Bug Bounty

HackerOne Bug Bounty Disclosure: xss-in-html-generated-by-rdoc-ooooooo-q

July 18, 2023

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:XSS in HTML generated by RDocReport Link:https://hackerone.com/reports/1187156Date...

HackerOne Bug Bounty Disclosure: stored-xss-in-rdoc-hyperlinks-through-javascript-scheme-sighook

July 18, 2023

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:sighookLink to Submitters Profile:https://hackerone.com/sighook Report Title:Stored XSS in RDoc hyperlinks through javascript...

HackerOne Bug Bounty Disclosure: arbitrary-file-injection-via-symlink-attack-in-rdoc-generator-sighook

July 18, 2023

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:sighookLink to Submitters Profile:https://hackerone.com/sighook Report Title:Arbitrary file injection via symlink attack in...

HackerOne Bug Bounty Disclosure: rdoc-methodattr-is-vulnerable-to-regular-expression-denial-of-service-redos-sighook

July 18, 2023

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:sighookLink to Submitters Profile:https://hackerone.com/sighook Report Title:RDoc::MethodAttr is vulnerable to Regular Expression Denial...

HackerOne Bug Bounty Disclosure: xss-exploit-of-rdoc-documentation-generated-by-rdoc-sighook

July 18, 2023

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:sighookLink to Submitters Profile:https://hackerone.com/sighook Report Title:XSS exploit of RDoc documentation generated by...

HackerOne Bug Bounty Disclosure: xss-exploit-of-rdoc-documentation-generated-by-rdoc-cve-sighook

July 18, 2023

HackerOne Bug Bounty Disclosure: subscription-check-bypass-of-nordvpn-service-tlsh

July 17, 2023

Company Name: Nord Security Company HackerOne URL: https://hackerone.com/nordsecurity Submitted By:tlsh1Link to Submitters Profile:https://hackerone.com/tlsh1 Report Title:Subscription check bypass of NordVPN serviceReport...

HackerOne Bug Bounty Disclosure: an-idor-that-can-lead-to-enumeration-of-a-user-and-disclosure-of-email-and-phone-number-within-cashier-miquinho

July 17, 2023

Company Name: Unikrn Company HackerOne URL: https://hackerone.com/unikrn Submitted By:miquinhoLink to Submitters Profile:https://hackerone.com/miquinho Report Title:An IDOR that can lead to enumeration...

HackerOne Bug Bounty Disclosure: an-attacker-can-can-view-any-hacker-email-via-savecollaboratorsmutation-operation-name–xrayan

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0xrayan1996Link to Submitters Profile:https://hackerone.com/0xrayan1996 Report Title:An attacker can can view any hacker...

HackerOne Bug Bounty Disclosure: endpoint-disclosing-user-password-team-tsk

July 14, 2023

Company Name: Newegg Company HackerOne URL: https://hackerone.com/newegg Submitted By:team_tskLink to Submitters Profile:https://hackerone.com/team_tsk Report Title:Endpoint disclosing user passwordReport Link:https://hackerone.com/reports/1986731Date Submitted:05 July...

HackerOne Bug Bounty Disclosure: metamask-browser-url-and-transaction-origin-spoofing-metamask-wallet-android-metamask-wallet-ios-renekroka

July 14, 2023

Company Name: MetaMask Company HackerOne URL: https://hackerone.com/metamask Submitted By:renekrokaLink to Submitters Profile:https://hackerone.com/renekroka Report Title:MetaMask Browser URL and Transaction Origin Spoofing...

HackerOne Bug Bounty Disclosure: indriver-job-admin-approval-bypass-mikejohnson

July 14, 2023

Company Name: inDrive Company HackerOne URL: https://hackerone.com/indrive Submitted By:mikejohnson_1Link to Submitters Profile:https://hackerone.com/mikejohnson_1 Report Title:inDriver Job - Admin Approval BypassReport Link:https://hackerone.com/reports/1861487Date...

HackerOne Bug Bounty Disclosure: improper-authentication-inside-the-rockstar-games-launcher-which-leads-to-account-takeover-to-some-extend–xshivam

July 14, 2023

Company Name: Rockstar Games Company HackerOne URL: https://hackerone.com/rockstargames Submitted By:0xshivamLink to Submitters Profile:https://hackerone.com/0xshivam Report Title:Improper Authentication inside the Rockstar Games...

HackerOne Bug Bounty Disclosure: internal-machine-learning-api-endpoint-for-cwe-classification-is-vulnerable-to-path-traversal-jobert

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:jobertLink to Submitters Profile:https://hackerone.com/jobert Report Title:Internal machine learning API endpoint for CWE...

HackerOne Bug Bounty Disclosure: banned-user-still-able-to-invited-to-reports-as-a-collabrator-and-reset-the-password-light-r

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:light3rLink to Submitters Profile:https://hackerone.com/light3r Report Title:Banned user still able to invited to...

HackerOne Bug Bounty Disclosure: arbitrary-file-write-triggered-by-deeplink-abuse-metamask-android-hackerontwowheels

July 14, 2023

Company Name: MetaMask Company HackerOne URL: https://hackerone.com/metamask Submitted By:hackerontwowheelsLink to Submitters Profile:https://hackerone.com/hackerontwowheels Report Title:Arbitrary file write triggered by deeplink abuse...

HackerOne Bug Bounty Disclosure: basic-xss-waf-bypasses-mega

July 14, 2023

Company Name: Cloudflare Public Bug Bounty Company HackerOne URL: https://hackerone.com/cloudflare Submitted By:mega7Link to Submitters Profile:https://hackerone.com/mega7 Report Title:Basic XSS Report Link:https://hackerone.com/reports/1615743Date...

HackerOne Bug Bounty Disclosure: server-side-rce-through-directory-traversal-based-arbitrary-file-write-fabianfreyer

July 14, 2023

Company Name: Rocket.Chat Company HackerOne URL: https://hackerone.com/rocket_chat Submitted By:fabianfreyerLink to Submitters Profile:https://hackerone.com/fabianfreyer Report Title:Server-side RCE through directory traversal-based arbitrary file...

HackerOne Bug Bounty Disclosure: -m-reports-on-hackerone-celebration-ability-to-bulk-submit-many-reports-nagli

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:nagliLink to Submitters Profile:https://hackerone.com/nagli Report Title:2M Reports on HackerOne Celebration! - Ability...

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-leading-to-xss-using-svg-tag-haqpl

July 14, 2023

Company Name: Ruby on Rails Company HackerOne URL: https://hackerone.com/rails Submitted By:haqplLink to Submitters Profile:https://hackerone.com/haqpl Report Title:ActionView sanitize helper bypass leading...

HackerOne Bug Bounty Disclosure: xss-r-vcc-na-x-com-ssharmaz

July 14, 2023

Company Name: 8x8 Company HackerOne URL: https://hackerone.com/8x8 Submitted By:ssharmazLink to Submitters Profile:https://hackerone.com/ssharmaz Report Title:xss(r) vcc-na11.8x8.comReport Link:https://hackerone.com/reports/1392733Date Submitted:10 July 2023 A...

Bug Bounty

HackerOne Bug Bounty Disclosure: xss-in-html-generated-by-rdoc-ooooooo-q

HackerOne Bug Bounty Disclosure: stored-xss-in-rdoc-hyperlinks-through-javascript-scheme-sighook

HackerOne Bug Bounty Disclosure: arbitrary-file-injection-via-symlink-attack-in-rdoc-generator-sighook

HackerOne Bug Bounty Disclosure: rdoc-methodattr-is-vulnerable-to-regular-expression-denial-of-service-redos-sighook

HackerOne Bug Bounty Disclosure: xss-exploit-of-rdoc-documentation-generated-by-rdoc-sighook

HackerOne Bug Bounty Disclosure: xss-exploit-of-rdoc-documentation-generated-by-rdoc-cve-sighook

HackerOne Bug Bounty Disclosure: subscription-check-bypass-of-nordvpn-service-tlsh

HackerOne Bug Bounty Disclosure: an-idor-that-can-lead-to-enumeration-of-a-user-and-disclosure-of-email-and-phone-number-within-cashier-miquinho

HackerOne Bug Bounty Disclosure: an-attacker-can-can-view-any-hacker-email-via-savecollaboratorsmutation-operation-name–xrayan

HackerOne Bug Bounty Disclosure: endpoint-disclosing-user-password-team-tsk

HackerOne Bug Bounty Disclosure: metamask-browser-url-and-transaction-origin-spoofing-metamask-wallet-android-metamask-wallet-ios-renekroka

HackerOne Bug Bounty Disclosure: indriver-job-admin-approval-bypass-mikejohnson

HackerOne Bug Bounty Disclosure: improper-authentication-inside-the-rockstar-games-launcher-which-leads-to-account-takeover-to-some-extend–xshivam

HackerOne Bug Bounty Disclosure: internal-machine-learning-api-endpoint-for-cwe-classification-is-vulnerable-to-path-traversal-jobert

HackerOne Bug Bounty Disclosure: banned-user-still-able-to-invited-to-reports-as-a-collabrator-and-reset-the-password-light-r

HackerOne Bug Bounty Disclosure: arbitrary-file-write-triggered-by-deeplink-abuse-metamask-android-hackerontwowheels

HackerOne Bug Bounty Disclosure: basic-xss-waf-bypasses-mega

HackerOne Bug Bounty Disclosure: server-side-rce-through-directory-traversal-based-arbitrary-file-write-fabianfreyer

HackerOne Bug Bounty Disclosure: -m-reports-on-hackerone-celebration-ability-to-bulk-submit-many-reports-nagli

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-leading-to-xss-using-svg-tag-haqpl

HackerOne Bug Bounty Disclosure: xss-r-vcc-na-x-com-ssharmaz

HackerOne Bug Bounty Disclosure: rce-via-npm-misconfig-installing-internal-libraries-from-the-public-registry-x-loser

HackerOne Bug Bounty Disclosure: rate-limit-missing-sign-in-page-dreamer-eh

HackerOne Bug Bounty Disclosure: csrf-protection-bypass-on-tiktok-webcast-endpoints-zerody

HackerOne Bug Bounty Disclosure: sql-injection-in-url-path-leads-to-database-access-tinopreter

HackerOne Bug Bounty Disclosure: otp-code-leaked-in-api-response-tinopreter

HackerOne Bug Bounty Disclosure: yet-another-otp-code-leaked-in-the-api-response-tinopreter

[AKIRA] – Ransomware Victim: Press Color

CVE Alert: CVE-2024-12430

You may have missed