Bug Bounty

HackerOne Bug Bounty Disclosure: csrf-(protection-bypassed)-to-force-a-below-18-user-into-viewing-an-nsfw-subreddit-!bymarvelmaniac

June 16, 2022

Programme HackerOne Reddit Reddit Submitted by marvelmaniac marvelmaniac Report CSRF (protection bypassed) to force a below 18 user into viewing...

HackerOne Bug Bounty Disclosure: stored-xss-on-tiktok-live-formbyaidilarf_2000

June 16, 2022

Programme HackerOne TikTok TikTok Submitted by aidilarf_2000 aidilarf_2000 Report Stored XSS on TikTok Live Form Full Report

HackerOne Bug Bounty Disclosure: curl-“globbing”-can-lead-to-denial-of-service-attacksbyiylz

June 16, 2022

Programme HackerOne curl curl Submitted by iylz iylz Report curl "globbing" can lead to denial of service attacks Full Report

HackerOne Bug Bounty Disclosure: golang-:-add-query-to-detect-pam-authorization-bugsbyporcupineyhairs

June 15, 2022

Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by porcupineyhairs porcupineyhairs Report Golang : Add Query To Detect PAM...

HackerOne Bug Bounty Disclosure: cpp:-add-query-for-cwe-243-creation-of-chroot-jail-without-changing-working-directorybyihsinme

June 15, 2022

Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by ihsinme ihsinme Report CPP: Add query for CWE-243 Creation of...

HackerOne Bug Bounty Disclosure: golang-:-hardcoded-secret-used-for-signing-jwtbyporcupineyhairs

June 15, 2022

Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by porcupineyhairs porcupineyhairs Report Golang : Hardcoded secret used for signing...

HackerOne Bug Bounty Disclosure: hyper-link-injection-while-signupby011alsanosi

June 15, 2022

Programme HackerOne UPchieve UPchieve Submitted by 011alsanosi 011alsanosi Report Hyper Link Injection while signup Full Report

HackerOne Bug Bounty Disclosure: reflected-cross-site-scripting-at–coldfusion-debugging-panel–http://www-grouplogic-com/cfide/debug/cf_debugfr-cfmbyub3rsick

June 14, 2022

HackerOne Bug Bounty Disclosure: rails::html::safelistsanitizer-vulnerable-to-xss-attack-in-an-environment-that-allows-the-style-tagbywindshock

June 14, 2022

HackerOne Bug Bounty Disclosure: html-injection-in-e-mailbymega7

June 14, 2022

HackerOne Bug Bounty Disclosure: reflected-cross-site-scripting-at-http://www-grouplogic-com/files/glidownload/verify3-asp-[uppercase-filter-bypass]byub3rsick

June 14, 2022

HackerOne Bug Bounty Disclosure: moderator-can-enable-cam/mic-remotely-if–cam/mic-permission-was-disabled-while-user-has-activated-cam/micbymichag86

June 9, 2022

Bug Bounty

HackerOne Bug Bounty Disclosure: csrf-(protection-bypassed)-to-force-a-below-18-user-into-viewing-an-nsfw-subreddit-!bymarvelmaniac

HackerOne Bug Bounty Disclosure: stored-xss-on-tiktok-live-formbyaidilarf_2000

HackerOne Bug Bounty Disclosure: curl-“globbing”-can-lead-to-denial-of-service-attacksbyiylz

HackerOne Bug Bounty Disclosure: golang-:-add-query-to-detect-pam-authorization-bugsbyporcupineyhairs

HackerOne Bug Bounty Disclosure: cpp:-add-query-for-cwe-243-creation-of-chroot-jail-without-changing-working-directorybyihsinme

HackerOne Bug Bounty Disclosure: golang-:-hardcoded-secret-used-for-signing-jwtbyporcupineyhairs

HackerOne Bug Bounty Disclosure: hyper-link-injection-while-signupby011alsanosi

HackerOne Bug Bounty Disclosure: reflected-cross-site-scripting-at–coldfusion-debugging-panel–http://www-grouplogic-com/cfide/debug/cf_debugfr-cfmbyub3rsick

HackerOne Bug Bounty Disclosure: rails::html::safelistsanitizer-vulnerable-to-xss-attack-in-an-environment-that-allows-the-style-tagbywindshock

HackerOne Bug Bounty Disclosure: html-injection-in-e-mailbymega7

HackerOne Bug Bounty Disclosure: reflected-cross-site-scripting-at-http://www-grouplogic-com/files/glidownload/verify3-asp-[uppercase-filter-bypass]byub3rsick

HackerOne Bug Bounty Disclosure: lack-of-rate-limit-on-athentification-login-page-&-forgot-password-pagebysaidkira

HackerOne Bug Bounty Disclosure: disclosure-the-live_analytics-information-of-any-livestream-bydatph4m

HackerOne Bug Bounty Disclosure: email-address-disclosure-via-invite-token-validatiionbynoob_but_cut3

HackerOne Bug Bounty Disclosure: rxss-onbytmz900

HackerOne Bug Bounty Disclosure: moderator-can-enable-cam/mic-remotely-if–cam/mic-permission-was-disabled-while-user-has-activated-cam/micbymichag86

HackerOne Bug Bounty Disclosure: integer-overflows-in-unescape_word()byddme

HackerOne Bug Bounty Disclosure: matchbymaslahhunter

HackerOne Bug Bounty Disclosure: reflected-xss-on-https://help-glassdoor-com/gd_requestsubmitpageby0x7

HackerOne Bug Bounty Disclosure: reflected-xss-on-https://www-glassdoor-com/parts/header-htmby0x7

HackerOne Bug Bounty Disclosure: gitlab-pages-token-theft-using-service-workersbyehhthing

HackerOne Bug Bounty Disclosure: stored-xss-on-issue-comments-and-other-pages-which-contain-notesbyjarij

HackerOne Bug Bounty Disclosure: xss-by-clicking-jira’s-linkbyooooooo_q

HackerOne Bug Bounty Disclosure: open-redirect-on-https://www-glassdoor-com/profile/siwa-htm-via-state-parameterby0x7

CISA: CISA Releases Eight Industrial Control Systems Advisories

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA: CISA Releases Six Industrial Control Systems Advisories

CISA: CISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

You may have missed