bug bounty

HackerOne Bug Bounty Disclosure: cookie-is-sent-on-redirect-iylz

March 28, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:iylzLink to Submitters Profile:https://hackerone.com/iylz Report Title:cookie is sent on redirectReport Link:https://hackerone.com/reports/2352676Date Submitted:28...

HackerOne Bug Bounty Disclosure: xss-in-gocd-analytics-plugin-redyetihacks

March 27, 2024

Company Name: GoCD Company HackerOne URL: https://hackerone.com/gocd Submitted By:redyetihacksLink to Submitters Profile:https://hackerone.com/redyetihacks Report Title:XSS in GOCD Analytics PluginReport Link:https://hackerone.com/reports/2433634Date Submitted:27...

HackerOne Bug Bounty Disclosure: cve-quic-certificate-check-bypass-with-wolfssl-fullmetal

March 27, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:fullmetal5Link to Submitters Profile:https://hackerone.com/fullmetal5 Report Title:CVE-2024-2379: QUIC certificate check bypass with wolfSSLReport...

HackerOne Bug Bounty Disclosure: cve-usage-of-disabled-protocol-dfandrich

March 27, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:dfandrichLink to Submitters Profile:https://hackerone.com/dfandrich Report Title:CVE-2024-2004: Usage of disabled protocolReport Link:https://hackerone.com/reports/2384833Date Submitted:27...

HackerOne Bug Bounty Disclosure: cve-ocsp-verification-bypass-with-tls-session-reuse-kurohiro

March 27, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:kurohiroLink to Submitters Profile:https://hackerone.com/kurohiro Report Title:CVE-2024-0853: OCSP verification bypass with...

HackerOne Bug Bounty Disclosure: http-push-promise-dos-w-x

March 27, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:w0x42Link to Submitters Profile:https://hackerone.com/w0x42 Report Title:HTTP/2 PUSH_PROMISE DoSReport Link:https://hackerone.com/reports/2402853Date Submitted:27 March 2024...

HackerOne Bug Bounty Disclosure: cve-http-push-headers-memory-leak-w-x

March 27, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:w0x42Link to Submitters Profile:https://hackerone.com/w0x42 Report Title:CVE-2024-2398: HTTP/2 push headers memory-leakReport Link:https://hackerone.com/reports/2402845Date Submitted:27...

HackerOne Bug Bounty Disclosure: cve-tls-certificate-check-bypass-with-mbedtls-frankyueh

March 27, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:frankyuehLink to Submitters Profile:https://hackerone.com/frankyueh Report Title:CVE-2024-2466: TLS certificate check bypass with mbedTLSReport...

HackerOne Bug Bounty Disclosure: view-any-user-email-using-the-team-s-audit-log-section–verw-tch

March 26, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0verw4tchLink to Submitters Profile:https://hackerone.com/0verw4tch Report Title:View any user email using the Team's...

HackerOne Bug Bounty Disclosure: creation-of-bounties-through-customer-api-leads-to-private-email-disclosure–verw-tch

March 26, 2024

HackerOne Bug Bounty Disclosure: authentication-bypass-with-usage-of-presignedurl-kolokokop

March 22, 2024

Company Name: ownCloud Company HackerOne URL: https://hackerone.com/owncloud Submitted By:kolokokopLink to Submitters Profile:https://hackerone.com/kolokokop Report Title:Authentication Bypass with usage of PreSignedURLReport Link:https://hackerone.com/reports/2337427Date...

HackerOne Bug Bounty Disclosure: reflective-cross-site-scripting-xss-on-pages-anonymlss

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:anonymlssLink to Submitters Profile:https://hackerone.com/anonymlss Report Title:Reflective Cross Site Scripting...

HackerOne Bug Bounty Disclosure: full-access-to-sonarqube-and-docker-elevenoo

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:elevenoo1Link to Submitters Profile:https://hackerone.com/elevenoo1 Report Title:Full Access to sonarQube...

HackerOne Bug Bounty Disclosure: resource-injection-geej

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:geejLink to Submitters Profile:https://hackerone.com/geej Report Title:Resource Injection - Report...

HackerOne Bug Bounty Disclosure: parmetro-xss-nome-de-usurio-chor-o

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:chor4oLink to Submitters Profile:https://hackerone.com/chor4o Report Title:Parmetro XSS: Nome de...

HackerOne Bug Bounty Disclosure: dbms-information-getting-exposed-publicly-on-dishant-singh

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:dishant_singhLink to Submitters Profile:https://hackerone.com/dishant_singh Report Title:DBMS information getting exposed...

HackerOne Bug Bounty Disclosure: attacker-can-add-itself-as-admin-user-and-can-also-change-privileges-of-existing-users-dishant-singh

March 22, 2024

HackerOne Bug Bounty Disclosure: xss-chor-o

March 22, 2024

HackerOne Bug Bounty Disclosure: improper-authentication-login-without-registration-with-any-user-at-archyxsec

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:archyxsecLink to Submitters Profile:https://hackerone.com/archyxsec Report Title:Improper Authentication (Login without...

HackerOne Bug Bounty Disclosure: -leaking-pii-of-tour-visitors-names-email-addresses-phone-numbers-via-misconfigured-record-permissions-oxylis

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:oxylisLink to Submitters Profile:https://hackerone.com/oxylis Report Title: leaking PII of...

HackerOne Bug Bounty Disclosure: xss-parameter-s-s-css-chor-o

March 22, 2024

HackerOne Bug Bounty Disclosure: open-redirect-via-non-latin-subdomain-in-vcc-x-com-agui-php-pentestor

March 20, 2024

Company Name: 8x8 Bounty Company HackerOne URL: https://hackerone.com/8x8-bounty Submitted By:pentestorLink to Submitters Profile:https://hackerone.com/pentestor Report Title:Open Redirect via Non-Latin Subdomain in...

HackerOne Bug Bounty Disclosure: patch-method-manipulation-allowing-the-users-to-escalate-their-functionalities-and-edit-upgrade-downgrade-api-keys-settings-which-is-not-allowed-bugsv

March 20, 2024

Company Name: Frontegg Company HackerOne URL: https://hackerone.com/frontegg Submitted By:bugsv2Link to Submitters Profile:https://hackerone.com/bugsv2 Report Title:PATCH method manipulation allowing the users to...

HackerOne Bug Bounty Disclosure: bypassing-the-block-of-security-domain-restriction-and-normally-invite-blocked-domains-with-special-characters-bugsv

March 20, 2024

bug bounty

HackerOne Bug Bounty Disclosure: cookie-is-sent-on-redirect-iylz

HackerOne Bug Bounty Disclosure: xss-in-gocd-analytics-plugin-redyetihacks

HackerOne Bug Bounty Disclosure: cve-quic-certificate-check-bypass-with-wolfssl-fullmetal

HackerOne Bug Bounty Disclosure: cve-usage-of-disabled-protocol-dfandrich

HackerOne Bug Bounty Disclosure: cve-ocsp-verification-bypass-with-tls-session-reuse-kurohiro

HackerOne Bug Bounty Disclosure: http-push-promise-dos-w-x

HackerOne Bug Bounty Disclosure: cve-http-push-headers-memory-leak-w-x

HackerOne Bug Bounty Disclosure: cve-tls-certificate-check-bypass-with-mbedtls-frankyueh

HackerOne Bug Bounty Disclosure: view-any-user-email-using-the-team-s-audit-log-section–verw-tch

HackerOne Bug Bounty Disclosure: creation-of-bounties-through-customer-api-leads-to-private-email-disclosure–verw-tch

HackerOne Bug Bounty Disclosure: authentication-bypass-with-usage-of-presignedurl-kolokokop

HackerOne Bug Bounty Disclosure: reflective-cross-site-scripting-xss-on-pages-anonymlss

HackerOne Bug Bounty Disclosure: full-access-to-sonarqube-and-docker-elevenoo

HackerOne Bug Bounty Disclosure: resource-injection-geej

HackerOne Bug Bounty Disclosure: parmetro-xss-nome-de-usurio-chor-o

HackerOne Bug Bounty Disclosure: dbms-information-getting-exposed-publicly-on-dishant-singh

HackerOne Bug Bounty Disclosure: attacker-can-add-itself-as-admin-user-and-can-also-change-privileges-of-existing-users-dishant-singh

HackerOne Bug Bounty Disclosure: xss-chor-o

HackerOne Bug Bounty Disclosure: improper-authentication-login-without-registration-with-any-user-at-archyxsec

HackerOne Bug Bounty Disclosure: -leaking-pii-of-tour-visitors-names-email-addresses-phone-numbers-via-misconfigured-record-permissions-oxylis

HackerOne Bug Bounty Disclosure: xss-parameter-s-s-css-chor-o

HackerOne Bug Bounty Disclosure: open-redirect-via-non-latin-subdomain-in-vcc-x-com-agui-php-pentestor

HackerOne Bug Bounty Disclosure: patch-method-manipulation-allowing-the-users-to-escalate-their-functionalities-and-edit-upgrade-downgrade-api-keys-settings-which-is-not-allowed-bugsv

HackerOne Bug Bounty Disclosure: bypassing-the-block-of-security-domain-restriction-and-normally-invite-blocked-domains-with-special-characters-bugsv

Ivanti Products Multiple Vulnerabilities

CVE Alert: CVE-2025-0194

CVE Alert: CVE-2024-13189

CVE Alert: CVE-2024-13190

CVE Alert: CVE-2024-12431

You may have missed