HackerOne Bug Bounty Disclosure: html-injection-in-email-via-name-fieldbymega7
Programme HackerOne HackerOne HackerOne Submitted by mega7 mega7 Report HTML Injection in email via Name field Full Report A considerable...
Bug Bounty
HackerOne Bug Bounty Disclosure: airflow-daemon-mode-insecure-umask-privilege-escalationbynyymi
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by nyymi nyymi Report Airflow Daemon Mode Insecure Umask Privilege Escalation...
HackerOne Bug Bounty Disclosure: information-exposure-in-in-guzzlehttp/guzzle-(https://github-com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle)byro0telqayser
Programme HackerOne Nextcloud Nextcloud Submitted by ro0telqayser ro0telqayser Report Information exposure in in guzzlehttp/guzzle (https://github.com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle) Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: last-video-frame-is-still-sent-after-video-is-disabled-in-a-callbydaniel_calvino_sanchez
Programme HackerOne Nextcloud Nextcloud Submitted by daniel_calvino_sanchez daniel_calvino_sanchez Report Last video frame is still sent after video is disabled in...
HackerOne Bug Bounty Disclosure: ssrf-via-potential-filter-bypass-with-too-lax-local-domain-checkingbytomorrowisnew_
Programme HackerOne Nextcloud Nextcloud Submitted by tomorrowisnew_ tomorrowisnew_ Report SSRF via potential filter bypass with too lax local domain checking...
HackerOne Bug Bounty Disclosure: [hta3]-remote-code-execution-on–https://-via-improper-access-control-to-scorm-zip-upload/importbycdl
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by cdl cdl Report Remote Code Execution on https://...
HackerOne Bug Bounty Disclosure: no-validation-to-image-upload-user-can-upload-(-php-apk-zip-files-and-can-be-used-as-storage-purpose)bybug_vs_me
Programme HackerOne Linktree Linktree Submitted by bug_vs_me bug_vs_me Report No validation to Image upload user can upload ( php APK...
HackerOne Bug Bounty Disclosure: shop—reflected–xss–with–clickjacking-leads-to-steal-user’s-cookie–in-two-domainbyerror201
Programme HackerOne Meredith Meredith Submitted by error201 error201 Report Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie...
HackerOne Bug Bounty Disclosure: abuse-cookie-modification,-toast-html-and-expired-domain-in-csp-form-action-replacing-login-page-at-www-dropbox-com/login-to-submit-creds-externallybyfransrosen
Programme HackerOne Dropbox Dropbox Submitted by fransrosen fransrosen Report Abuse cookie-modification, toast HTML and expired domain in CSP-form-action replacing login-page...
HackerOne Bug Bounty Disclosure: web-cache-poisoning-leads-to-xss-and-dosbynokline
Programme HackerOne Glassdoor Glassdoor Submitted by nokline nokline Report Web Cache Poisoning leads to XSS and DoS Full Report A...
HackerOne Bug Bounty Disclosure: rce-via-the-decompressedarchivesizevalidator-and-project-bulkimports-(behind-feature-flag)byvakzz
Programme HackerOne GitLab GitLab Submitted by vakzz vakzz Report RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag) Full...
HackerOne Bug Bounty Disclosure: xss-in-http://www-glassdoor-com/search/results-htm-via-parameter-pollutionbynokline
Programme HackerOne Glassdoor Glassdoor Submitted by nokline nokline Report XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: redos-in-net/http-affects-webhooks:-sidekiq-job-stuck-at-100%-cpu-for-a-yearbyafewgoats
Programme HackerOne GitLab GitLab Submitted by afewgoats afewgoats Report ReDoS in net/http affects webhooks: Sidekiq job stuck at 100% CPU...
HackerOne Bug Bounty Disclosure: no-restriction-on-passwordbypatronum-m
Programme HackerOne GitLab GitLab Submitted by patronum-m patronum-m Report No Restriction on password Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: dos-validator-nodes-of-blockchain-to-block-external-connectionsbycre8
Programme HackerOne Hyperledger Hyperledger Submitted by cre8 cre8 Report DOS validator nodes of blockchain to block external connections Full Report...
HackerOne Bug Bounty Disclosure: signup-with-any-email-and-enable-2-fa-without-verifying-emailbyimtheking
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by imtheking imtheking Report Signup with any Email and...
HackerOne Bug Bounty Disclosure: access-to-arbitrary-file-of-the-nextcloud-android-app-from-within-the-nextcloud-android-appbyluchua
Programme HackerOne Nextcloud Nextcloud Submitted by luchua luchua Report Access to arbitrary file of the Nextcloud Android app from within...
HackerOne Bug Bounty Disclosure: cleartext-storage-of-sensitive-information-at-https://staging-status-ai-apps-comms-ibm-com/env-can-lead-to-account-takeover–of-several-ibm-employeesbyzere
Programme HackerOne IBM IBM Submitted by zere zere Report Cleartext storage of sensitive information at https://staging.status.ai-apps-comms.ibm.com/env can lead to account...
BugCrowd Bug Bounty Disclosure: – Vulnerable to Log4j – By Ractiurd
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: – XSS REFLECTED – By kauenavarro
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: – Session fixation – By cyber_ritik
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: – Reflected XSS via HTML Injection – 2 – By Poc-as
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: – Reflected XSS – By mewtw0
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: – Reflected XSS via HTML Injection – By Poc-as
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
