bug bounty

HackerOne Bug Bounty Disclosure: lack-of-url-validation-in-avatarurl-at-v-profile-marcotuliocnd

December 28, 2024

Company Name: Truecaller Company HackerOne URL: https://hackerone.com/truecaller Submitted By:marcotuliocndLink to Submitters Profile:https://hackerone.com/marcotuliocnd Report Title:Lack of URL Validation in avatarUrl at...

HackerOne Bug Bounty Disclosure: -oem-acronis-com-reflected-cross-site-scripting-darkdream

December 28, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:darkdreamLink to Submitters Profile:https://hackerone.com/darkdream Report Title:acroniscom] Reflected Cross Site Scripting Report Link:https://hackerone.com/reports/2038943Date...

HackerOne Bug Bounty Disclosure: a-potential-risk-in-the-aws-lambda-ecs-run-task-which-can-be-used-to-privilege-escalation-zolaer

December 27, 2024

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:zolaer9527Link to Submitters Profile:https://hackerone.com/zolaer9527 Report Title:A potential risk in the aws-lambda-ecs-run-task...

HackerOne Bug Bounty Disclosure: hackers-attack-curl-vulnerability-accessing-sensitive-information-scottarterbury

December 27, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:scottarterburyLink to Submitters Profile:https://hackerone.com/scottarterbury Report Title:Hackers Attack Curl Vulnerability Accessing Sensitive InformationReport...

HackerOne Bug Bounty Disclosure: reflected-xss-on-amazon-ec-instance-perigou

December 24, 2024

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:perigouLink to Submitters Profile:https://hackerone.com/perigou Report Title:Reflected XSS on Amazon EC2 InstanceReport...

HackerOne Bug Bounty Disclosure: cve-perigou

December 24, 2024

HackerOne Bug Bounty Disclosure: access-to-limited-confidential-information-of-private-program-as-a-ex-reporter-report-participant-external-user-ex-staff-member-sarthakbhingare

December 24, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:sarthakbhingare015Link to Submitters Profile:https://hackerone.com/sarthakbhingare015 Report Title:Access to limited confidential information of private...

HackerOne Bug Bounty Disclosure: bypass-upgrade-to-add-project-restriction-in-free-account-to-create-multiple-projects-without-upgrading-mrm-nk

December 20, 2024

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:mrm0nkLink to Submitters Profile:https://hackerone.com/mrm0nk Report Title:Bypass "Upgrade To Add Project" Restriction in...

HackerOne Bug Bounty Disclosure: bypass-of-this-fixed-inadequate-protocol-restriction-enforcement-in-curl-hackeriron

December 19, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:hackeriron1Link to Submitters Profile:https://hackerone.com/hackeriron1 Report Title:bypass of this Fixed #2437131 Report Link:https://hackerone.com/reports/2905552Date...

HackerOne Bug Bounty Disclosure: forced-oauth-authorization-using-button-id-in-hash-and-holding-space-j-r-an

December 17, 2024

Company Name: LinkedIn Company HackerOne URL: https://hackerone.com/linkedin Submitted By:j0r1anLink to Submitters Profile:https://hackerone.com/j0r1an Report Title:Forced OAuth authorization using button ID in...

HackerOne Bug Bounty Disclosure: incomplete-sanitization-in-svg-preview-provider-pulsejet

December 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:pulsejetLink to Submitters Profile:https://hackerone.com/pulsejet Report Title:Incomplete sanitization in SVG preview providerReport Link:https://hackerone.com/reports/2484499Date...

HackerOne Bug Bounty Disclosure: nextcloud-mail-does-not-respect-download-permissions-in-shares-rullzer

December 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:rullzerLink to Submitters Profile:https://hackerone.com/rullzer Report Title:Nextcloud mail does not respect download permissions...

HackerOne Bug Bounty Disclosure: x-e-ee-signature-verification-can-be-bypassed-leading-to-loss-of-confidentiality-of-end-to-end-encrypted-files-d-xuan

December 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:d-xuanLink to Submitters Profile:https://hackerone.com/d-xuan Report Title:X-E2EE-SIGNATURE verification can be bypassed, leading to...

HackerOne Bug Bounty Disclosure: netrc-redirect-credential-leak-nyymi

December 11, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:nyymiLink to Submitters Profile:https://hackerone.com/nyymi Report Title:netrc + redirect credential leakReport Link:https://hackerone.com/reports/2829063Date Submitted:11...

HackerOne Bug Bounty Disclosure: rce-on-worker-host-due-to-unsanitized-env-variable-name-in-task-definition-on-community-tc-services-mozilla-com-ebrietas

December 8, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:ebrietasLink to Submitters Profile:https://hackerone.com/ebrietas Report Title:RCE on worker host due to unsanitized...

HackerOne Bug Bounty Disclosure: cve-apache-airflow-command-injection-in-read-dataset-event-from-classic-dag-nhienit

December 7, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:nhienit2010Link to Submitters Profile:https://hackerone.com/nhienit2010 Report Title:CVE-2024-45498: Apache Airflow Command injection...

HackerOne Bug Bounty Disclosure: -addons-preview-cdn-mozilla-net-a-subdomain-takeover-is-available-via-unregistered-domain-in-fastly-haveaniceday

December 6, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:haveanicedayLink to Submitters Profile:https://hackerone.com/haveaniceday Report Title:mozillanet ] A subdomain takeover is available...

HackerOne Bug Bounty Disclosure: buffer-overflow-vulnerability-in-strcpy-leading-to-remote-code-execution-tix

December 2, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:tix01Link to Submitters Profile:https://hackerone.com/tix01 Report Title:Buffer Overflow Vulnerability in strcpy() Leading to...

HackerOne Bug Bounty Disclosure: open-redirected-by-host-header-black-world

December 2, 2024

Company Name: Localize Company HackerOne URL: https://hackerone.com/localizejs Submitted By:black_worldLink to Submitters Profile:https://hackerone.com/black_world Report Title:open redirected by host headerReport Link:https://hackerone.com/reports/2828499Date Submitted:02...

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-django-utils-html-urlize-mprogrammer

November 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:mprogrammerLink to Submitters Profile:https://hackerone.com/mprogrammer Report Title:CVE-2024-41990: Potential denial-of-service in djangoutilshtmlurlize()Report...

HackerOne Bug Bounty Disclosure: cve-redos-vulnerability-in-rexml-manun

November 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:manunLink to Submitters Profile:https://hackerone.com/manun Report Title:CVE-2024-49761: ReDoS vulnerability in REXMLReport...

HackerOne Bug Bounty Disclosure: rate-limit-bypass-on-passport-acronis-work-using-x-forwarded-for-request-header-analyz-r

November 28, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:analyz3rLink to Submitters Profile:https://hackerone.com/analyz3r Report Title:Rate limit bypass on passportacroniswork using X-Forwarded-For...

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

November 25, 2024

Company Name: Mars Company HackerOne URL: https://hackerone.com/mars Submitted By:the-white-evilLink to Submitters Profile:https://hackerone.com/the-white-evil Report Title:Reflected HTML Injection via contact (faq) search...

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

November 25, 2024

bug bounty

HackerOne Bug Bounty Disclosure: lack-of-url-validation-in-avatarurl-at-v-profile-marcotuliocnd

HackerOne Bug Bounty Disclosure: -oem-acronis-com-reflected-cross-site-scripting-darkdream

HackerOne Bug Bounty Disclosure: a-potential-risk-in-the-aws-lambda-ecs-run-task-which-can-be-used-to-privilege-escalation-zolaer

HackerOne Bug Bounty Disclosure: hackers-attack-curl-vulnerability-accessing-sensitive-information-scottarterbury

HackerOne Bug Bounty Disclosure: reflected-xss-on-amazon-ec-instance-perigou

HackerOne Bug Bounty Disclosure: cve-perigou

HackerOne Bug Bounty Disclosure: access-to-limited-confidential-information-of-private-program-as-a-ex-reporter-report-participant-external-user-ex-staff-member-sarthakbhingare

HackerOne Bug Bounty Disclosure: bypass-upgrade-to-add-project-restriction-in-free-account-to-create-multiple-projects-without-upgrading-mrm-nk

HackerOne Bug Bounty Disclosure: bypass-of-this-fixed-inadequate-protocol-restriction-enforcement-in-curl-hackeriron

HackerOne Bug Bounty Disclosure: forced-oauth-authorization-using-button-id-in-hash-and-holding-space-j-r-an

HackerOne Bug Bounty Disclosure: incomplete-sanitization-in-svg-preview-provider-pulsejet

HackerOne Bug Bounty Disclosure: nextcloud-mail-does-not-respect-download-permissions-in-shares-rullzer

HackerOne Bug Bounty Disclosure: x-e-ee-signature-verification-can-be-bypassed-leading-to-loss-of-confidentiality-of-end-to-end-encrypted-files-d-xuan

HackerOne Bug Bounty Disclosure: netrc-redirect-credential-leak-nyymi

HackerOne Bug Bounty Disclosure: rce-on-worker-host-due-to-unsanitized-env-variable-name-in-task-definition-on-community-tc-services-mozilla-com-ebrietas

HackerOne Bug Bounty Disclosure: cve-apache-airflow-command-injection-in-read-dataset-event-from-classic-dag-nhienit

HackerOne Bug Bounty Disclosure: -addons-preview-cdn-mozilla-net-a-subdomain-takeover-is-available-via-unregistered-domain-in-fastly-haveaniceday

HackerOne Bug Bounty Disclosure: buffer-overflow-vulnerability-in-strcpy-leading-to-remote-code-execution-tix

HackerOne Bug Bounty Disclosure: open-redirected-by-host-header-black-world

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-django-utils-html-urlize-mprogrammer

HackerOne Bug Bounty Disclosure: cve-redos-vulnerability-in-rexml-manun

HackerOne Bug Bounty Disclosure: rate-limit-bypass-on-passport-acronis-work-using-x-forwarded-for-request-header-analyz-r

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

[FUNKSEC] – Ransomware Victim: scps[.]mp[.]gov[.]in

CVE Alert: CVE-2024-56045

CVE Alert: CVE-2024-56040

CVE Alert: CVE-2024-56061

CVE Alert: CVE-2024-56044

You may have missed