HackerOne Bug Bounty Disclosure: public-apache-tomcat-/examples-example-directorybymr_k0anti
Programme HackerOne 8x8 8x8 Submitted by mr_k0anti mr_k0anti Report Public Apache Tomcat /examples example directory Full Report A considerable amount...
Bug Bounty
HackerOne Bug Bounty Disclosure: information-disclosure-(-google-sales-channel-)byhydraxanon82
Programme HackerOne Shopify Shopify Submitted by hydraxanon82 hydraxanon82 Report Information disclosure ( Google Sales Channel ) Full Report A considerable...
HackerOne Bug Bounty Disclosure: can-use-the-reddit-android-app-as-usual-even-though-revoking-the-access-of-it-from-reddit-combysateeshn
Programme HackerOne Reddit Reddit Submitted by sateeshn sateeshn Report Can use the Reddit android app as usual even though revoking...
HackerOne Bug Bounty Disclosure: post-based-reflected-xss-in-dailydeals-mtn-co-zabyshuvam321
Programme HackerOne MTN Group MTN Group Submitted by shuvam321 shuvam321 Report POST BASED REFLECTED XSS IN dailydeals.mtn.co.za Full Report A...
HackerOne Bug Bounty Disclosure: [h1-2102]-shopapps-query-from-the-graphql-at-/users/api-returns-all-existing-created-apps,-including-private-onesbyinhibitor181
Programme HackerOne Shopify Shopify Submitted by inhibitor181 inhibitor181 Report shopApps query from the graphql at /users/api returns all existing created...
HackerOne Bug Bounty Disclosure: add-me-email-address-authentication-bypassbyraajeevrathnam
Programme HackerOne LinkedIn LinkedIn Submitted by raajeevrathnam raajeevrathnam Report Add me email address Authentication bypass Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: rubygems-org-batching-attack-to-`confirmation_token`-by-bypass-rate-limitbyooooooo_q
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by ooooooo_q ooooooo_q Report rubygems.org Batching attack to `confirmation_token` by bypass...
HackerOne Bug Bounty Disclosure: undici-proxyagent-vulnerable-to-mitmbypimterry
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by pimterry pimterry Report Undici ProxyAgent vulnerable to MITM Full Report...
HackerOne Bug Bounty Disclosure: cve-2021-40438-on-cp-eu2-acronis-combysavik
Programme HackerOne Acronis Acronis Submitted by savik savik Report CVE-2021-40438 on cp-eu2.acronis.com Full Report A considerable amount of time and...
HackerOne Bug Bounty Disclosure: undici-does-not-use-connect-or-otherwise-validate-upstream-https-certificates-when-using-a-proxybypimterry
Programme HackerOne Node.js Node.js Submitted by pimterry pimterry Report Undici does not use CONNECT or otherwise validate upstream HTTPS certificates...
HackerOne Bug Bounty Disclosure: one-click-xss-in-[www-shopify-com]bycomwrg
Programme HackerOne Shopify Shopify Submitted by comwrg comwrg Report One Click XSS in Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: [cve-2021-44228]-nps-acronis-com-is-vulnerable-to-the-recent-log4shell-0-daybyrhinestonecowboy
Programme HackerOne Acronis Acronis Submitted by rhinestonecowboy rhinestonecowboy Report nps.acronis.com is vulnerable to the recent log4shell 0-day Full Report A...
HackerOne Bug Bounty Disclosure: stored-xss-for-grafana-dashboard-urlbyxanbanx
Programme HackerOne GitLab GitLab Submitted by xanbanx xanbanx Report Stored XSS for Grafana dashboard URL Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: github-base-action-takeover-which-is-used-in-`github-com/shopify/unity-buy-sdk`bycodermak
Programme HackerOne Shopify Shopify Submitted by codermak codermak Report Github base action takeover which is used in `github.com/Shopify/unity-buy-sdk` Full Report...
HackerOne Bug Bounty Disclosure: able-to-view-hackerone-reports-attachmentsbysateeshn
Programme HackerOne GitLab GitLab Submitted by sateeshn sateeshn Report Able to view hackerone reports attachments Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: server-side-template-injection-on-name-parameter-during-sign-up-processbybattle_angel
Programme HackerOne Glovo Glovo Submitted by battle_angel battle_angel Report Server Side Template Injection on Name parameter during Sign Up process...
HackerOne Bug Bounty Disclosure: mass-account-takeover-at-https://app-taxjar-com/—no-user-interactionbybeerboy_ankit
Programme HackerOne Stripe Stripe Submitted by beerboy_ankit beerboy_ankit Report Mass Account Takeover at https://app.taxjar.com/ - No user Interaction Full Report...
HackerOne Bug Bounty Disclosure: getting-a-free-delivery-by-singing-up-from-“admin_@glovoapp-com”bycmuppin
Programme HackerOne Glovo Glovo Submitted by cmuppin cmuppin Report Getting a free delivery by singing up from "[email protected]" Full Report...
HackerOne Bug Bounty Disclosure: blind-ssrf-at-packagist-maximum-nlbydk4trin
Programme HackerOne Radancy Radancy Submitted by dk4trin dk4trin Report Blind SSRF at packagist.maximum.nl Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: read-beyond-bounds-via-ap_rwrite()-[zhbug_httpd_47-2]bytdp3kel9g
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by tdp3kel9g tdp3kel9g Report Read beyond bounds via ap_rwrite() Full Report...
HackerOne Bug Bounty Disclosure: read-beyond-bounds-in-mod_isapi-c-[zhbug_httpd_41]bytdp3kel9g
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by tdp3kel9g tdp3kel9g Report Read beyond bounds in mod_isapi.c Full Report...
HackerOne Bug Bounty Disclosure: controllable-read-beyond-bounds-in-lua_websocket_readbytes()-[zhbug_httpd_126]bytdp3kel9g
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by tdp3kel9g tdp3kel9g Report Controllable read beyond bounds in lua_websocket_readbytes() Full...
HackerOne Bug Bounty Disclosure: read-beyond-bounds-in-ap_strcmp_match()-[zhbug_httpd_47-7]bytdp3kel9g
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by tdp3kel9g tdp3kel9g Report Read beyond bounds in ap_strcmp_match() Full Report...
HackerOne Bug Bounty Disclosure: exposed-valid-aws,-mysql,-sendgrid-and-other-secretsbymehdisadir
Programme HackerOne Glovo Glovo Submitted by mehdisadir mehdisadir Report Exposed valid AWS, Mysql, Sendgrid and other secrets Full Report A...
