HackerOne Bug Bounty Disclosure: any-user-can-vote-on-`friend-only`-video-pullbymrhavit
Programme HackerOne TikTok TikTok Submitted by mrhavit mrhavit Report Any user can vote on `Friend Only` video pull Full Report...
Bug Bounty
HackerOne Bug Bounty Disclosure: github-apps-can-use-scoped-user-to-server-tokens-to-obtain-full-access-to-user’s-projects-in-project-v2-graphql-apibyahacker1
Programme HackerOne GitHub GitHub Submitted by ahacker1 ahacker1 Report Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to...
HackerOne Bug Bounty Disclosure: using-special-ipv4-mapped-ipv6-addresses-to-bypass-local-ip-banbyalbertspedersen
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by albertspedersen albertspedersen Report Using special IPv4-mapped IPv6 addresses...
HackerOne Bug Bounty Disclosure: xss-on-link-and-window-openerbypisarenko
Programme HackerOne Slack Slack Submitted by pisarenko pisarenko Report XSS on link and window.opener Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: 1-click-account-takeover-via-deeplink-in-[com-kayak-android]byretr02332
Programme HackerOne KAYAK KAYAK Submitted by retr02332 retr02332 Report 1 click Account takeover via deeplink in Full Report A considerable...
HackerOne Bug Bounty Disclosure: private-information-exposed-through-graphql-search-endpoints-aggregatesbyreigertje
Programme HackerOne HackerOne HackerOne Submitted by reigertje reigertje Report Private information exposed through GraphQL search endpoints aggregates Full Report A...
HackerOne Bug Bounty Disclosure: github-security-lab-(ghsl)-vulnerability-report:-insufficient-path-validation-in-receiveexternalfilesactivity-java-(ghsl-2022-060)byatorralba
Programme HackerOne ownCloud ownCloud Submitted by atorralba atorralba Report GitHub Security Lab (GHSL) Vulnerability Report: Insufficient path validation in ReceiveExternalFilesActivity.java...
HackerOne Bug Bounty Disclosure: uninstalling-mattermost-launcher-for-windows-(64-bit),-then-reinstalling-keeps-you-logged-in-without-authenticationbyannonmous
Programme HackerOne Mattermost Mattermost Submitted by annonmous annonmous Report Uninstalling Mattermost Launcher for Windows (64-bit), then reinstalling keeps you logged...
BugCrowd Bug Bounty Disclosure: – Improper Authorization – Second (Additional) Driver can list “add-driver” invitation links – By sagarparmar121
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: github-app-privilege-escalation-to-administrator/owner-of-the-organizationbyvaib25vicky
Programme HackerOne GitHub GitHub Submitted by vaib25vicky vaib25vicky Report Github app Privilege Escalation to Administrator/Owner of the Organization Full Report...
HackerOne Bug Bounty Disclosure: reference-caching-can-leak-data-to-unauthorized-usersbysystemkeeper
Programme HackerOne Nextcloud Nextcloud Submitted by systemkeeper systemkeeper Report Reference caching can leak data to unauthorized users Full Report A...
HackerOne Bug Bounty Disclosure: csrf-vulnerability-in-nextcloud-desktop-client-3-6-1-on-windows-when-clicking-malicious-linkbylukasreschke
Programme HackerOne Nextcloud Nextcloud Submitted by lukasreschke lukasreschke Report CSRF vulnerability in Nextcloud Desktop Client 3.6.1 on Windows when clicking...
HackerOne Bug Bounty Disclosure: take-over-subdomain-undici-nodejs-org-cdn-cloudflare-netbyalgisec1337
Programme HackerOne Node.js Node.js Submitted by algisec1337 algisec1337 Report Take over subdomain undici.nodejs.org.cdn.cloudflare.net Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: security-issue-into-wallet-lock-protectionbybug_vs_me
Programme HackerOne Hiro Hiro Submitted by bug_vs_me bug_vs_me Report Security Issue into Wallet lock protection Full Report A considerable amount...
BugCrowd Bug Bounty Disclosure: – I found a text injection – By Orange_hacker
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: cross-origin-resource-sharing-misconfigurationbyparshwa_21
Programme HackerOne Acronis Acronis Submitted by parshwa_21 parshwa_21 Report Cross Origin Resource Sharing Misconfiguration Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: origin-ip-address-disclosure-through-pingora-response-headerbysmither
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by smither smither Report Origin IP address disclosure through...
HackerOne Bug Bounty Disclosure: missing-character-limitation-allows-to-put-generate-a-database-errorbyerror_2001
Programme HackerOne Nextcloud Nextcloud Submitted by error_2001 error_2001 Report Missing character limitation allows to put generate a database error Full...
HackerOne Bug Bounty Disclosure: passcode-bypass-on-talk-android-appbyctulhu
Programme HackerOne Nextcloud Nextcloud Submitted by ctulhu ctulhu Report Passcode bypass on Talk Android app Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: possibility-to-delete-files-attached-to-deck-cards-of-other-usersbysupr4s
Programme HackerOne Nextcloud Nextcloud Submitted by supr4s supr4s Report Possibility to delete files attached to deck cards of other users...
HackerOne Bug Bounty Disclosure: race-condition-in-joining-ctf-groupbyzeyu2001
Programme HackerOne HackerOne HackerOne Submitted by zeyu2001 zeyu2001 Report Race condition in joining CTF group Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: heic-image-preview-can-be-used-to-invoke-imagickbylukasreschkenc
Programme HackerOne Nextcloud Nextcloud Submitted by lukasreschkenc lukasreschkenc Report HEIC image preview can be used to invoke Imagick Full Report...
HackerOne Bug Bounty Disclosure: cve-2022-40127:-rce-in-apache-airflow-<2-4-0-bash-examplebyleixiao
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by leixiao leixiao Report CVE-2022-40127: RCE in Apache Airflow
HackerOne Bug Bounty Disclosure: csv-injection-at-https://assets-paris-demo-codefi-network/bydoosec101
Programme HackerOne Consensys Consensys Submitted by doosec101 doosec101 Report CSV Injection at https://assets-paris-demo.codefi.network/ Full Report A considerable amount of time...
