Bug Bounty

HackerOne Bug Bounty Disclosure: nextcloud-mail-does-not-respect-download-permissions-in-shares-rullzer

December 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:rullzerLink to Submitters Profile:https://hackerone.com/rullzer Report Title:Nextcloud mail does not respect download permissions...

HackerOne Bug Bounty Disclosure: netrc-redirect-credential-leak-nyymi

December 11, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:nyymiLink to Submitters Profile:https://hackerone.com/nyymi Report Title:netrc + redirect credential leakReport Link:https://hackerone.com/reports/2829063Date Submitted:11...

HackerOne Bug Bounty Disclosure: rce-on-worker-host-due-to-unsanitized-env-variable-name-in-task-definition-on-community-tc-services-mozilla-com-ebrietas

December 8, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:ebrietasLink to Submitters Profile:https://hackerone.com/ebrietas Report Title:RCE on worker host due to unsanitized...

HackerOne Bug Bounty Disclosure: cve-apache-airflow-command-injection-in-read-dataset-event-from-classic-dag-nhienit

December 7, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:nhienit2010Link to Submitters Profile:https://hackerone.com/nhienit2010 Report Title:CVE-2024-45498: Apache Airflow Command injection...

HackerOne Bug Bounty Disclosure: -addons-preview-cdn-mozilla-net-a-subdomain-takeover-is-available-via-unregistered-domain-in-fastly-haveaniceday

December 6, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:haveanicedayLink to Submitters Profile:https://hackerone.com/haveaniceday Report Title:mozillanet ] A subdomain takeover is available...

HackerOne Bug Bounty Disclosure: buffer-overflow-vulnerability-in-strcpy-leading-to-remote-code-execution-tix

December 2, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:tix01Link to Submitters Profile:https://hackerone.com/tix01 Report Title:Buffer Overflow Vulnerability in strcpy() Leading to...

HackerOne Bug Bounty Disclosure: open-redirected-by-host-header-black-world

December 2, 2024

Company Name: Localize Company HackerOne URL: https://hackerone.com/localizejs Submitted By:black_worldLink to Submitters Profile:https://hackerone.com/black_world Report Title:open redirected by host headerReport Link:https://hackerone.com/reports/2828499Date Submitted:02...

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-django-utils-html-urlize-mprogrammer

November 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:mprogrammerLink to Submitters Profile:https://hackerone.com/mprogrammer Report Title:CVE-2024-41990: Potential denial-of-service in djangoutilshtmlurlize()Report...

HackerOne Bug Bounty Disclosure: cve-redos-vulnerability-in-rexml-manun

November 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:manunLink to Submitters Profile:https://hackerone.com/manun Report Title:CVE-2024-49761: ReDoS vulnerability in REXMLReport...

HackerOne Bug Bounty Disclosure: rate-limit-bypass-on-passport-acronis-work-using-x-forwarded-for-request-header-analyz-r

November 28, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:analyz3rLink to Submitters Profile:https://hackerone.com/analyz3r Report Title:Rate limit bypass on passportacroniswork using X-Forwarded-For...

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

November 25, 2024

Company Name: Mars Company HackerOne URL: https://hackerone.com/mars Submitted By:the-white-evilLink to Submitters Profile:https://hackerone.com/the-white-evil Report Title:Reflected HTML Injection via contact (faq) search...

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

November 25, 2024

HackerOne Bug Bounty Disclosure: information-exposure-due-to-enabled-debug-mode-thpless

November 25, 2024

Company Name: Mars Company HackerOne URL: https://hackerone.com/mars Submitted By:thplessLink to Submitters Profile:https://hackerone.com/thpless Report Title:Information Exposure due to enabled debug modeReport...

HackerOne Bug Bounty Disclosure: unsubscribe-anyone-from-all-emails-abfe

November 25, 2024

Company Name: Mars Company HackerOne URL: https://hackerone.com/mars Submitted By:abfeLink to Submitters Profile:https://hackerone.com/abfe Report Title:unsubscribe anyone from all emails @ Report...

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

November 22, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:4xpl0r3rLink to Submitters Profile:https://hackerone.com/4xpl0r3r Report Title:`std::process::Command` batch files argument escaping...

HackerOne Bug Bounty Disclosure: dom-based-cookie-bomb-in-acronis-com-via-x-clickref-get-parameter-mr-medi

November 21, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:mr-mediLink to Submitters Profile:https://hackerone.com/mr-medi Report Title:DOM Based Cookie Bomb in *acroniscom via...

HackerOne Bug Bounty Disclosure: external-storage-global-credentials-returned-to-the-client-side-in-plaintext-tuyenee

November 21, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:tuyeneeLink to Submitters Profile:https://hackerone.com/tuyenee Report Title:External storage - global credentials returned to...

HackerOne Bug Bounty Disclosure: csrftoken-not-unique-to-session-or-specific-user-and-csrfmiddlewaretoken-can-be-altered-bashbdeer

November 20, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:bashbdeerLink to Submitters Profile:https://hackerone.com/bashbdeer Report Title:csrftoken not unique to session or specific...

HackerOne Bug Bounty Disclosure: reflected-xss-in-hxxps-www-acronis-com-products-cyber-protect-trial-tomblorg

November 20, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:tomblorgLink to Submitters Profile:https://hackerone.com/tomblorg Report Title:Reflected XSS in hXXps://wwwacroniscom/products/cyber-protect/trial/Report Link:https://hackerone.com/reports/1891926Date Submitted:20 November...

HackerOne Bug Bounty Disclosure: api-data-leak-y-usef

November 20, 2024

Company Name: Planet Labs Company HackerOne URL: https://hackerone.com/planet-labs Submitted By:y0usefLink to Submitters Profile:https://hackerone.com/y0usef Report Title:Api data leakReport Link:https://hackerone.com/reports/1639011Date Submitted:20 November...

HackerOne Bug Bounty Disclosure: a-potential-risk-in-the-cloudfrontextensionsconsole-which-can-be-used-to-privilege-escalation-zolaer

November 19, 2024

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:zolaer9527Link to Submitters Profile:https://hackerone.com/zolaer9527 Report Title:A potential risk in the cloudFrontExtensionsConsole...

HackerOne Bug Bounty Disclosure: hackerone-supports-accounts-organitation-takeover-madara

November 19, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:madara_Link to Submitters Profile:https://hackerone.com/madara_ Report Title:Hackerone supports accounts organitation takeoverReport Link:https://hackerone.com/reports/2798380Date Submitted:19...

HackerOne Bug Bounty Disclosure: heap-buffer-overread-in-contains-whitespace-when-calling-parser-validate-after-supplying-a-maliciously-crafted-buffer-to-parser-parse-l-thaxor

November 19, 2024

Company Name: Cosmos Company HackerOne URL: https://hackerone.com/cosmos Submitted By:l33thaxorLink to Submitters Profile:https://hackerone.com/l33thaxor Report Title:Heap-Buffer-Overread in contains_whitespace when calling parser_validate after...

HackerOne Bug Bounty Disclosure: share-information-of-tables-app-is-not-limited-to-affected-users-cx-fa

November 18, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:cx75faLink to Submitters Profile:https://hackerone.com/cx75fa Report Title:Share information of Tables app is not...

Bug Bounty

HackerOne Bug Bounty Disclosure: nextcloud-mail-does-not-respect-download-permissions-in-shares-rullzer

HackerOne Bug Bounty Disclosure: netrc-redirect-credential-leak-nyymi

HackerOne Bug Bounty Disclosure: rce-on-worker-host-due-to-unsanitized-env-variable-name-in-task-definition-on-community-tc-services-mozilla-com-ebrietas

HackerOne Bug Bounty Disclosure: cve-apache-airflow-command-injection-in-read-dataset-event-from-classic-dag-nhienit

HackerOne Bug Bounty Disclosure: -addons-preview-cdn-mozilla-net-a-subdomain-takeover-is-available-via-unregistered-domain-in-fastly-haveaniceday

HackerOne Bug Bounty Disclosure: buffer-overflow-vulnerability-in-strcpy-leading-to-remote-code-execution-tix

HackerOne Bug Bounty Disclosure: open-redirected-by-host-header-black-world

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-django-utils-html-urlize-mprogrammer

HackerOne Bug Bounty Disclosure: cve-redos-vulnerability-in-rexml-manun

HackerOne Bug Bounty Disclosure: rate-limit-bypass-on-passport-acronis-work-using-x-forwarded-for-request-header-analyz-r

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

HackerOne Bug Bounty Disclosure: information-exposure-due-to-enabled-debug-mode-thpless

HackerOne Bug Bounty Disclosure: unsubscribe-anyone-from-all-emails-abfe

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

HackerOne Bug Bounty Disclosure: dom-based-cookie-bomb-in-acronis-com-via-x-clickref-get-parameter-mr-medi

HackerOne Bug Bounty Disclosure: external-storage-global-credentials-returned-to-the-client-side-in-plaintext-tuyenee

HackerOne Bug Bounty Disclosure: csrftoken-not-unique-to-session-or-specific-user-and-csrfmiddlewaretoken-can-be-altered-bashbdeer

HackerOne Bug Bounty Disclosure: reflected-xss-in-hxxps-www-acronis-com-products-cyber-protect-trial-tomblorg

HackerOne Bug Bounty Disclosure: api-data-leak-y-usef

HackerOne Bug Bounty Disclosure: a-potential-risk-in-the-cloudfrontextensionsconsole-which-can-be-used-to-privilege-escalation-zolaer

HackerOne Bug Bounty Disclosure: hackerone-supports-accounts-organitation-takeover-madara

HackerOne Bug Bounty Disclosure: heap-buffer-overread-in-contains-whitespace-when-calling-parser-validate-after-supplying-a-maliciously-crafted-buffer-to-parser-parse-l-thaxor

HackerOne Bug Bounty Disclosure: share-information-of-tables-app-is-not-limited-to-affected-users-cx-fa

CVE Alert: CVE-2025-1813

CVE Alert: CVE-2025-1815

CVE Alert: CVE-2025-1814

CVE Alert: CVE-2025-1816

CVE Alert: CVE-2025-1817

You may have missed