Bug Bounty

hackerone

HackerOne Bug Bounty Disclosure: bypass-of-this-fixed-inadequate-protocol-restriction-enforcement-in-curl-hackeriron

December 19, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:hackeriron1Link to Submitters Profile:https://hackerone.com/hackeriron1 Report Title:bypass of this Fixed #2437131 Report Link:https://hackerone.com/reports/2905552Date...

Read MoreRead more about HackerOne Bug Bounty Disclosure: bypass-of-this-fixed-inadequate-protocol-restriction-enforcement-in-curl-hackeriron
hackerone

HackerOne Bug Bounty Disclosure: x-e-ee-signature-verification-can-be-bypassed-leading-to-loss-of-confidentiality-of-end-to-end-encrypted-files-d-xuan

December 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:d-xuanLink to Submitters Profile:https://hackerone.com/d-xuan Report Title:X-E2EE-SIGNATURE verification can be bypassed, leading to...

Read MoreRead more about HackerOne Bug Bounty Disclosure: x-e-ee-signature-verification-can-be-bypassed-leading-to-loss-of-confidentiality-of-end-to-end-encrypted-files-d-xuan
hackerone

HackerOne Bug Bounty Disclosure: incomplete-sanitization-in-svg-preview-provider-pulsejet

December 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:pulsejetLink to Submitters Profile:https://hackerone.com/pulsejet Report Title:Incomplete sanitization in SVG preview providerReport Link:https://hackerone.com/reports/2484499Date...

Read MoreRead more about HackerOne Bug Bounty Disclosure: incomplete-sanitization-in-svg-preview-provider-pulsejet
hackerone

HackerOne Bug Bounty Disclosure: rce-on-worker-host-due-to-unsanitized-env-variable-name-in-task-definition-on-community-tc-services-mozilla-com-ebrietas

December 8, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:ebrietasLink to Submitters Profile:https://hackerone.com/ebrietas Report Title:RCE on worker host due to unsanitized...

Read MoreRead more about HackerOne Bug Bounty Disclosure: rce-on-worker-host-due-to-unsanitized-env-variable-name-in-task-definition-on-community-tc-services-mozilla-com-ebrietas
hackerone

HackerOne Bug Bounty Disclosure: cve-apache-airflow-command-injection-in-read-dataset-event-from-classic-dag-nhienit

December 7, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:nhienit2010Link to Submitters Profile:https://hackerone.com/nhienit2010 Report Title:CVE-2024-45498: Apache Airflow Command injection...

Read MoreRead more about HackerOne Bug Bounty Disclosure: cve-apache-airflow-command-injection-in-read-dataset-event-from-classic-dag-nhienit
hackerone

HackerOne Bug Bounty Disclosure: -addons-preview-cdn-mozilla-net-a-subdomain-takeover-is-available-via-unregistered-domain-in-fastly-haveaniceday

December 6, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:haveanicedayLink to Submitters Profile:https://hackerone.com/haveaniceday Report Title:mozillanet ] A subdomain takeover is available...

Read MoreRead more about HackerOne Bug Bounty Disclosure: -addons-preview-cdn-mozilla-net-a-subdomain-takeover-is-available-via-unregistered-domain-in-fastly-haveaniceday
hackerone

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-django-utils-html-urlize-mprogrammer

November 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:mprogrammerLink to Submitters Profile:https://hackerone.com/mprogrammer Report Title:CVE-2024-41990: Potential denial-of-service in djangoutilshtmlurlize()Report...

Read MoreRead more about HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-django-utils-html-urlize-mprogrammer
hackerone

HackerOne Bug Bounty Disclosure: rate-limit-bypass-on-passport-acronis-work-using-x-forwarded-for-request-header-analyz-r

November 28, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:analyz3rLink to Submitters Profile:https://hackerone.com/analyz3r Report Title:Rate limit bypass on passportacroniswork using X-Forwarded-For...

Read MoreRead more about HackerOne Bug Bounty Disclosure: rate-limit-bypass-on-passport-acronis-work-using-x-forwarded-for-request-header-analyz-r
hackerone

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

November 22, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:4xpl0r3rLink to Submitters Profile:https://hackerone.com/4xpl0r3r Report Title:`std::process::Command` batch files argument escaping...

Read MoreRead more about HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r
hackerone

HackerOne Bug Bounty Disclosure: external-storage-global-credentials-returned-to-the-client-side-in-plaintext-tuyenee

November 21, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:tuyeneeLink to Submitters Profile:https://hackerone.com/tuyenee Report Title:External storage - global credentials returned to...

Read MoreRead more about HackerOne Bug Bounty Disclosure: external-storage-global-credentials-returned-to-the-client-side-in-plaintext-tuyenee
hackerone

HackerOne Bug Bounty Disclosure: csrftoken-not-unique-to-session-or-specific-user-and-csrfmiddlewaretoken-can-be-altered-bashbdeer

November 20, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:bashbdeerLink to Submitters Profile:https://hackerone.com/bashbdeer Report Title:csrftoken not unique to session or specific...

Read MoreRead more about HackerOne Bug Bounty Disclosure: csrftoken-not-unique-to-session-or-specific-user-and-csrfmiddlewaretoken-can-be-altered-bashbdeer
hackerone

HackerOne Bug Bounty Disclosure: reflected-xss-in-hxxps-www-acronis-com-products-cyber-protect-trial-tomblorg

November 20, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:tomblorgLink to Submitters Profile:https://hackerone.com/tomblorg Report Title:Reflected XSS in hXXps://wwwacroniscom/products/cyber-protect/trial/Report Link:https://hackerone.com/reports/1891926Date Submitted:20 November...

Read MoreRead more about HackerOne Bug Bounty Disclosure: reflected-xss-in-hxxps-www-acronis-com-products-cyber-protect-trial-tomblorg

You may have missed

image

[RALORD] – Ransomware Victim: ​​​​agromate company

April 22, 2025
hkcert

Microsoft Monthly Security Update (March 2025)

April 22, 2025
hkcert

F5 Products Denial of Service Vulnerability

April 22, 2025
hkcert

SonicWall Products Remote Code Execution Vulnerability

April 22, 2025
hkcert

Apple Products Multiple Vulnerabilities

April 22, 2025