HackerOne Bug Bounty Disclosure: open-redirectionbydoosec101
Programme HackerOne JetBlue JetBlue Submitted by doosec101 doosec101 Report Open Redirection Full Report A considerable amount of time and effort...
Bug Bounty
HackerOne Bug Bounty Disclosure: access-to-tomcat-manager-with-default-credsbydoosec101
Programme HackerOne JetBlue JetBlue Submitted by doosec101 doosec101 Report Access to tomcat-manager with default creds Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: tiktok-2fa-bypassbyamans
Programme HackerOne TikTok TikTok Submitted by amans amans Report TikTok 2FA Bypass Full Report A considerable amount of time and...
HackerOne Bug Bounty Disclosure: mystery-with-a-leaked-token-and-reusability-of-email-confirmation-link-leading-to-account-takeoverbygokulsk
Programme HackerOne Sorare Sorare Submitted by gokulsk gokulsk Report Mystery with a leaked token and Reusability of email confirmation link...
BugCrowd Bug Bounty Disclosure: – Idor – Access To Private Resumes – By mar0uane
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: – Email Html Injection @https://gigs.indeed.com/ – By pphreak_1001
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: – Session is not invalidated on password change –> https://my.zapinfo.io – By h_-_cker
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: stored-xss-in-public-profile-reviewsbyvj1naruto
Programme HackerOne Judge.me Judge.me Submitted by vj1naruto vj1naruto Report Stored XSS in Public Profile Reviews Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: improper-access-control-in-ali-express-importerbypenguinshelp
Programme HackerOne Judge.me Judge.me Submitted by penguinshelp penguinshelp Report Improper Access Control in Ali Express Importer Full Report A considerable...
HackerOne Bug Bounty Disclosure: self-xss-due-to-image-url-can-be-eploited-via-xssjacking-techniques-in-review-emailbypenguinshelp
Programme HackerOne Judge.me Judge.me Submitted by penguinshelp penguinshelp Report Self-XSS due to image URL can be eploited via XSSJacking techniques...
HackerOne Bug Bounty Disclosure: html-injection–(stored)bycriptex
Programme HackerOne Judge.me Judge.me Submitted by criptex criptex Report HTML INJECTION (STORED) Full Report A considerable amount of time and...
HackerOne Bug Bounty Disclosure: rails-actionview-sanitize-helper-bypass-leading-to-xss-using-svg-tag-byhaqpl
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by haqpl haqpl Report Rails ActionView sanitize helper bypass leading to...
HackerOne Bug Bounty Disclosure: xss-at-tiktok-ads-endpointbys3c
Programme HackerOne TikTok TikTok Submitted by s3c s3c Report XSS at TikTok Ads Endpoint Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: verification-process-done-using-different-documents-without-corresponding-to-user-information-/-user-information-can-be-changed-after-verificationbysiddharthamx
Programme HackerOne EXNESS EXNESS Submitted by siddharthamx siddharthamx Report Verification process done using different documents without corresponding to user information...
HackerOne Bug Bounty Disclosure: wavecell-com:-broken-link-hijacking-/-instagram-takeover-@byxdopa
Programme HackerOne 8x8 8x8 Submitted by xdopa xdopa Report wavecell.com: Broken Link Hijacking / Instagram Takeover @ Full Report A...
HackerOne Bug Bounty Disclosure: idor-for-changing-privacy-settings-on-any-memoriesbymrhavit
Programme HackerOne TikTok TikTok Submitted by mrhavit mrhavit Report IDOR for changing privacy settings on any memories Full Report A...
HackerOne Bug Bounty Disclosure: any-user-can-vote-on-`friend-only`-video-pullbymrhavit
Programme HackerOne TikTok TikTok Submitted by mrhavit mrhavit Report Any user can vote on `Friend Only` video pull Full Report...
HackerOne Bug Bounty Disclosure: github-apps-can-use-scoped-user-to-server-tokens-to-obtain-full-access-to-user’s-projects-in-project-v2-graphql-apibyahacker1
Programme HackerOne GitHub GitHub Submitted by ahacker1 ahacker1 Report Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to...
HackerOne Bug Bounty Disclosure: using-special-ipv4-mapped-ipv6-addresses-to-bypass-local-ip-banbyalbertspedersen
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by albertspedersen albertspedersen Report Using special IPv4-mapped IPv6 addresses...
HackerOne Bug Bounty Disclosure: xss-on-link-and-window-openerbypisarenko
Programme HackerOne Slack Slack Submitted by pisarenko pisarenko Report XSS on link and window.opener Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: 1-click-account-takeover-via-deeplink-in-[com-kayak-android]byretr02332
Programme HackerOne KAYAK KAYAK Submitted by retr02332 retr02332 Report 1 click Account takeover via deeplink in Full Report A considerable...
HackerOne Bug Bounty Disclosure: private-information-exposed-through-graphql-search-endpoints-aggregatesbyreigertje
Programme HackerOne HackerOne HackerOne Submitted by reigertje reigertje Report Private information exposed through GraphQL search endpoints aggregates Full Report A...
HackerOne Bug Bounty Disclosure: github-security-lab-(ghsl)-vulnerability-report:-insufficient-path-validation-in-receiveexternalfilesactivity-java-(ghsl-2022-060)byatorralba
Programme HackerOne ownCloud ownCloud Submitted by atorralba atorralba Report GitHub Security Lab (GHSL) Vulnerability Report: Insufficient path validation in ReceiveExternalFilesActivity.java...
HackerOne Bug Bounty Disclosure: uninstalling-mattermost-launcher-for-windows-(64-bit),-then-reinstalling-keeps-you-logged-in-without-authenticationbyannonmous
Programme HackerOne Mattermost Mattermost Submitted by annonmous annonmous Report Uninstalling Mattermost Launcher for Windows (64-bit), then reinstalling keeps you logged...
