HackerOne Bug Bounty Disclosure: regular-expression-denial-of-service-in-headersbysno2
Programme HackerOne Node.js Node.js Submitted by sno2 sno2 Report Regular Expression Denial of Service in Headers Full Report A...
Bug Bounty
HackerOne Bug Bounty Disclosure: rce-vulnerability-in-apache-airflow-providers-apache-sqoop-3-1-0byleixiao
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by leixiao leixiao Report RCE vulnerability in apache-airflow-providers-apache-sqoop 3.1.0 Full Report...
HackerOne Bug Bounty Disclosure: [cve-2022-44268]-arbitrary-remote-leak-via-imagemagickbymikkocarreon
Programme HackerOne HackerOne HackerOne Submitted by mikkocarreon mikkocarreon Report Arbitrary Remote Leak via ImageMagick Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: snowflake-server:-leak-of-tls-packets-from-other-clientsbyhazae41
Programme HackerOne Tor Tor Submitted by hazae41 hazae41 Report Snowflake server: Leak of TLS packets from other clients Full Report...
HackerOne Bug Bounty Disclosure: traffic-amplification-attack-via-discovery-protocolbyluk-matczak
Programme HackerOne IOVLabs IOVLabs Submitted by luk-matczak luk-matczak Report Traffic amplification attack via discovery protocol Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: information-disclosure-of-another-company-bug-on-video-bymanish_adz
Programme HackerOne HackerOne HackerOne Submitted by manish_adz manish_adz Report information disclosure of another company bug on video. Full Report A...
HackerOne Bug Bounty Disclosure: scope-information-is-leaked-when-visiting-policy-scopes-tab-of-any-external-programbyburaaqsec
Programme HackerOne HackerOne HackerOne Submitted by buraaqsec buraaqsec Report Scope information is leaked when visiting policy scopes tab of any...
HackerOne Bug Bounty Disclosure: stored-xss-on-www-hackerone-com-due-to-deleted-s3-bucket-from-old-page_widgetbyfransrosen
Programme HackerOne HackerOne HackerOne Submitted by fransrosen fransrosen Report Stored XSS on www.hackerone.com due to deleted S3-bucket from old page_widget...
HackerOne Bug Bounty Disclosure: improper-handling-of-null-bytes-in-github-actions-runner-allows-an-attacker-to-set-arbitrary-environment-variablesbyryotak
Programme HackerOne GitHub GitHub Submitted by ryotak ryotak Report Improper handling of null bytes in GitHub Actions Runner allows an...
HackerOne Bug Bounty Disclosure: rxss-on-https://travel-state-gov/content/travel/en/search-htmlbytmz900
Programme HackerOne U.S. Department of State U.S. Department of State Submitted by tmz900 tmz900 Report RXSS on https://travel.state.gov/content/travel/en/search.html Full Report...
HackerOne Bug Bounty Disclosure: mail-app-stores-cleartext-password-in-database-until-oauth2-setup-is-donebychristophwurst
Programme HackerOne Nextcloud Nextcloud Submitted by christophwurst christophwurst Report Mail app stores cleartext password in database until OAUTH2 setup is...
HackerOne Bug Bounty Disclosure: object-injection-in-`stripe-billing-typographic`-github-project-via-/auth/loginbyphor3nsic
Programme HackerOne Stripe Stripe Submitted by phor3nsic phor3nsic Report Object injection in `stripe-billing-typographic` GitHub project via /auth/login Full Report A...
HackerOne Bug Bounty Disclosure: extraction-of-pages-build-scripts,-config-values,-tokens,-etc–via-symlinksbymattipv4
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by mattipv4 mattipv4 Report Extraction of Pages build scripts,...
HackerOne Bug Bounty Disclosure: argo-cd-reconciles-apps-outside-configured-namespaces-when-sharding-is-enabledbyczchen
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by czchen czchen Report Argo CD reconciles apps outside configured namespaces...
HackerOne Bug Bounty Disclosure: targeted-phishing-attacks-in-login-flow-v2byrtod
Programme HackerOne Nextcloud Nextcloud Submitted by rtod rtod Report Targeted phishing attacks in Login flow v2 Full Report A considerable...
HackerOne Bug Bounty Disclosure: direct-access-to-tox-ini-file-which-is-contain-configuration-detailsbymsgandole
Programme HackerOne Yelp Yelp Submitted by msgandole msgandole Report Direct access to tox.ini file which is contain configuration details Full...
HackerOne Bug Bounty Disclosure: html-injection-in-the-invoice-memos-fieldbysn-shyk
Programme HackerOne Stripe Stripe Submitted by sn-shyk sn-shyk Report HTML Injection in the Invoice memos field Full Report A considerable...
HackerOne Bug Bounty Disclosure: messages-can-still-be-seen-on-conversation-after-expiring-when-cron-is-misconfiguredbyctulhu
Programme HackerOne Nextcloud Nextcloud Submitted by ctulhu ctulhu Report Messages can still be seen on conversation after expiring when cron...
BugCrowd Bug Bounty Disclosure: – Information Disclosure of sensitive data CVE-2017-5487 – By Pikachu_sec
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: fee-discounts-can-be-redeemed-many-times,-resulting-in-unlimited-fee-free-transactionsbyian
Programme HackerOne Stripe Stripe Submitted by ian ian Report Fee discounts can be redeemed many times, resulting in unlimited fee-free...
HackerOne Bug Bounty Disclosure: stored-xss-on-app-crowdsignal-com–your-subdomain-crowdsignal-net-via-thank-you-headerby0xwega74
Programme HackerOne Automattic Automattic Submitted by 0xwega74 0xwega74 Report Stored XSS on app.crowdsignal.com your-subdomain.crowdsignal.net via Thank You Header Full Report...
HackerOne Bug Bounty Disclosure: download-permissions-can-be-changed-by-resharerbyrullzer
Programme HackerOne Nextcloud Nextcloud Submitted by rullzer rullzer Report Download permissions can be changed by resharer Full Report A considerable...
HackerOne Bug Bounty Disclosure: sql-injection-+-insecure-deserialization-leads-to-remote-code-execution-on-https://krisp-aibymikemyers
Programme HackerOne Krisp Krisp Submitted by mikemyers mikemyers Report SQL Injection + Insecure Deserialization leads to Remote Code Execution on...
HackerOne Bug Bounty Disclosure: crlf-injection-in-nodejs-undici-via-hostbytimon8
Programme HackerOne Node.js Node.js Submitted by timon8 timon8 Report CRLF Injection in Nodejs undici via host Full Report A considerable...
