Bug Bounty

HackerOne Bug Bounty Disclosure: worker-permission-bypass-via-internalworker-leak-in-diagnostics-leodog

January 21, 2025

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:leodog896Link to Submitters Profile:https://hackerone.com/leodog896 Report Title:Worker permission bypass via InternalWorker leak in...

HackerOne Bug Bounty Disclosure: cve-apache-airflow-format-string-vulnerability-leixiao

January 18, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:leixiaoLink to Submitters Profile:https://hackerone.com/leixiao Report Title:CVE-2022-40604: Apache Airflow: Format String...

HackerOne Bug Bounty Disclosure: object-level-access-control-leads-to-reading-user-s-full-requests-sessions-and-error-messages-mester-x

January 18, 2025

Company Name: Yelp Company HackerOne URL: https://hackerone.com/yelp Submitted By:mester_xLink to Submitters Profile:https://hackerone.com/mester_x Report Title:Object Level access control leads to reading...

HackerOne Bug Bounty Disclosure: netrc-and-redirect-credential-leak-nyymi

January 15, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:nyymiLink to Submitters Profile:https://hackerone.com/nyymi Report Title:netrc and redirect credential leakReport...

HackerOne Bug Bounty Disclosure: critical-data-breach-big-data-for-all-domains-shezxi

January 14, 2025

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:shezxiLink to Submitters Profile:https://hackerone.com/shezxi Report Title:Critical Data Breach - Big Data for...

HackerOne Bug Bounty Disclosure: blind-ssrf-vulnerability-in-appstore-release-upload-form-offensiveops

January 14, 2025

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:offensiveopsLink to Submitters Profile:https://hackerone.com/offensiveops Report Title:Blind SSRF Vulnerability in Appstore Release Upload...

HackerOne Bug Bounty Disclosure: waf-bypass-and-java-script-incomplete-handling-of-unicode-characters-might-leads-to-dom-xss-clubbable

January 13, 2025

Company Name: Doppler Company HackerOne URL: https://hackerone.com/doppler Submitted By:clubbableLink to Submitters Profile:https://hackerone.com/clubbable Report Title:WAF bypass and java script incomplete handling...

HackerOne Bug Bounty Disclosure: unauthenticated-path-traversal-and-command-injection-in-trellix-enterprise-security-manager-r-v

January 12, 2025

Company Name: Trellix Company HackerOne URL: https://hackerone.com/trellix Submitted By:r4vLink to Submitters Profile:https://hackerone.com/r4v Report Title:Unauthenticated Path Traversal and Command Injection in...

HackerOne Bug Bounty Disclosure: yet-another-otp-code-leaked-in-the-api-response-tinopreter

January 8, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:tinopreterLink to Submitters Profile:https://hackerone.com/tinopreter Report Title:Yet Another OTP code Leaked in...

HackerOne Bug Bounty Disclosure: otp-code-leaked-in-api-response-tinopreter

January 8, 2025

HackerOne Bug Bounty Disclosure: sql-injection-in-url-path-leads-to-database-access-tinopreter

January 8, 2025

HackerOne Bug Bounty Disclosure: bypass-email-verification-on-add-email-monitoring-dotxml

January 7, 2025

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:dotxmlLink to Submitters Profile:https://hackerone.com/dotxml Report Title:Bypass Email Verification on Add Email MonitoringReport...

HackerOne Bug Bounty Disclosure: lack-of-url-validation-in-avatarurl-at-v-profile-marcotuliocnd

December 28, 2024

Company Name: Truecaller Company HackerOne URL: https://hackerone.com/truecaller Submitted By:marcotuliocndLink to Submitters Profile:https://hackerone.com/marcotuliocnd Report Title:Lack of URL Validation in avatarUrl at...

HackerOne Bug Bounty Disclosure: -oem-acronis-com-reflected-cross-site-scripting-darkdream

December 28, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:darkdreamLink to Submitters Profile:https://hackerone.com/darkdream Report Title:acroniscom] Reflected Cross Site Scripting Report Link:https://hackerone.com/reports/2038943Date...

HackerOne Bug Bounty Disclosure: a-potential-risk-in-the-aws-lambda-ecs-run-task-which-can-be-used-to-privilege-escalation-zolaer

December 27, 2024

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:zolaer9527Link to Submitters Profile:https://hackerone.com/zolaer9527 Report Title:A potential risk in the aws-lambda-ecs-run-task...

HackerOne Bug Bounty Disclosure: hackers-attack-curl-vulnerability-accessing-sensitive-information-scottarterbury

December 27, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:scottarterburyLink to Submitters Profile:https://hackerone.com/scottarterbury Report Title:Hackers Attack Curl Vulnerability Accessing Sensitive InformationReport...

HackerOne Bug Bounty Disclosure: reflected-xss-on-amazon-ec-instance-perigou

December 24, 2024

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:perigouLink to Submitters Profile:https://hackerone.com/perigou Report Title:Reflected XSS on Amazon EC2 InstanceReport...

HackerOne Bug Bounty Disclosure: cve-perigou

December 24, 2024

HackerOne Bug Bounty Disclosure: access-to-limited-confidential-information-of-private-program-as-a-ex-reporter-report-participant-external-user-ex-staff-member-sarthakbhingare

December 24, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:sarthakbhingare015Link to Submitters Profile:https://hackerone.com/sarthakbhingare015 Report Title:Access to limited confidential information of private...

HackerOne Bug Bounty Disclosure: bypass-upgrade-to-add-project-restriction-in-free-account-to-create-multiple-projects-without-upgrading-mrm-nk

December 20, 2024

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:mrm0nkLink to Submitters Profile:https://hackerone.com/mrm0nk Report Title:Bypass "Upgrade To Add Project" Restriction in...

HackerOne Bug Bounty Disclosure: bypass-of-this-fixed-inadequate-protocol-restriction-enforcement-in-curl-hackeriron

December 19, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:hackeriron1Link to Submitters Profile:https://hackerone.com/hackeriron1 Report Title:bypass of this Fixed #2437131 Report Link:https://hackerone.com/reports/2905552Date...

HackerOne Bug Bounty Disclosure: forced-oauth-authorization-using-button-id-in-hash-and-holding-space-j-r-an

December 17, 2024

Company Name: LinkedIn Company HackerOne URL: https://hackerone.com/linkedin Submitted By:j0r1anLink to Submitters Profile:https://hackerone.com/j0r1an Report Title:Forced OAuth authorization using button ID in...

HackerOne Bug Bounty Disclosure: x-e-ee-signature-verification-can-be-bypassed-leading-to-loss-of-confidentiality-of-end-to-end-encrypted-files-d-xuan

December 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:d-xuanLink to Submitters Profile:https://hackerone.com/d-xuan Report Title:X-E2EE-SIGNATURE verification can be bypassed, leading to...

HackerOne Bug Bounty Disclosure: incomplete-sanitization-in-svg-preview-provider-pulsejet

December 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:pulsejetLink to Submitters Profile:https://hackerone.com/pulsejet Report Title:Incomplete sanitization in SVG preview providerReport Link:https://hackerone.com/reports/2484499Date...

Bug Bounty

HackerOne Bug Bounty Disclosure: worker-permission-bypass-via-internalworker-leak-in-diagnostics-leodog

HackerOne Bug Bounty Disclosure: cve-apache-airflow-format-string-vulnerability-leixiao

HackerOne Bug Bounty Disclosure: object-level-access-control-leads-to-reading-user-s-full-requests-sessions-and-error-messages-mester-x

HackerOne Bug Bounty Disclosure: netrc-and-redirect-credential-leak-nyymi

HackerOne Bug Bounty Disclosure: critical-data-breach-big-data-for-all-domains-shezxi

HackerOne Bug Bounty Disclosure: blind-ssrf-vulnerability-in-appstore-release-upload-form-offensiveops

HackerOne Bug Bounty Disclosure: waf-bypass-and-java-script-incomplete-handling-of-unicode-characters-might-leads-to-dom-xss-clubbable

HackerOne Bug Bounty Disclosure: unauthenticated-path-traversal-and-command-injection-in-trellix-enterprise-security-manager-r-v

HackerOne Bug Bounty Disclosure: yet-another-otp-code-leaked-in-the-api-response-tinopreter

HackerOne Bug Bounty Disclosure: otp-code-leaked-in-api-response-tinopreter

HackerOne Bug Bounty Disclosure: sql-injection-in-url-path-leads-to-database-access-tinopreter

HackerOne Bug Bounty Disclosure: bypass-email-verification-on-add-email-monitoring-dotxml

HackerOne Bug Bounty Disclosure: lack-of-url-validation-in-avatarurl-at-v-profile-marcotuliocnd

HackerOne Bug Bounty Disclosure: -oem-acronis-com-reflected-cross-site-scripting-darkdream

HackerOne Bug Bounty Disclosure: a-potential-risk-in-the-aws-lambda-ecs-run-task-which-can-be-used-to-privilege-escalation-zolaer

HackerOne Bug Bounty Disclosure: hackers-attack-curl-vulnerability-accessing-sensitive-information-scottarterbury

HackerOne Bug Bounty Disclosure: reflected-xss-on-amazon-ec-instance-perigou

HackerOne Bug Bounty Disclosure: cve-perigou

HackerOne Bug Bounty Disclosure: access-to-limited-confidential-information-of-private-program-as-a-ex-reporter-report-participant-external-user-ex-staff-member-sarthakbhingare

HackerOne Bug Bounty Disclosure: bypass-upgrade-to-add-project-restriction-in-free-account-to-create-multiple-projects-without-upgrading-mrm-nk

HackerOne Bug Bounty Disclosure: bypass-of-this-fixed-inadequate-protocol-restriction-enforcement-in-curl-hackeriron

HackerOne Bug Bounty Disclosure: forced-oauth-authorization-using-button-id-in-hash-and-holding-space-j-r-an

HackerOne Bug Bounty Disclosure: x-e-ee-signature-verification-can-be-bypassed-leading-to-loss-of-confidentiality-of-end-to-end-encrypted-files-d-xuan

HackerOne Bug Bounty Disclosure: incomplete-sanitization-in-svg-preview-provider-pulsejet

CVE Alert: CVE-2025-1813

CVE Alert: CVE-2025-1815

CVE Alert: CVE-2025-1814

CVE Alert: CVE-2025-1816

CVE Alert: CVE-2025-1817

You may have missed