bug bounty

HackerOne Bug Bounty Disclosure: django-debug-mode-enabled-information-disclosure-on-api-wwm-dev-autodesk-com-khoof

March 18, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:khoofLink to Submitters Profile:https://hackerone.com/khoof Report Title:Django Debug Mode Enabled - Information Disclosure...

HackerOne Bug Bounty Disclosure: ssrf-in-autodesk-rendering-leading-to-account-takeover-metereorpreter

March 18, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:metereorpreterLink to Submitters Profile:https://hackerone.com/metereorpreter Report Title:SSRF in Autodesk Rendering leading to account...

HackerOne Bug Bounty Disclosure: -fa-bypass-leads-to-impersonation-of-legimate-users-dedoxd

March 14, 2025

Company Name: Drugs.com Company HackerOne URL: https://hackerone.com/drugs_com Submitted By:dedoxd2Link to Submitters Profile:https://hackerone.com/dedoxd2 Report Title:2FA Bypass leads to impersonation of legimate...

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-found-in-custom-integration-app-on-hxxps-admin-b-autodesk-com-the-white-evil

March 14, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:the-white-evilLink to Submitters Profile:https://hackerone.com/the-white-evil Report Title:Stored Cross-Site Scripting found in custom integration...

HackerOne Bug Bounty Disclosure: cgi-scripts-wordlist-entry-for-windmail-exe-has-payload-that-sends-arbitrary-file-read-result-to-third-party-floyd

March 13, 2025

Company Name: PortSwigger Web Security Company HackerOne URL: https://hackerone.com/portswigger Submitted By:floydLink to Submitters Profile:https://hackerone.com/floyd Report Title:cgi scripts wordlist entry for...

HackerOne Bug Bounty Disclosure: domain-highlighting-on-external-link-warning-is-not-working-on-chrome-microsoft-edge-browsers-on-mobile-sarthakbhingare

March 13, 2025

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:sarthakbhingare015Link to Submitters Profile:https://hackerone.com/sarthakbhingare015 Report Title:Domain highlighting on External link warning is...

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-in-mercadopago-com-ar-elmago

March 13, 2025

Company Name: MercadoLibre Company HackerOne URL: https://hackerone.com/mercadolibre Submitted By:elmagoLink to Submitters Profile:https://hackerone.com/elmago Report Title:Stored Cross-Site Scripting in mercadopagocomarReport Link:https://hackerone.com/reports/1955485Date Submitted:13...

HackerOne Bug Bounty Disclosure: sqli-in-url-paths-almuntadhar

March 6, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:almuntadharLink to Submitters Profile:https://hackerone.com/almuntadhar Report Title:SQLi | in URL pathsReport Link:https://hackerone.com/reports/2958619Date...

HackerOne Bug Bounty Disclosure: use-after-free-read-in-curl-multi-perform-with-doh-and-proxy-options-and-resolve-timeouts-catenacyber

March 6, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:catenacyberLink to Submitters Profile:https://hackerone.com/catenacyber Report Title:Use after free (read) in curl_multi_perform with...

HackerOne Bug Bounty Disclosure: exposing-debug-log-file-leads-to-server-full-path-disclosure-kanon

March 6, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:kanon4Link to Submitters Profile:https://hackerone.com/kanon4 Report Title:Exposing debuglog file leads to server full...

HackerOne Bug Bounty Disclosure: cve-on-payapps-com-khoof

March 5, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:khoofLink to Submitters Profile:https://hackerone.com/khoof Report Title:CVE-2023-5561 on PayappscomReport Link:https://hackerone.com/reports/2997549Date Submitted:05 March 2025...

HackerOne Bug Bounty Disclosure: sensitive-api-key-leakage-hemant

March 4, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:hemant1Link to Submitters Profile:https://hackerone.com/hemant1 Report Title:Sensitive API Key LeakageReport Link:https://hackerone.com/reports/3017105Date Submitted:04...

HackerOne Bug Bounty Disclosure: ability-to-add-and-verify-uncontrolled-mobile-numbers-leading-to-account-takeover-ato-trev-ck

March 4, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:trev0ckLink to Submitters Profile:https://hackerone.com/trev0ck Report Title:Ability to Add and Verify Uncontrolled...

HackerOne Bug Bounty Disclosure: broken-access-control-leads-to-disclosure-of-transaction-history-via-v-rechargetransactionhistory-endpoint-hafiz-ng

March 2, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:hafiz-ngLink to Submitters Profile:https://hackerone.com/hafiz-ng Report Title:Broken Access Control leads to disclosure...

HackerOne Bug Bounty Disclosure: admin-dashboard-access-leads-to-updating-merchant-info-tinopreter

March 2, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:tinopreterLink to Submitters Profile:https://hackerone.com/tinopreter Report Title:Admin Dashboard Access Leads to Updating...

HackerOne Bug Bounty Disclosure: unsufficent-input-verification-leads-to-dos-and-resource-consumption-tinine

February 26, 2025

Company Name: Sorare Company HackerOne URL: https://hackerone.com/sorare Submitted By:tinineLink to Submitters Profile:https://hackerone.com/tinine Report Title:Unsufficent input verification leads to DoS and...

HackerOne Bug Bounty Disclosure: stored-xss-via-post-tittle-enabling-non-privileged-user-to-privileged-user-exploitation-on-hxxps-forums-autodesk-com-the-white-evil

February 26, 2025

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-datazone-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

February 26, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the Datazone...

HackerOne Bug Bounty Disclosure: burp-suite-extensions-can-execute-arbitrary-code-iamunixtz

February 26, 2025

Company Name: PortSwigger Web Security Company HackerOne URL: https://hackerone.com/portswigger Submitted By:iamunixtzLink to Submitters Profile:https://hackerone.com/iamunixtz Report Title:Burp Suite extensions can execute...

HackerOne Bug Bounty Disclosure: account-takeover-via-password-reset-without-user-interactions-asterion

February 26, 2025

Company Name: GitLab Company HackerOne URL: https://hackerone.com/gitlab Submitted By:asterion04Link to Submitters Profile:https://hackerone.com/asterion04 Report Title:Account Takeover via Password Reset without user...

HackerOne Bug Bounty Disclosure: uncontrolled-resource-consumption-when-parsing-maliciously-crafted-xml-with-rexml-l-thaxor

February 20, 2025

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:l33thaxorLink to Submitters Profile:https://hackerone.com/l33thaxor Report Title:Uncontrolled Resource Consumption when parsing maliciously crafted...

HackerOne Bug Bounty Disclosure: unauthenticated-phpinfo-files-could-lead-to-ability-file-read-at-h-f-n-ips-mtn-co-ug-dashboard-offensiveops

February 20, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:offensiveopsLink to Submitters Profile:https://hackerone.com/offensiveops Report Title:Unauthenticated phpinfo()files could lead to ability...

HackerOne Bug Bounty Disclosure: format-string-vulnerability-curl-msnprintf-function-orcahack

February 20, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:orcahackLink to Submitters Profile:https://hackerone.com/orcahack Report Title:Format string vulnerability, curl_msnprintf() function Report Link:https://hackerone.com/reports/2990139Date...

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-idor-vulnerability-in-autodesk-user-profile-eyax

February 19, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:eyax0Link to Submitters Profile:https://hackerone.com/eyax0 Report Title:Insecure Direct Object Reference (IDOR) Vulnerability in...

bug bounty

HackerOne Bug Bounty Disclosure: django-debug-mode-enabled-information-disclosure-on-api-wwm-dev-autodesk-com-khoof

HackerOne Bug Bounty Disclosure: ssrf-in-autodesk-rendering-leading-to-account-takeover-metereorpreter

HackerOne Bug Bounty Disclosure: -fa-bypass-leads-to-impersonation-of-legimate-users-dedoxd

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-found-in-custom-integration-app-on-hxxps-admin-b-autodesk-com-the-white-evil

HackerOne Bug Bounty Disclosure: cgi-scripts-wordlist-entry-for-windmail-exe-has-payload-that-sends-arbitrary-file-read-result-to-third-party-floyd

HackerOne Bug Bounty Disclosure: domain-highlighting-on-external-link-warning-is-not-working-on-chrome-microsoft-edge-browsers-on-mobile-sarthakbhingare

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-in-mercadopago-com-ar-elmago

HackerOne Bug Bounty Disclosure: sqli-in-url-paths-almuntadhar

HackerOne Bug Bounty Disclosure: use-after-free-read-in-curl-multi-perform-with-doh-and-proxy-options-and-resolve-timeouts-catenacyber

HackerOne Bug Bounty Disclosure: exposing-debug-log-file-leads-to-server-full-path-disclosure-kanon

HackerOne Bug Bounty Disclosure: cve-on-payapps-com-khoof

HackerOne Bug Bounty Disclosure: sensitive-api-key-leakage-hemant

HackerOne Bug Bounty Disclosure: ability-to-add-and-verify-uncontrolled-mobile-numbers-leading-to-account-takeover-ato-trev-ck

HackerOne Bug Bounty Disclosure: broken-access-control-leads-to-disclosure-of-transaction-history-via-v-rechargetransactionhistory-endpoint-hafiz-ng

HackerOne Bug Bounty Disclosure: admin-dashboard-access-leads-to-updating-merchant-info-tinopreter

HackerOne Bug Bounty Disclosure: unsufficent-input-verification-leads-to-dos-and-resource-consumption-tinine

HackerOne Bug Bounty Disclosure: stored-xss-via-post-tittle-enabling-non-privileged-user-to-privileged-user-exploitation-on-hxxps-forums-autodesk-com-the-white-evil

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-datazone-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

HackerOne Bug Bounty Disclosure: burp-suite-extensions-can-execute-arbitrary-code-iamunixtz

HackerOne Bug Bounty Disclosure: account-takeover-via-password-reset-without-user-interactions-asterion

HackerOne Bug Bounty Disclosure: uncontrolled-resource-consumption-when-parsing-maliciously-crafted-xml-with-rexml-l-thaxor

HackerOne Bug Bounty Disclosure: unauthenticated-phpinfo-files-could-lead-to-ability-file-read-at-h-f-n-ips-mtn-co-ug-dashboard-offensiveops

HackerOne Bug Bounty Disclosure: format-string-vulnerability-curl-msnprintf-function-orcahack

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-idor-vulnerability-in-autodesk-user-profile-eyax

Unleashing the Power of Artificial Intelligence in Cybersecurity

Supply Chain Attack Exposes Secrets of 23,000 Organizations via Tj-actions

Empowering Non-Profits: New Security Database Launched for Cyber Safety

£1M in Losses from UK Social Media and Email Account Hacks Surge by 57%

Demand for Transparency in Apple’s UK Backdoor Court Battle by US Legislators

You may have missed