Bug Bounty

HackerOne Bug Bounty Disclosure: b-names-not-completely-redacted-despite-redact-the-names-of-the-involved-users-is-selected-b-japz

August 29, 2023

Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'japz'Link to Submitters Profile:https://hackerone.com/b'japz' Report Title:b'Names not completely redacted despite "Redact the...

HackerOne Bug Bounty Disclosure: b-idor-delete-all-licenses-and-certifications-from-users-account-using-createorupdatehackercertification-graphql-query-b-callmed

August 29, 2023

Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'callmed0_4'Link to Submitters Profile:https://hackerone.com/b'callmed0_4' Report Title:b'IDOR - Delete all Licenses and certifications...

HackerOne Bug Bounty Disclosure: b-stored-xss-on-promo-indrive-com-b-kristoferent

August 28, 2023

Company Name: b'inDrive' Company HackerOne URL: https://hackerone.com/indrive Submitted By:b'kristoferent'Link to Submitters Profile:https://hackerone.com/b'kristoferent' Report Title:b'Stored XSS on promo.indrive.com'Report Link:https://hackerone.com/reports/2051085Date Submitted:28 August...

HackerOne Bug Bounty Disclosure: b-http-request-smuggling-via-empty-headers-separated-by-cr-b-yadhukrishnam

August 28, 2023

Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'yadhukrishnam'Link to Submitters Profile:https://hackerone.com/b'yadhukrishnam' Report Title:b'HTTP Request Smuggling via Empty...

HackerOne Bug Bounty Disclosure: b-staff-and-triage-can-modify-the-initial-post-of-a-report-including-of-already-disclosed-reports-b-zerotea

August 28, 2023

Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'zerotea'Link to Submitters Profile:https://hackerone.com/b'zerotea' Report Title:b'Staff and Triage can modify the initial...

HackerOne Bug Bounty Disclosure: b-unsanitized-input-goes-to-regex-function-leads-to-redos-that-make-request-hangs-b-shin

August 28, 2023

Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'shin24'Link to Submitters Profile:https://hackerone.com/b'shin24' Report Title:b'unsanitized input goes to regex...

HackerOne Bug Bounty Disclosure: b-jdbc-apache-airflow-provider-code-execution-vulnerability-b-kmhlyxj

August 26, 2023

Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'kmhlyxj0'Link to Submitters Profile:https://hackerone.com/b'kmhlyxj0' Report Title:b'jdbc apache airflow provider code...

HackerOne Bug Bounty Disclosure: b-odbc-apache-airflow-provider-code-execution-vulnerability-b-kmhlyxj

August 26, 2023

HackerOne Bug Bounty Disclosure: b-improper-access-control-on-linkedin-page-b-cybergoddess

August 24, 2023

Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'cybergoddess'Link to Submitters Profile:https://hackerone.com/b'cybergoddess' Report Title:b'Improper access control on Linkedin Page'Report Link:https://hackerone.com/reports/1587246Date...

HackerOne Bug Bounty Disclosure: b-a-unverified-user-can-post-newsletter-which-is-not-allowed-through-application-ui-b-tushar

August 24, 2023

Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'tushar6378'Link to Submitters Profile:https://hackerone.com/b'tushar6378' Report Title:b'A Unverified User Can Post Newsletter (Which...

HackerOne Bug Bounty Disclosure: b-attackers-can-use-trial-premium-only-by-paying-idr-from-the-original-price-of-idr-per-month-b-find-me-here

August 24, 2023

Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'find_me_here'Link to Submitters Profile:https://hackerone.com/b'find_me_here' Report Title:b'Attackers can use TRIAL Premium only by...

HackerOne Bug Bounty Disclosure: b-an-attacker-can-flag-draft-job-posts-and-can-disclose-the-draft-job-posts-details-similar-to-resolved-report-b-tushar

August 24, 2023

HackerOne Bug Bounty Disclosure: b-idor-allows-an-attacker-to-delete-anyone-s-featured-photo-b-adilnbabras

August 24, 2023

Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'adilnbabras'Link to Submitters Profile:https://hackerone.com/b'adilnbabras' Report Title:b"IDOR allows an attacker to delete anyone's...

HackerOne Bug Bounty Disclosure: b-cache-poisoning-allows-redirection-on-js-files-b-youstin

August 24, 2023

Company Name: b'Glassdoor' Company HackerOne URL: https://hackerone.com/glassdoor Submitted By:b'youstin'Link to Submitters Profile:https://hackerone.com/b'youstin' Report Title:b'Cache Poisoning allows redirection on JS files'Report...

HackerOne Bug Bounty Disclosure: b-wiiu-switch-nullptr-dereference-in-the-enl-framework-b-crazy-man

August 22, 2023

Company Name: b'Nintendo' Company HackerOne URL: https://hackerone.com/nintendo Submitted By:b'crazy_man123'Link to Submitters Profile:https://hackerone.com/b'crazy_man123' Report Title:b' nullptr dereference in the ENL framework'Report...

HackerOne Bug Bounty Disclosure: b-cross-origin-resource-sharing-arbitrary-origin-trusted-b-kalendra

August 22, 2023

Company Name: b'Radancy' Company HackerOne URL: https://hackerone.com/radancy Submitted By:b'kalendra456'Link to Submitters Profile:https://hackerone.com/b'kalendra456' Report Title:b'Cross-origin resource sharing: arbitrary origin trusted'Report Link:https://hackerone.com/reports/1848730Date...

HackerOne Bug Bounty Disclosure: b-bypass-of-rxss-at-image-hackerone-live-via-the-url-parameter-b-sudi

August 22, 2023

Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'sudi'Link to Submitters Profile:https://hackerone.com/b'sudi' Report Title:b'Bypass of #2035332 RXSS at image.hackerone.live via...

HackerOne Bug Bounty Disclosure: b-insecure-storage-of-information-you-can-view-any-file-uploaded-to-the-server-without-authentication-and-only-with-a-single-link-b-h

August 21, 2023

Company Name: b'Radancy' Company HackerOne URL: https://hackerone.com/radancy Submitted By:b'h03'Link to Submitters Profile:https://hackerone.com/b'h03' Report Title:b'insecure storage of information, you can view...

HackerOne Bug Bounty Disclosure: b-mk-dx-improper-metadata-parsing-b-crazy-man

August 17, 2023

HackerOne Bug Bounty Disclosure: b-mk-dx-improper-metadata-validation-b-crazy-man

August 17, 2023

HackerOne Bug Bounty Disclosure: b-crlf-to-xss-open-redirection-b-ashrafabdelrazik

August 16, 2023

Company Name: b'TikTok' Company HackerOne URL: https://hackerone.com/tiktok Submitted By:b'ashrafabdelrazik'Link to Submitters Profile:https://hackerone.com/b'ashrafabdelrazik' Report Title:b'CRLF to XSS & Open Redirection'Report Link:https://hackerone.com/reports/2012519Date...

HackerOne Bug Bounty Disclosure: b-unexpected-deserialization-in-kredis-b-ooooooo-q

August 16, 2023

Company Name: b'Ruby on Rails' Company HackerOne URL: https://hackerone.com/rails Submitted By:b'ooooooo_q'Link to Submitters Profile:https://hackerone.com/b'ooooooo_q' Report Title:b'Unexpected deserialization in Kredis'Report Link:https://hackerone.com/reports/1702859Date...

HackerOne Bug Bounty Disclosure: b-renaming-aliasing-relative-symbolic-links-potentially-redirects-them-to-supposedly-inaccessible-locations-b-tniessen

August 15, 2023

Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'tniessen'Link to Submitters Profile:https://hackerone.com/b'tniessen' Report Title:b'Renaming/aliasing relative symbolic links potentially redirects them...

HackerOne Bug Bounty Disclosure: b-yelp-com-xss-ato-via-login-keylogger-link-google-account-b-lil-endian

August 15, 2023

Company Name: b'Yelp' Company HackerOne URL: https://hackerone.com/yelp Submitted By:b'lil_endian'Link to Submitters Profile:https://hackerone.com/b'lil_endian' Report Title:b'yelp.com XSS ATO (via login keylogger, link...

Bug Bounty

HackerOne Bug Bounty Disclosure: b-names-not-completely-redacted-despite-redact-the-names-of-the-involved-users-is-selected-b-japz

HackerOne Bug Bounty Disclosure: b-idor-delete-all-licenses-and-certifications-from-users-account-using-createorupdatehackercertification-graphql-query-b-callmed

HackerOne Bug Bounty Disclosure: b-stored-xss-on-promo-indrive-com-b-kristoferent

HackerOne Bug Bounty Disclosure: b-http-request-smuggling-via-empty-headers-separated-by-cr-b-yadhukrishnam

HackerOne Bug Bounty Disclosure: b-staff-and-triage-can-modify-the-initial-post-of-a-report-including-of-already-disclosed-reports-b-zerotea

HackerOne Bug Bounty Disclosure: b-unsanitized-input-goes-to-regex-function-leads-to-redos-that-make-request-hangs-b-shin

HackerOne Bug Bounty Disclosure: b-jdbc-apache-airflow-provider-code-execution-vulnerability-b-kmhlyxj

HackerOne Bug Bounty Disclosure: b-odbc-apache-airflow-provider-code-execution-vulnerability-b-kmhlyxj

HackerOne Bug Bounty Disclosure: b-improper-access-control-on-linkedin-page-b-cybergoddess

HackerOne Bug Bounty Disclosure: b-a-unverified-user-can-post-newsletter-which-is-not-allowed-through-application-ui-b-tushar

HackerOne Bug Bounty Disclosure: b-attackers-can-use-trial-premium-only-by-paying-idr-from-the-original-price-of-idr-per-month-b-find-me-here

HackerOne Bug Bounty Disclosure: b-an-attacker-can-flag-draft-job-posts-and-can-disclose-the-draft-job-posts-details-similar-to-resolved-report-b-tushar

HackerOne Bug Bounty Disclosure: b-idor-allows-an-attacker-to-delete-anyone-s-featured-photo-b-adilnbabras

HackerOne Bug Bounty Disclosure: b-cache-poisoning-allows-redirection-on-js-files-b-youstin

HackerOne Bug Bounty Disclosure: b-wiiu-switch-nullptr-dereference-in-the-enl-framework-b-crazy-man

HackerOne Bug Bounty Disclosure: b-cross-origin-resource-sharing-arbitrary-origin-trusted-b-kalendra

HackerOne Bug Bounty Disclosure: b-bypass-of-rxss-at-image-hackerone-live-via-the-url-parameter-b-sudi

HackerOne Bug Bounty Disclosure: b-insecure-storage-of-information-you-can-view-any-file-uploaded-to-the-server-without-authentication-and-only-with-a-single-link-b-h

HackerOne Bug Bounty Disclosure: b-mk-dx-improper-metadata-parsing-b-crazy-man

HackerOne Bug Bounty Disclosure: b-mk-dx-improper-metadata-validation-b-crazy-man

HackerOne Bug Bounty Disclosure: b-crlf-to-xss-open-redirection-b-ashrafabdelrazik

HackerOne Bug Bounty Disclosure: b-unexpected-deserialization-in-kredis-b-ooooooo-q

HackerOne Bug Bounty Disclosure: b-renaming-aliasing-relative-symbolic-links-potentially-redirects-them-to-supposedly-inaccessible-locations-b-tniessen

HackerOne Bug Bounty Disclosure: b-yelp-com-xss-ato-via-login-keylogger-link-google-account-b-lil-endian

CVE Alert: CVE-2025-0685

CVE Alert: CVE-2025-0686

CVE Alert: CVE-2025-27423

CVE Alert: CVE-2025-27422

CVE Alert: CVE-2025-27421

You may have missed