Bug Bounty

HackerOne Bug Bounty Disclosure: stored-xss-on-trix-editor-version-thwin-htet

November 4, 2024

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:thwin_htetLink to Submitters Profile:https://hackerone.com/thwin_htet Report Title:Stored XSS on trix editor version 211Report...

HackerOne Bug Bounty Disclosure: social-media-account-takeover-haythem

November 3, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:haythem02Link to Submitters Profile:https://hackerone.com/haythem02 Report Title:Social media account takeover Report Link:https://hackerone.com/reports/2682974Date...

HackerOne Bug Bounty Disclosure: insecure-invitation-link-handling-mous-haxk

October 31, 2024

Company Name: ProductBoard, Inc. Company HackerOne URL: https://hackerone.com/productboard Submitted By:mous_haxkLink to Submitters Profile:https://hackerone.com/mous_haxk Report Title:Insecure Invitation Link HandlingReport Link:https://hackerone.com/reports/2586433Date Submitted:31...

HackerOne Bug Bounty Disclosure: bypassing-hackerone-fa-due-to-race-condition-akashhamal-x

October 30, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:akashhamal0x01Link to Submitters Profile:https://hackerone.com/akashhamal0x01 Report Title:Bypassing HackerOne 2FA due to race conditionReport...

HackerOne Bug Bounty Disclosure: redos-vulnerability-in-http-accept-headers-parsing-dwisiswant

October 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:dwisiswant0Link to Submitters Profile:https://hackerone.com/dwisiswant0 Report Title:ReDoS Vulnerability in HTTP Accept...

HackerOne Bug Bounty Disclosure: -csrf-to-information-disclosure-on-password-cancel-endpoint-hackeriron

October 29, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:hackeriron1Link to Submitters Profile:https://hackerone.com/hackeriron1 Report Title:#2 CSRF to Information disclosure on password...

HackerOne Bug Bounty Disclosure: -ssn-edpi-badlifeguard

October 25, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:badlifeguardLink to Submitters Profile:https://hackerone.com/badlifeguard Report Title: SSN/EDPIReport Link:https://hackerone.com/reports/1541817Date Submitted:25...

HackerOne Bug Bounty Disclosure: unauthenticated-lfi-local-file-inclusion-using-the-symbol-at-the-target-hxxps–xym

October 25, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:0xymLink to Submitters Profile:https://hackerone.com/0xym Report Title:Unauthenticated LFI (Local File...

HackerOne Bug Bounty Disclosure: cve-rce-liferay-portal-unauthenticated-via-hxxps-exploitmsf

October 25, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:exploitmsfLink to Submitters Profile:https://hackerone.com/exploitmsf Report Title:CVE-2020-7961 RCE Liferay Portal...

HackerOne Bug Bounty Disclosure: sql-injection-k-x

October 25, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:k0xLink to Submitters Profile:https://hackerone.com/k0x Report Title:SQL InjectionReport Link:https://hackerone.com/reports/2737595Date Submitted:25...

HackerOne Bug Bounty Disclosure: pull-any-automated-record-brief-badlifeguard

October 25, 2024

HackerOne Bug Bounty Disclosure: lack-of-rate-limiting-in-hxxps-pki-passreset-aspx-leads-to-pii-disclosure-and-potential-account-takeover-hypervis-r

October 25, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:hypervis0rLink to Submitters Profile:https://hackerone.com/hypervis0r Report Title:Lack of rate limiting...

HackerOne Bug Bounty Disclosure: memory-leak-in-bytes-to-hexstring-function-hackergandhi

October 24, 2024

Company Name: Hyperledger Company HackerOne URL: https://hackerone.com/hyperledger Submitted By:hackergandhiLink to Submitters Profile:https://hackerone.com/hackergandhi Report Title:Memory Leak in bytes_to_hexstring FunctionReport Link:https://hackerone.com/reports/2779070Date Submitted:24...

HackerOne Bug Bounty Disclosure: information-disclosure-due-to-exposed-env-file-directory-listing-at-necr-mancer

October 22, 2024

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:necr0mancerLink to Submitters Profile:https://hackerone.com/necr0mancer Report Title:Information Disclosure Due To exposed env...

HackerOne Bug Bounty Disclosure: weak-password-policy-via-directadmin-password-change-functionality-seqode

October 22, 2024

Company Name: Endless Group Company HackerOne URL: https://hackerone.com/endless_group Submitted By:seqodeLink to Submitters Profile:https://hackerone.com/seqode Report Title:Weak Password Policy via DirectAdmin Password...

HackerOne Bug Bounty Disclosure: no-rate-limit-in-otp-code-sending-mathara

October 21, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:matharaLink to Submitters Profile:https://hackerone.com/mathara Report Title:No rate limit in OTP code...

HackerOne Bug Bounty Disclosure: reflected-xss-mathara

October 21, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:matharaLink to Submitters Profile:https://hackerone.com/mathara Report Title:Reflected - XSSReport Link:https://hackerone.com/reports/1779447Date Submitted:21 October...

HackerOne Bug Bounty Disclosure: unauthenticated-wordpress-database-repair-dos-wshadow

October 18, 2024

Company Name: WordPress Company HackerOne URL: https://hackerone.com/wordpress Submitted By:wshadowLink to Submitters Profile:https://hackerone.com/wshadow Report Title:Unauthenticated WordPress Database Repair DoSReport Link:https://hackerone.com/reports/2786591Date Submitted:18...

HackerOne Bug Bounty Disclosure: paypal-cleient-id-and-stripe-api-key-indexed-on-web-arcive-ghaazy

October 18, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:ghaazyLink to Submitters Profile:https://hackerone.com/ghaazy Report Title:paypal cleient_id And stripe api key indexed...

HackerOne Bug Bounty Disclosure: race-condition-leads-to-add-more-than-email-at-data-breaches-monitor-system-at-hxxps-stage-firefoxmonitor-nonprod-cloudops-mozgcp-net-sushantd

October 18, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:sushantd19Link to Submitters Profile:https://hackerone.com/sushantd19 Report Title:Race condition leads to add more than...

HackerOne Bug Bounty Disclosure: sentry-auth-token-exposed-publicly-in-docker-hub-image-ghaazy

October 18, 2024

HackerOne Bug Bounty Disclosure: two-aws-access-key-and-secret-key-and-database-username-and-password-exposed-ghaazy

October 18, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:ghaazyLink to Submitters Profile:https://hackerone.com/ghaazy Report Title:two aws access key and secret key...

HackerOne Bug Bounty Disclosure: circular-based-introspetion-query-leading-to-single-request-denial-of-service-and-cost-consumption-and-query-cost-on-api-sorare-com-graphql-thebeast

October 17, 2024

Company Name: Sorare Company HackerOne URL: https://hackerone.com/sorare Submitted By:thebeast99Link to Submitters Profile:https://hackerone.com/thebeast99 Report Title:Circular based introspetion Query leading to single...

HackerOne Bug Bounty Disclosure: race-condition-on-create-api-function-mo-salah

October 15, 2024

Company Name: Enjin Company HackerOne URL: https://hackerone.com/enjin Submitted By:mo_salah12Link to Submitters Profile:https://hackerone.com/mo_salah12 Report Title:Race Condition on Create API FunctionReport Link:https://hackerone.com/reports/2682392Date...

Bug Bounty

HackerOne Bug Bounty Disclosure: stored-xss-on-trix-editor-version-thwin-htet

HackerOne Bug Bounty Disclosure: social-media-account-takeover-haythem

HackerOne Bug Bounty Disclosure: insecure-invitation-link-handling-mous-haxk

HackerOne Bug Bounty Disclosure: bypassing-hackerone-fa-due-to-race-condition-akashhamal-x

HackerOne Bug Bounty Disclosure: redos-vulnerability-in-http-accept-headers-parsing-dwisiswant

HackerOne Bug Bounty Disclosure: -csrf-to-information-disclosure-on-password-cancel-endpoint-hackeriron

HackerOne Bug Bounty Disclosure: -ssn-edpi-badlifeguard

HackerOne Bug Bounty Disclosure: unauthenticated-lfi-local-file-inclusion-using-the-symbol-at-the-target-hxxps–xym

HackerOne Bug Bounty Disclosure: cve-rce-liferay-portal-unauthenticated-via-hxxps-exploitmsf

HackerOne Bug Bounty Disclosure: sql-injection-k-x

HackerOne Bug Bounty Disclosure: pull-any-automated-record-brief-badlifeguard

HackerOne Bug Bounty Disclosure: lack-of-rate-limiting-in-hxxps-pki-passreset-aspx-leads-to-pii-disclosure-and-potential-account-takeover-hypervis-r

HackerOne Bug Bounty Disclosure: memory-leak-in-bytes-to-hexstring-function-hackergandhi

HackerOne Bug Bounty Disclosure: information-disclosure-due-to-exposed-env-file-directory-listing-at-necr-mancer

HackerOne Bug Bounty Disclosure: weak-password-policy-via-directadmin-password-change-functionality-seqode

HackerOne Bug Bounty Disclosure: no-rate-limit-in-otp-code-sending-mathara

HackerOne Bug Bounty Disclosure: reflected-xss-mathara

HackerOne Bug Bounty Disclosure: unauthenticated-wordpress-database-repair-dos-wshadow

HackerOne Bug Bounty Disclosure: paypal-cleient-id-and-stripe-api-key-indexed-on-web-arcive-ghaazy

HackerOne Bug Bounty Disclosure: race-condition-leads-to-add-more-than-email-at-data-breaches-monitor-system-at-hxxps-stage-firefoxmonitor-nonprod-cloudops-mozgcp-net-sushantd

HackerOne Bug Bounty Disclosure: sentry-auth-token-exposed-publicly-in-docker-hub-image-ghaazy

HackerOne Bug Bounty Disclosure: two-aws-access-key-and-secret-key-and-database-username-and-password-exposed-ghaazy

HackerOne Bug Bounty Disclosure: circular-based-introspetion-query-leading-to-single-request-denial-of-service-and-cost-consumption-and-query-cost-on-api-sorare-com-graphql-thebeast

HackerOne Bug Bounty Disclosure: race-condition-on-create-api-function-mo-salah

[RALORD] – Ransomware Victim: agromate company

Microsoft Monthly Security Update (March 2025)

F5 Products Denial of Service Vulnerability

SonicWall Products Remote Code Execution Vulnerability

Apple Products Multiple Vulnerabilities

You may have missed