HackerOne Bug Bounty Disclosure: address-bar-spoofing-on-tor-browserbysoulhunter
Programme HackerOne Tor Tor Submitted by soulhunter soulhunter Report Address Bar Spoofing on TOR Browser Full Report A considerable amount...
Bug Bounty
HackerOne Bug Bounty Disclosure: redos-(rails::html::permitscrubber-scrub_attribute)byooooooo_q
Programme HackerOne Ruby on Rails Ruby on Rails Submitted by ooooooo_q ooooooo_q Report ReDoS (Rails::Html::PermitScrubber.scrub_attribute) Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: disabled-download-shares-still-allow-download-through-preview-imagesbyjuliushaertl
Programme HackerOne Nextcloud Nextcloud Submitted by juliushaertl juliushaertl Report Disabled download shares still allow download through preview images Full Report...
HackerOne Bug Bounty Disclosure: no-password-length-limit-when-creating-a-user-as-an-administratorbyhackeronefour
Programme HackerOne Nextcloud Nextcloud Submitted by hackeronefour hackeronefour Report No password length limit when creating a user as an administrator...
HackerOne Bug Bounty Disclosure: guests-can-continue-to-receive-video-streams-from-call-after-being-removed-from-a-conversationbydaniel_calvino_sanchez
Programme HackerOne Nextcloud Nextcloud Submitted by daniel_calvino_sanchez daniel_calvino_sanchez Report Guests can continue to receive video streams from call after being...
HackerOne Bug Bounty Disclosure: dom-based-xss-on-parameter-?vsid=bydracoludio
Programme HackerOne JetBlue JetBlue Submitted by dracoludio dracoludio Report Dom-Based XSS on parameter ?vsid= Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: s3-bucket-takeover-[learn2-khanacademy-org]byfdeleite
Programme HackerOne Khan Academy Khan Academy Submitted by fdeleite fdeleite Report S3 bucket takeover Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: chained-open-redirects-and-use-of-ideographic-full-stop-defeat-twitter’s–approach-to-blocking-linksbyjub0bs
Programme HackerOne Twitter Twitter Submitted by jub0bs jub0bs Report Chained open redirects and use of Ideographic Full Stop defeat Twitter's...
HackerOne Bug Bounty Disclosure: smtp-command-injection-in-appointment-emails-via-newlinesbyspaceraccoon
Programme HackerOne Nextcloud Nextcloud Submitted by spaceraccoon spaceraccoon Report SMTP Command Injection in Appointment Emails via Newlines Full Report A...
HackerOne Bug Bounty Disclosure: cve-2022-43552:-http-proxy-deny-use-after-freebybagder
Programme HackerOne curl curl Submitted by bagder bagder Report CVE-2022-43552: HTTP Proxy deny use-after-free Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: account-takeover—improper-validation-of-jwt-signature-(with-regards–to-experiation-date-claim)bytwelvesix
Programme HackerOne Linktree Linktree Submitted by twelvesix twelvesix Report Account takeover - improper validation of jwt signature (with regards to...
HackerOne Bug Bounty Disclosure: nextcloudcmd-incorrectly-trusts-bad-tls-certificatesbytobiaskaminsky
Programme HackerOne Nextcloud Nextcloud Submitted by tobiaskaminsky tobiaskaminsky Report nextcloudcmd incorrectly trusts bad TLS certificates Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: exposure-of-admin-username-&-passwordbycoyemerald
Programme HackerOne MTN Group MTN Group Submitted by coyemerald coyemerald Report Exposure Of Admin Username & Password Full Report A...
HackerOne Bug Bounty Disclosure: developer-mistakebycoyemerald
Programme HackerOne MTN Group MTN Group Submitted by coyemerald coyemerald Report Developer Mistake Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: talk-android-broadcast-receiver-is-not-protected-by-broadcastpermission-allowing-malicious-apps-to-communicatebyandyscherzinger
Programme HackerOne Nextcloud Nextcloud Submitted by andyscherzinger andyscherzinger Report Talk Android broadcast receiver is not protected by broadcastPermission allowing malicious...
HackerOne Bug Bounty Disclosure: information-disclosure-leads-to-user-data-leakbynetboy
Programme HackerOne MTN Group MTN Group Submitted by netboy netboy Report Information Disclosure Leads To User Data Leak Full Report...
HackerOne Bug Bounty Disclosure: mysql-credentials-exposed-on—https://cz-acronis-com/docker-compose-ymlbymelar_dev
Programme HackerOne Acronis Acronis Submitted by melar_dev melar_dev Report mysql credentials exposed on - https://cz.acronis.com/docker-compose.yml Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: secret-api-key-is-logged-in-cleartextbysim4n6
Programme HackerOne Omise Omise Submitted by sim4n6 sim4n6 Report Secret API Key is logged in cleartext Full Report A considerable...
HackerOne Bug Bounty Disclosure: xss-due-to-incorrect-handling-of-postmessagesbymoom825
Programme HackerOne Khan Academy Khan Academy Submitted by moom825 moom825 Report xss due to incorrect handling of postmessages Full Report...
HackerOne Bug Bounty Disclosure: managing-pagesbyali_shehab
Programme HackerOne GitHub GitHub Submitted by ali_shehab ali_shehab Report Managing Pages Full Report A considerable amount of time and effort...
HackerOne Bug Bounty Disclosure: host-header-injection-that-bypassed-protection-and-allowed-accessing-multiple-subdomainsbymusashi42
Programme HackerOne Urban Company Urban Company Submitted by musashi42 musashi42 Report Host header injection that bypassed protection and allowed accessing...
HackerOne Bug Bounty Disclosure: cve-2022-43551:-another-hsts-bypass-via-idnbykurohiro
Programme HackerOne curl curl Submitted by kurohiro kurohiro Report CVE-2022-43551: Another HSTS bypass via IDN Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: missing-length-validation-of-user-displayname-allows-to-generate-an-sql-errorbyerrorx404
Programme HackerOne Nextcloud Nextcloud Submitted by errorx404 errorx404 Report Missing length validation of user displayname allows to generate an SQL...
HackerOne Bug Bounty Disclosure: [user_oidc]-stored-xss-via-authorization-endpoint—safari-onlybylauritz
Programme HackerOne Nextcloud Nextcloud Submitted by lauritz lauritz Report Stored XSS via Authorization Endpoint - Safari-Only Full Report A considerable...
