Bug Bounty

HackerOne Bug Bounty Disclosure: -switch-pia-mk-dx-stack-buffer-overflow-and-potential-rce-in-pia-lan-ldn-possibly-nex-room-info-deserialization-regginator

September 30, 2024

Company Name: Nintendo Company HackerOne URL: https://hackerone.com/nintendo Submitted By:regginatorLink to Submitters Profile:https://hackerone.com/regginator Report Title: Stack buffer overflow and potential RCE...

HackerOne Bug Bounty Disclosure: ssrf-keycloak-before-cve-on-hxxps-sponsoredata-mtn-ci-renzi

September 26, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:renziLink to Submitters Profile:https://hackerone.com/renzi Report Title:SSRF Keycloak before 1300 - CVE-2020-10770...

HackerOne Bug Bounty Disclosure: client-side-path-traversal-on-line-developers-console-never-die

September 26, 2024

Company Name: LY Corporation Company HackerOne URL: https://hackerone.com/line Submitted By:never_dieLink to Submitters Profile:https://hackerone.com/never_die Report Title:Client-Side Path Traversal on LINE Developers...

HackerOne Bug Bounty Disclosure: possible-xss-vulnerability-in-action-controller-ooooooo-q

September 25, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:Possible XSS Vulnerability in Action...

HackerOne Bug Bounty Disclosure: possible-dos-vulnerability-with-range-header-in-rack-ooooooo-q

September 25, 2024

HackerOne Bug Bounty Disclosure: able-to-see-location-coordinates-in-any-event-without-permission-to-do-so-ezzra

September 25, 2024

Company Name: FetLife Company HackerOne URL: https://hackerone.com/fetlife Submitted By:ezzraLink to Submitters Profile:https://hackerone.com/ezzra Report Title:Able to see location coordinates in any...

HackerOne Bug Bounty Disclosure: dom-xss-in-tiktok-com-login-via-the-redirect-url-parameter-sh-yo

September 21, 2024

Company Name: TikTok Company HackerOne URL: https://hackerone.com/tiktok Submitted By:sh1yoLink to Submitters Profile:https://hackerone.com/sh1yo Report Title:DOM XSS in tiktokcom/login via the redirect_url...

HackerOne Bug Bounty Disclosure: inviting-collaborator-using-email-disclose-the-hackerone-account-related-to-the-user-raymatp

September 19, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:raymatpLink to Submitters Profile:https://hackerone.com/raymatp Report Title:inviting collaborator using email disclose the hackerone...

HackerOne Bug Bounty Disclosure: issue-with-vdp-program-s-transition-to-private-status-and-missing-warning-labels-on-org-invitation-callmed

September 19, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:callmed0_4Link to Submitters Profile:https://hackerone.com/callmed0_4 Report Title:Issue with VDP Program's Transition to Private...

HackerOne Bug Bounty Disclosure: bypass-comment-restriction-retat

September 19, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:retat4Link to Submitters Profile:https://hackerone.com/retat4 Report Title:Bypass comment restrictionReport Link:https://hackerone.com/reports/2679108Date Submitted:19 September 2024...

HackerOne Bug Bounty Disclosure: private-draft-report-exposure-in-a-program-a-user-is-added-as-a-viewer-to-jay

September 17, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:jayLink to Submitters Profile:https://hackerone.com/jay Report Title:Private draft report exposure in a program...

HackerOne Bug Bounty Disclosure: -test-by-hdr-callmed

September 16, 2024

Company Name: nullsec VDP Company HackerOne URL: https://hackerone.com/nullsec_z7ppl-vdp Submitted By:callmed0_4Link to Submitters Profile:https://hackerone.com/callmed0_4 Report Title: Test by HDRReport Link:https://hackerone.com/reports/2719118Date Submitted:16...

HackerOne Bug Bounty Disclosure: this-test-report-has-been-disclosed-by-root-if-you-are-a-traiger-looking-at-this-report-act-asap-gmaerx

September 16, 2024

Company Name: mycompany VDP Company HackerOne URL: https://hackerone.com/mycompany_mg4m6-vdp Submitted By:gmaerxLink to Submitters Profile:https://hackerone.com/gmaerx Report Title:This test report has been disclosed...

HackerOne Bug Bounty Disclosure: authentication-bypass-leads-to-complete-account-takeveover-on-reachaxis

September 14, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:reachaxisLink to Submitters Profile:https://hackerone.com/reachaxis Report Title:Authentication Bypass Leads To Complete Account...

HackerOne Bug Bounty Disclosure: cve-ocsp-stapling-bypass-with-gnutls-kurohiro

September 11, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:kurohiroLink to Submitters Profile:https://hackerone.com/kurohiro Report Title:CVE-2024-8096: OCSP stapling bypass with GnuTLSReport Link:https://hackerone.com/reports/2669852Date...

HackerOne Bug Bounty Disclosure: stored-xss-in-reclamos-valent-ne

September 9, 2024

Company Name: MercadoLibre Company HackerOne URL: https://hackerone.com/mercadolibre Submitted By:valent1neLink to Submitters Profile:https://hackerone.com/valent1ne Report Title:Stored XSS in reclamosReport Link:https://hackerone.com/reports/1675516Date Submitted:09 September...

HackerOne Bug Bounty Disclosure: cross-site-scripting-reflected-alitoni

September 9, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:alitoni224Link to Submitters Profile:https://hackerone.com/alitoni224 Report Title:cross site scripting reflected Report Link:https://hackerone.com/reports/1496897Date...

HackerOne Bug Bounty Disclosure: cve-apache-airflow-stored-xss-vulnerability-on-provider-link-sw-rd-ight

September 7, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:sw0rd1ightLink to Submitters Profile:https://hackerone.com/sw0rd1ight Report Title:CVE-2024-41937: Apache Airflow: Stored XSS...

HackerOne Bug Bounty Disclosure: privates-emails-of-moz-workers-leaked-in-public-file-devil-think

September 4, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:devil_thinkLink to Submitters Profile:https://hackerone.com/devil_think Report Title:Privates Emails of Moz Workers Leaked in...

HackerOne Bug Bounty Disclosure: -monero-wallet-rpc-file-precreation-to-file-ownership-and-credentials-leak-selmelc

September 4, 2024

Company Name: Monero Company HackerOne URL: https://hackerone.com/monero Submitted By:selmelcLink to Submitters Profile:https://hackerone.com/selmelc Report Title: File precreation to file ownership and...

HackerOne Bug Bounty Disclosure: private-data-related-to-program-exposed-via-reports-id-json-endpoint-to-external-user-participant-saurabhb

August 30, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:saurabhbLink to Submitters Profile:https://hackerone.com/saurabhb Report Title:Private data related to program exposed via...

Bug Bounty

HackerOne Bug Bounty Disclosure: -switch-pia-mk-dx-stack-buffer-overflow-and-potential-rce-in-pia-lan-ldn-possibly-nex-room-info-deserialization-regginator

HackerOne Bug Bounty Disclosure: ssrf-keycloak-before-cve-on-hxxps-sponsoredata-mtn-ci-renzi

HackerOne Bug Bounty Disclosure: client-side-path-traversal-on-line-developers-console-never-die

HackerOne Bug Bounty Disclosure: possible-xss-vulnerability-in-action-controller-ooooooo-q

HackerOne Bug Bounty Disclosure: possible-dos-vulnerability-with-range-header-in-rack-ooooooo-q

HackerOne Bug Bounty Disclosure: able-to-see-location-coordinates-in-any-event-without-permission-to-do-so-ezzra

HackerOne Bug Bounty Disclosure: dom-xss-in-tiktok-com-login-via-the-redirect-url-parameter-sh-yo

HackerOne Bug Bounty Disclosure: inviting-collaborator-using-email-disclose-the-hackerone-account-related-to-the-user-raymatp

HackerOne Bug Bounty Disclosure: issue-with-vdp-program-s-transition-to-private-status-and-missing-warning-labels-on-org-invitation-callmed

HackerOne Bug Bounty Disclosure: bypass-comment-restriction-retat

HackerOne Bug Bounty Disclosure: private-draft-report-exposure-in-a-program-a-user-is-added-as-a-viewer-to-jay

HackerOne Bug Bounty Disclosure: -test-by-hdr-callmed

HackerOne Bug Bounty Disclosure: this-test-report-has-been-disclosed-by-root-if-you-are-a-traiger-looking-at-this-report-act-asap-gmaerx

HackerOne Bug Bounty Disclosure: authentication-bypass-leads-to-complete-account-takeveover-on-reachaxis

HackerOne Bug Bounty Disclosure: cve-ocsp-stapling-bypass-with-gnutls-kurohiro

HackerOne Bug Bounty Disclosure: stored-xss-in-reclamos-valent-ne

HackerOne Bug Bounty Disclosure: cross-site-scripting-reflected-alitoni

HackerOne Bug Bounty Disclosure: cve-apache-airflow-stored-xss-vulnerability-on-provider-link-sw-rd-ight

HackerOne Bug Bounty Disclosure: privates-emails-of-moz-workers-leaked-in-public-file-devil-think

HackerOne Bug Bounty Disclosure: -monero-wallet-rpc-file-precreation-to-file-ownership-and-credentials-leak-selmelc

HackerOne Bug Bounty Disclosure: private-data-related-to-program-exposed-via-reports-id-json-endpoint-to-external-user-participant-saurabhb

HackerOne Bug Bounty Disclosure: cve-jboss-insecure-storage-of-sensitive-information-on-ips-mtn-co-ug-deb-con

HackerOne Bug Bounty Disclosure: cve-cisco-asa-denial-of-service-path-traversal-vulnerable-on-mtn-co-ug-deb-con

HackerOne Bug Bounty Disclosure: xss-found-for-hxxps-thpless

CVE Alert: CVE-2024-47515

CVE Alert: CVE-2024-12582

CVE Alert: CVE-2024-9427

[FOG] – Ransomware Victim: Aroma Housewares Co (Aromaco[.]com)

[SARCOMA] – Ransomware Victim: Supraterra

You may have missed