to unsanitized...

HackerOne Bug Bounty Disclosure: cve-apache-airflow-command-injection-in-read-dataset-event-from-classic-dag-nhienit

December 7, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:nhienit2010Link to Submitters Profile:https://hackerone.com/nhienit2010 Report Title:CVE-2024-45498: Apache Airflow Command injection...

HackerOne Bug Bounty Disclosure: -addons-preview-cdn-mozilla-net-a-subdomain-takeover-is-available-via-unregistered-domain-in-fastly-haveaniceday

December 6, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:haveanicedayLink to Submitters Profile:https://hackerone.com/haveaniceday Report Title:mozillanet ] A subdomain takeover is available...

HackerOne Bug Bounty Disclosure: buffer-overflow-vulnerability-in-strcpy-leading-to-remote-code-execution-tix

December 2, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:tix01Link to Submitters Profile:https://hackerone.com/tix01 Report Title:Buffer Overflow Vulnerability in strcpy() Leading to...

HackerOne Bug Bounty Disclosure: open-redirected-by-host-header-black-world

December 2, 2024

Company Name: Localize Company HackerOne URL: https://hackerone.com/localizejs Submitted By:black_worldLink to Submitters Profile:https://hackerone.com/black_world Report Title:open redirected by host headerReport Link:https://hackerone.com/reports/2828499Date Submitted:02...

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-django-utils-html-urlize-mprogrammer

November 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:mprogrammerLink to Submitters Profile:https://hackerone.com/mprogrammer Report Title:CVE-2024-41990: Potential denial-of-service in djangoutilshtmlurlize()Report...

HackerOne Bug Bounty Disclosure: cve-redos-vulnerability-in-rexml-manun

November 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:manunLink to Submitters Profile:https://hackerone.com/manun Report Title:CVE-2024-49761: ReDoS vulnerability in REXMLReport...

HackerOne Bug Bounty Disclosure: rate-limit-bypass-on-passport-acronis-work-using-x-forwarded-for-request-header-analyz-r

November 28, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:analyz3rLink to Submitters Profile:https://hackerone.com/analyz3r Report Title:Rate limit bypass on passportacroniswork using X-Forwarded-For...

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

November 25, 2024

Company Name: Mars Company HackerOne URL: https://hackerone.com/mars Submitted By:the-white-evilLink to Submitters Profile:https://hackerone.com/the-white-evil Report Title:Reflected HTML Injection via contact (faq) search...

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

November 25, 2024

HackerOne Bug Bounty Disclosure: information-exposure-due-to-enabled-debug-mode-thpless

November 25, 2024

Company Name: Mars Company HackerOne URL: https://hackerone.com/mars Submitted By:thplessLink to Submitters Profile:https://hackerone.com/thpless Report Title:Information Exposure due to enabled debug modeReport...

HackerOne Bug Bounty Disclosure: unsubscribe-anyone-from-all-emails-abfe

November 25, 2024

Company Name: Mars Company HackerOne URL: https://hackerone.com/mars Submitted By:abfeLink to Submitters Profile:https://hackerone.com/abfe Report Title:unsubscribe anyone from all emails @ Report...

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

November 22, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:4xpl0r3rLink to Submitters Profile:https://hackerone.com/4xpl0r3r Report Title:`std::process::Command` batch files argument escaping...

HackerOne Bug Bounty Disclosure: dom-based-cookie-bomb-in-acronis-com-via-x-clickref-get-parameter-mr-medi

November 21, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:mr-mediLink to Submitters Profile:https://hackerone.com/mr-medi Report Title:DOM Based Cookie Bomb in *acroniscom via...

HackerOne Bug Bounty Disclosure: external-storage-global-credentials-returned-to-the-client-side-in-plaintext-tuyenee

November 21, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:tuyeneeLink to Submitters Profile:https://hackerone.com/tuyenee Report Title:External storage - global credentials returned to...

HackerOne Bug Bounty Disclosure: csrftoken-not-unique-to-session-or-specific-user-and-csrfmiddlewaretoken-can-be-altered-bashbdeer

November 20, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:bashbdeerLink to Submitters Profile:https://hackerone.com/bashbdeer Report Title:csrftoken not unique to session or specific...

HackerOne Bug Bounty Disclosure: reflected-xss-in-hxxps-www-acronis-com-products-cyber-protect-trial-tomblorg

November 20, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:tomblorgLink to Submitters Profile:https://hackerone.com/tomblorg Report Title:Reflected XSS in hXXps://wwwacroniscom/products/cyber-protect/trial/Report Link:https://hackerone.com/reports/1891926Date Submitted:20 November...

HackerOne Bug Bounty Disclosure: api-data-leak-y-usef

November 20, 2024

Company Name: Planet Labs Company HackerOne URL: https://hackerone.com/planet-labs Submitted By:y0usefLink to Submitters Profile:https://hackerone.com/y0usef Report Title:Api data leakReport Link:https://hackerone.com/reports/1639011Date Submitted:20 November...

Bug Bounty

HackerOne Bug Bounty Disclosure: bypass-of-this-fixed-inadequate-protocol-restriction-enforcement-in-curl-hackeriron

HackerOne Bug Bounty Disclosure: forced-oauth-authorization-using-button-id-in-hash-and-holding-space-j-r-an

HackerOne Bug Bounty Disclosure: nextcloud-mail-does-not-respect-download-permissions-in-shares-rullzer

HackerOne Bug Bounty Disclosure: x-e-ee-signature-verification-can-be-bypassed-leading-to-loss-of-confidentiality-of-end-to-end-encrypted-files-d-xuan

HackerOne Bug Bounty Disclosure: incomplete-sanitization-in-svg-preview-provider-pulsejet

HackerOne Bug Bounty Disclosure: netrc-redirect-credential-leak-nyymi

HackerOne Bug Bounty Disclosure: rce-on-worker-host-due-to-unsanitized-env-variable-name-in-task-definition-on-community-tc-services-mozilla-com-ebrietas

HackerOne Bug Bounty Disclosure: cve-apache-airflow-command-injection-in-read-dataset-event-from-classic-dag-nhienit

HackerOne Bug Bounty Disclosure: -addons-preview-cdn-mozilla-net-a-subdomain-takeover-is-available-via-unregistered-domain-in-fastly-haveaniceday

HackerOne Bug Bounty Disclosure: buffer-overflow-vulnerability-in-strcpy-leading-to-remote-code-execution-tix

HackerOne Bug Bounty Disclosure: open-redirected-by-host-header-black-world

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-django-utils-html-urlize-mprogrammer

HackerOne Bug Bounty Disclosure: cve-redos-vulnerability-in-rexml-manun

HackerOne Bug Bounty Disclosure: rate-limit-bypass-on-passport-acronis-work-using-x-forwarded-for-request-header-analyz-r

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

HackerOne Bug Bounty Disclosure: information-exposure-due-to-enabled-debug-mode-thpless

HackerOne Bug Bounty Disclosure: unsubscribe-anyone-from-all-emails-abfe

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

HackerOne Bug Bounty Disclosure: dom-based-cookie-bomb-in-acronis-com-via-x-clickref-get-parameter-mr-medi

HackerOne Bug Bounty Disclosure: external-storage-global-credentials-returned-to-the-client-side-in-plaintext-tuyenee

HackerOne Bug Bounty Disclosure: csrftoken-not-unique-to-session-or-specific-user-and-csrfmiddlewaretoken-can-be-altered-bashbdeer

HackerOne Bug Bounty Disclosure: reflected-xss-in-hxxps-www-acronis-com-products-cyber-protect-trial-tomblorg

HackerOne Bug Bounty Disclosure: api-data-leak-y-usef

CVE Alert: CVE-2024-11936

CVE Alert: CVE-2024-12334

CVE Alert: CVE-2024-11641

CVE Alert: CVE-2024-13505

CVE Alert: CVE-2024-31906

You may have missed