HackerOne Bug Bounty Disclosure: cache-purge-requests-are-not-authenticatedbydhananjay09
Programme HackerOne curl curl Submitted by dhananjay09 dhananjay09 Report Cache purge requests are not authenticated Full Report A considerable...
Bug Bounty
HackerOne Bug Bounty Disclosure: stored-xss-on–wordpress-combyriadalrashed
Programme HackerOne Automattic Automattic Submitted by riadalrashed riadalrashed Report Stored XSS on wordpress.com Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: program-managers-can-see-draft-reports-using-export-reports-featurebyalp
Programme HackerOne HackerOne HackerOne Submitted by alp alp Report Program managers can see draft reports using Export Reports feature Full...
HackerOne Bug Bounty Disclosure: oauth-misconfigration-lead-to-account-takeoverbygrayman0x1
Programme HackerOne Reddit Reddit Submitted by grayman0x1 grayman0x1 Report oauth misconfigration lead to account takeover Full Report A considerable...
HackerOne Bug Bounty Disclosure: reflected-xss-via-file-uploadbygrayman0x1
Programme HackerOne Reddit Reddit Submitted by grayman0x1 grayman0x1 Report Reflected XSS via File Upload Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: cve-2020-11022bygrayman0x1
Programme HackerOne Reddit Reddit Submitted by grayman0x1 grayman0x1 Report CVE-2020-11022 Full Report A considerable amount of time and effort...
HackerOne Bug Bounty Disclosure: privilege-esacalation-at-apache-airflow-2-5-1byksw9722
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by ksw9722 ksw9722 Report Privilege Esacalation at Apache Airflow 2.5.1 Full...
HackerOne Bug Bounty Disclosure: cve-2023-28322:-more-post-after-put-confusionbykurohiro
Programme HackerOne curl curl Submitted by kurohiro kurohiro Report CVE-2023-28322: more POST-after-PUT confusion Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: html-injection-in-api-response-including-request-urlbyprilcool
Programme HackerOne Reddit Reddit Submitted by prilcool prilcool Report HTML injection in API response including request url Full Report ...
HackerOne Bug Bounty Disclosure: read-and-message-other-user’s-messagesbybeksem35
Programme HackerOne Reddit Reddit Submitted by beksem35 beksem35 Report read and message other user's messages Full Report A considerable...
HackerOne Bug Bounty Disclosure: broken-links-make-users-from-france-unable-to-understand-the-allowed-content-policybyardyanv1ckyramadhan
Programme HackerOne Reddit Reddit Submitted by ardyanv1ckyramadhan ardyanv1ckyramadhan Report Broken links make users from France unable to understand the allowed...
HackerOne Bug Bounty Disclosure: no-rate-limit-leads-to-spaming-postbytestnsh
Programme HackerOne Reddit Reddit Submitted by testnsh testnsh Report No rate limit leads to spaming post Full Report A...
HackerOne Bug Bounty Disclosure: huge-amount-of-subdomains-takeovers-at-reddit-combyghbjn
Programme HackerOne Reddit Reddit Submitted by ghbjn ghbjn Report Huge amount of Subdomains Takeovers at Reddit.com Full Report A...
HackerOne Bug Bounty Disclosure: [accounts-reddit-com]-redirect-parameter-allows-for-xssbydvorakxl
Programme HackerOne Reddit Reddit Submitted by dvorakxl dvorakxl Report Redirect parameter allows for XSS Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: rate-limit-is-implemented-in-reddit-,-but-its-not-working–byhelloitscyberguard
Programme HackerOne Reddit Reddit Submitted by helloitscyberguard helloitscyberguard Report Rate limit is implemented in Reddit , but its not working...
HackerOne Bug Bounty Disclosure: cve-2023-28321:-idn-wildcard-matchbykurohiro
Programme HackerOne curl curl Submitted by kurohiro kurohiro Report CVE-2023-28321: IDN wildcard match Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: users-can-set-up-workflows-using-restricted-and-invisible-system-tagsbymaxime_le-hericy
Programme HackerOne Nextcloud Nextcloud Submitted by maxime_le-hericy maxime_le-hericy Report Users can set up workflows using restricted and invisible system tags...
HackerOne Bug Bounty Disclosure: cve-2023-28320:-siglongjmp-race-conditionbynyymi
Programme HackerOne curl curl Submitted by nyymi nyymi Report CVE-2023-28320: siglongjmp race condition Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: anyone-can-view-the-results-of-linkedin-skill-test–if-failed-to-earn-a-badge-or-if-the-badge-earned-is-kept-private:-both-cases-results-can-be-viewedbymarvelmaniac
Programme HackerOne LinkedIn LinkedIn Submitted by marvelmaniac marvelmaniac Report Anyone can view the results of linkedin skill test -if failed...
HackerOne Bug Bounty Disclosure: no-rate-limit-while-adding-additional-emails-featurebycryptographer
Programme HackerOne Nextcloud Nextcloud Submitted by cryptographer cryptographer Report No rate limit while adding Additional emails feature Full Report ...
HackerOne Bug Bounty Disclosure: redos-in-time-rfc2822byooooooo_q
Programme HackerOne Ruby Ruby Submitted by ooooooo_q ooooooo_q Report ReDoS in Time.rfc2822 Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: connect-8×8-com:-blind-ssrf-via-/api/v2/chats/image-check-allows-for-internal-ports-scanbyyassinek3ch
Programme HackerOne 8x8 Bounty 8x8 Bounty Submitted by yassinek3ch yassinek3ch Report connect.8x8.com: Blind SSRF via /api/v2/chats/image-check allows for Internal Ports...
HackerOne Bug Bounty Disclosure: default-credentials-on-kinetic-core-system-console—https:///kinetic/app/bywaterlord7788
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by waterlord7788 waterlord7788 Report Default Credentials on Kinetic Core...
HackerOne Bug Bounty Disclosure: exposed-git-repo-on-[htus]bynightm4re
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by nightm4re nightm4re Report Exposed GIT repo on Full...
