HackerOne Bug Bounty Disclosure: xss-in-widget-review-form-preview-in-settingsbypenguinshelp
Programme HackerOne Judge.me Judge.me Submitted by penguinshelp penguinshelp Report XSS in Widget Review Form Preview in settings Full Report A...
Bug Bounty
HackerOne Bug Bounty Disclosure: take-over-subdomains-of-r2-dev-using-r2-custom-domainsbyalbertspedersen
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by albertspedersen albertspedersen Report Take over subdomains of r2.dev...
HackerOne Bug Bounty Disclosure: server-side-request-forgery–(ssrf)byraja404
Programme HackerOne Yelp Yelp Submitted by raja404 raja404 Report Server-side request forgery (ssrf) Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: directory-listing-vulnerability-on–packet8-net/php/include/byrajauzairabdullah
Programme HackerOne 8x8 8x8 Submitted by rajauzairabdullah rajauzairabdullah Report Directory Listing vulnerability on .packet8.net/php/include/ Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: dns-rebinding-in—inspect-(insufficient-fix-of-cve-2022-32212-affecting-macos-devices)byzeyu2001
Programme HackerOne Node.js Node.js Submitted by zeyu2001 zeyu2001 Report DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)...
HackerOne Bug Bounty Disclosure: cors-misconfiguration-on-yelpbyqualwin3001
Programme HackerOne Yelp Yelp Submitted by qualwin3001 qualwin3001 Report CORS Misconfiguration on Yelp Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: xss-reflected-on-reddit-com-via-url-pathbycriptex
Programme HackerOne Reddit Reddit Submitted by criptex criptex Report XSS Reflected on reddit.com via url path Full Report A considerable...
HackerOne Bug Bounty Disclosure: main-domain-takeover-at–https://www-marketo-net/bygdattacker
Programme HackerOne Adobe Adobe Submitted by gdattacker gdattacker Report Main Domain Takeover at https://www.marketo.net/ Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: com-basecamp-bc3-webview-javascript-injection-and-js-bridge-takeoverbyfr4via
Programme HackerOne Basecamp Basecamp Submitted by fr4via fr4via Report com.basecamp.bc3 Webview Javascript Injection and JS bridge takeover Full Report A...
HackerOne Bug Bounty Disclosure: xss-in-zentao-integration-affecting-self-hosted-instances-without-strict-cspbyjoaxcar
Programme HackerOne GitLab GitLab Submitted by joaxcar joaxcar Report XSS in ZenTao integration affecting self hosted instances without strict CSP...
HackerOne Bug Bounty Disclosure: dll-search-order-hijacking-vulnerability-in-work-64-exe-v7-16-3-1-exebyis-
Programme HackerOne 8x8 8x8 Submitted by is- is- Report DLL Search-Order Hijacking Vulnerability in work-64-exe-v7.16.3-1.exe Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: dos:-out-of-memory-from-gif-through-upload-apibycatenacyber
Programme HackerOne Mattermost Mattermost Submitted by catenacyber catenacyber Report DOS: out of memory from gif through upload api Full Report...
HackerOne Bug Bounty Disclosure: cors-misconfiguration-on-vanillaforums-combyadmin0x00
Programme HackerOne Vanilla Vanilla Submitted by admin0x00 admin0x00 Report CORS Misconfiguration on vanillaforums.com Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: there-is-no-rate-limit-for-sme-registration-portalbysachinrajput
Programme HackerOne MTN Group MTN Group Submitted by sachinrajput sachinrajput Report There is no rate limit for SME REGISTRATION PORTAL...
HackerOne Bug Bounty Disclosure: html-injection-in-email-via-name-fieldbymega7
Programme HackerOne HackerOne HackerOne Submitted by mega7 mega7 Report HTML Injection in email via Name field Full Report A considerable...
HackerOne Bug Bounty Disclosure: airflow-daemon-mode-insecure-umask-privilege-escalationbynyymi
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by nyymi nyymi Report Airflow Daemon Mode Insecure Umask Privilege Escalation...
HackerOne Bug Bounty Disclosure: information-exposure-in-in-guzzlehttp/guzzle-(https://github-com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle)byro0telqayser
Programme HackerOne Nextcloud Nextcloud Submitted by ro0telqayser ro0telqayser Report Information exposure in in guzzlehttp/guzzle (https://github.com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle) Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: last-video-frame-is-still-sent-after-video-is-disabled-in-a-callbydaniel_calvino_sanchez
Programme HackerOne Nextcloud Nextcloud Submitted by daniel_calvino_sanchez daniel_calvino_sanchez Report Last video frame is still sent after video is disabled in...
HackerOne Bug Bounty Disclosure: ssrf-via-potential-filter-bypass-with-too-lax-local-domain-checkingbytomorrowisnew_
Programme HackerOne Nextcloud Nextcloud Submitted by tomorrowisnew_ tomorrowisnew_ Report SSRF via potential filter bypass with too lax local domain checking...
HackerOne Bug Bounty Disclosure: [hta3]-remote-code-execution-on–https://-via-improper-access-control-to-scorm-zip-upload/importbycdl
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by cdl cdl Report Remote Code Execution on https://...
HackerOne Bug Bounty Disclosure: no-validation-to-image-upload-user-can-upload-(-php-apk-zip-files-and-can-be-used-as-storage-purpose)bybug_vs_me
Programme HackerOne Linktree Linktree Submitted by bug_vs_me bug_vs_me Report No validation to Image upload user can upload ( php APK...
HackerOne Bug Bounty Disclosure: shop—reflected–xss–with–clickjacking-leads-to-steal-user’s-cookie–in-two-domainbyerror201
Programme HackerOne Meredith Meredith Submitted by error201 error201 Report Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie...
HackerOne Bug Bounty Disclosure: abuse-cookie-modification,-toast-html-and-expired-domain-in-csp-form-action-replacing-login-page-at-www-dropbox-com/login-to-submit-creds-externallybyfransrosen
Programme HackerOne Dropbox Dropbox Submitted by fransrosen fransrosen Report Abuse cookie-modification, toast HTML and expired domain in CSP-form-action replacing login-page...
HackerOne Bug Bounty Disclosure: xss-in-http://www-glassdoor-com/search/results-htm-via-parameter-pollutionbynokline
Programme HackerOne Glassdoor Glassdoor Submitted by nokline nokline Report XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution Full Report A considerable amount...
