HackerOne Bug Bounty Disclosure: cve-2021-40438-on-cp-eu2-acronis-combysavik
Programme HackerOne Acronis Acronis Submitted by savik savik Report CVE-2021-40438 on cp-eu2.acronis.com Full Report A considerable amount of time and...
Bug Bounty
HackerOne Bug Bounty Disclosure: undici-does-not-use-connect-or-otherwise-validate-upstream-https-certificates-when-using-a-proxybypimterry
Programme HackerOne Node.js Node.js Submitted by pimterry pimterry Report Undici does not use CONNECT or otherwise validate upstream HTTPS certificates...
HackerOne Bug Bounty Disclosure: one-click-xss-in-[www-shopify-com]bycomwrg
Programme HackerOne Shopify Shopify Submitted by comwrg comwrg Report One Click XSS in Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: [cve-2021-44228]-nps-acronis-com-is-vulnerable-to-the-recent-log4shell-0-daybyrhinestonecowboy
Programme HackerOne Acronis Acronis Submitted by rhinestonecowboy rhinestonecowboy Report nps.acronis.com is vulnerable to the recent log4shell 0-day Full Report A...
HackerOne Bug Bounty Disclosure: stored-xss-for-grafana-dashboard-urlbyxanbanx
Programme HackerOne GitLab GitLab Submitted by xanbanx xanbanx Report Stored XSS for Grafana dashboard URL Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: github-base-action-takeover-which-is-used-in-`github-com/shopify/unity-buy-sdk`bycodermak
Programme HackerOne Shopify Shopify Submitted by codermak codermak Report Github base action takeover which is used in `github.com/Shopify/unity-buy-sdk` Full Report...
HackerOne Bug Bounty Disclosure: able-to-view-hackerone-reports-attachmentsbysateeshn
Programme HackerOne GitLab GitLab Submitted by sateeshn sateeshn Report Able to view hackerone reports attachments Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: server-side-template-injection-on-name-parameter-during-sign-up-processbybattle_angel
Programme HackerOne Glovo Glovo Submitted by battle_angel battle_angel Report Server Side Template Injection on Name parameter during Sign Up process...
HackerOne Bug Bounty Disclosure: mass-account-takeover-at-https://app-taxjar-com/—no-user-interactionbybeerboy_ankit
Programme HackerOne Stripe Stripe Submitted by beerboy_ankit beerboy_ankit Report Mass Account Takeover at https://app.taxjar.com/ - No user Interaction Full Report...
HackerOne Bug Bounty Disclosure: getting-a-free-delivery-by-singing-up-from-“admin_@glovoapp-com”bycmuppin
Programme HackerOne Glovo Glovo Submitted by cmuppin cmuppin Report Getting a free delivery by singing up from "[email protected]" Full Report...
HackerOne Bug Bounty Disclosure: blind-ssrf-at-packagist-maximum-nlbydk4trin
Programme HackerOne Radancy Radancy Submitted by dk4trin dk4trin Report Blind SSRF at packagist.maximum.nl Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: read-beyond-bounds-in-ap_strcmp_match()-[zhbug_httpd_47-7]bytdp3kel9g
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by tdp3kel9g tdp3kel9g Report Read beyond bounds in ap_strcmp_match() Full Report...
HackerOne Bug Bounty Disclosure: read-beyond-bounds-via-ap_rwrite()-[zhbug_httpd_47-2]bytdp3kel9g
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by tdp3kel9g tdp3kel9g Report Read beyond bounds via ap_rwrite() Full Report...
HackerOne Bug Bounty Disclosure: read-beyond-bounds-in-mod_isapi-c-[zhbug_httpd_41]bytdp3kel9g
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by tdp3kel9g tdp3kel9g Report Read beyond bounds in mod_isapi.c Full Report...
HackerOne Bug Bounty Disclosure: controllable-read-beyond-bounds-in-lua_websocket_readbytes()-[zhbug_httpd_126]bytdp3kel9g
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by tdp3kel9g tdp3kel9g Report Controllable read beyond bounds in lua_websocket_readbytes() Full...
HackerOne Bug Bounty Disclosure: exposed-valid-aws,-mysql,-sendgrid-and-other-secretsbymehdisadir
Programme HackerOne Glovo Glovo Submitted by mehdisadir mehdisadir Report Exposed valid AWS, Mysql, Sendgrid and other secrets Full Report A...
HackerOne Bug Bounty Disclosure: remote-denial-of-service-in–hyperledger-fabricbyfatal0
Programme HackerOne Hyperledger Hyperledger Submitted by fatal0 fatal0 Report Remote denial of service in HyperLedger Fabric Full Report A considerable...
HackerOne Bug Bounty Disclosure: stack-buffer-overflow-via-`gmp_sprintf`in-`blssignature`-and-`blssigshare`byvoiddy
Programme HackerOne SKALE Network SKALE Network Submitted by voiddy voiddy Report Stack Buffer Overflow via `gmp_sprintf`in `BLSSignature` and `BLSSigShare` Full...
HackerOne Bug Bounty Disclosure: reflected-cross-site-scripting-(xss)-on-https://one-newrelic-combysairanga
Programme HackerOne New Relic New Relic Submitted by sairanga sairanga Report Reflected Cross site Scripting (XSS) on https://one.newrelic.com Full Report...
HackerOne Bug Bounty Disclosure: exposure-of-a-valid-gitlab-workhorse-jwt-leading-to-various-bad-thingsbyledz1996
Programme HackerOne GitLab GitLab Submitted by ledz1996 ledz1996 Report Exposure of a valid Gitlab-Workhorse JWT leading to various bad things...
HackerOne Bug Bounty Disclosure: reflected–xss-on–https://wwwapps-ups-com/ctc/request?loc=by3amoura
Programme HackerOne UPS VDP UPS VDP Submitted by 3amoura 3amoura Report Reflected XSS on https://wwwapps.ups.com/ctc/request?loc= Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: smtp-command-injection-in-icalendar-attachments-to-emails-via-newlinesbyspaceraccoon
Programme HackerOne Nextcloud Nextcloud Submitted by spaceraccoon spaceraccoon Report SMTP Command Injection in iCalendar Attachments to Emails via Newlines Full...
HackerOne Bug Bounty Disclosure: moderators-can-send-messages-to-users-from-banned-subreddits-via-`oauth-reddit-com/api/mod/conversations`byzqyzoid
Programme HackerOne Reddit Reddit Submitted by zqyzoid zqyzoid Report Moderators can send messages to users from banned subreddits via `oauth.reddit.com/api/mod/conversations`...
HackerOne Bug Bounty Disclosure: federated-editing-allows-iframing-possibly-malicious-remotesbyrtod
Programme HackerOne Nextcloud Nextcloud Submitted by rtod rtod Report Federated editing allows iframing possibly malicious remotes Full Report A considerable...
