bug bounty

HackerOne Bug Bounty Disclosure: b-critical-curl-cve-vulnerability-code-changes-are-disclosed-on-the-internet-b-shelldoit

October 16, 2023

Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'shelldoit'Link to Submitters Profile:https://hackerone.com/b'shelldoit' Report Title:b' Curl CVE-2023-38545 vulnerability code changes are...

HackerOne Bug Bounty Disclosure: b-inviting-excessive-long-email-addresses-to-a-calendar-event-makes-the-server-unresponsive-b-shuvam

October 16, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'shuvam321'Link to Submitters Profile:https://hackerone.com/b'shuvam321' Report Title:b'Inviting excessive long email addresses to a...

HackerOne Bug Bounty Disclosure: b-client-side-string-length-check-b-tomh

October 14, 2023

Company Name: b'Khan Academy' Company HackerOne URL: https://hackerone.com/khanacademy Submitted By:b'tomh'Link to Submitters Profile:https://hackerone.com/b'tomh' Report Title:b'Client Side string length check'Report Link:https://hackerone.com/reports/1244798Date...

HackerOne Bug Bounty Disclosure: b-exposing-django-debug-panel-and-sensitive-infrastructure-information-at-https-dev-fxprivaterelay-nonprod-cloudops-mozgcp-net-b-aliend

October 13, 2023

Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'aliend89'Link to Submitters Profile:https://hackerone.com/b'aliend89' Report Title:b'Exposing Django Debug Panel and...

HackerOne Bug Bounty Disclosure: b-xss-reflected-pqm-tva-com-b-tvmbug

October 13, 2023

Company Name: b'Tennessee Valley Authority' Company HackerOne URL: https://hackerone.com/tennessee-valley-authority Submitted By:b'tvmbug'Link to Submitters Profile:https://hackerone.com/b'tvmbug' Report Title:b'xss reflected - pqm.tva.com'Report Link:https://hackerone.com/reports/1363001Date...

HackerOne Bug Bounty Disclosure: b-potential-spoofing-risk-through-firefox-private-relay-service-b-nicholas-cw

October 13, 2023

Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'nicholas_cw'Link to Submitters Profile:https://hackerone.com/b'nicholas_cw' Report Title:b'Potential Spoofing Risk through Firefox...

HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-b-holybugx

October 13, 2023

Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'holybugx'Link to Submitters Profile:https://hackerone.com/b'holybugx' Report Title:b'Subdomain takeover on one of...

HackerOne Bug Bounty Disclosure: b-admin-mytva-com-customer-lookup-and-internal-notes-bypass-b-itssixtynein

October 13, 2023

Company Name: b'Tennessee Valley Authority' Company HackerOne URL: https://hackerone.com/tennessee-valley-authority Submitted By:b'itssixtynein'Link to Submitters Profile:https://hackerone.com/b'itssixtynein' Report Title:b'Admin.MyTVA.com Customer lookup and internal...

HackerOne Bug Bounty Disclosure: b-stored-xss-at-nordvpn-com-b-tvmbug

October 12, 2023

Company Name: b'Nord Security' Company HackerOne URL: https://hackerone.com/nordsecurity Submitted By:b'tvmbug'Link to Submitters Profile:https://hackerone.com/b'tvmbug' Report Title:b'Stored XSS at nordvpn.com'Report Link:https://hackerone.com/reports/1841042Date Submitted:12...

HackerOne Bug Bounty Disclosure: b-cve-socks-heap-buffer-overflow-b-raysatiro

October 11, 2023

Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'raysatiro'Link to Submitters Profile:https://hackerone.com/b'raysatiro' Report Title:b'CVE-2023-38545: socks5 heap buffer overflow'Report Link:https://hackerone.com/reports/2187833Date Submitted:11...

HackerOne Bug Bounty Disclosure: b-cve-cookie-injection-with-none-file-b-w-x

October 11, 2023

Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'w0x42'Link to Submitters Profile:https://hackerone.com/b'w0x42' Report Title:b'CVE-2023-38546: cookie injection with none file'Report Link:https://hackerone.com/reports/2148242Date...

HackerOne Bug Bounty Disclosure: b-uaf-on-jsethereumprovider-b-nick-ve

October 11, 2023

Company Name: b'Brave Software' Company HackerOne URL: https://hackerone.com/brave Submitted By:b'nick0ve'Link to Submitters Profile:https://hackerone.com/b'nick0ve' Report Title:b'UAF on JSEthereumProvider'Report Link:https://hackerone.com/reports/1977252Date Submitted:11 October...

HackerOne Bug Bounty Disclosure: b-rce-of-burp-scanner-crawler-via-clickjacking-b-mattaustin

October 10, 2023

Company Name: b'PortSwigger Web Security' Company HackerOne URL: https://hackerone.com/portswigger Submitted By:b'mattaustin'Link to Submitters Profile:https://hackerone.com/b'mattaustin' Report Title:b'RCE of Burp Scanner /...

HackerOne Bug Bounty Disclosure: b-limited-path-traversal-in-node-js-sdk-leads-to-pii-disclosure-b-zerodivisi-n

October 10, 2023

Company Name: b'Stripe' Company HackerOne URL: https://hackerone.com/stripe Submitted By:b'zerodivisi0n'Link to Submitters Profile:https://hackerone.com/b'zerodivisi0n' Report Title:b'Limited path traversal in Node.js SDK leads...

HackerOne Bug Bounty Disclosure: b-rce-and-dos-in-cosmovisor-b-strikeout

October 10, 2023

Company Name: b'Cosmos' Company HackerOne URL: https://hackerone.com/cosmos Submitted By:b'strikeout'Link to Submitters Profile:https://hackerone.com/b'strikeout' Report Title:b'RCE and DoS in Cosmovisor'Report Link:https://hackerone.com/reports/2094056Date Submitted:10...

HackerOne Bug Bounty Disclosure: b-no-rate-limit-in-login-page-b-mr-sparrow

October 9, 2023

Company Name: b'On ' Company HackerOne URL: https://hackerone.com/on Submitted By:b'mr_sparrow'Link to Submitters Profile:https://hackerone.com/b'mr_sparrow' Report Title:b'No Rate Limit in Login Page'Report...

HackerOne Bug Bounty Disclosure: b-xss-from-mastodon-embeds-b-lotsofloops

October 9, 2023

Company Name: b'IRCCloud' Company HackerOne URL: https://hackerone.com/irccloud Submitted By:b'lotsofloops'Link to Submitters Profile:https://hackerone.com/b'lotsofloops' Report Title:b'XSS from Mastodon embeds'Report Link:https://hackerone.com/reports/1887917Date Submitted:09 October...

HackerOne Bug Bounty Disclosure: b-stored-xss-in-plan-name-field-acronis-cyber-protect-b-und-sc-n-c-d

October 9, 2023

Company Name: b'Acronis' Company HackerOne URL: https://hackerone.com/acronis Submitted By:b'und3sc0n0c1d0'Link to Submitters Profile:https://hackerone.com/b'und3sc0n0c1d0' Report Title:b'Stored XSS in plan name field (Acronis...

HackerOne Bug Bounty Disclosure: b-cve-permissions-policies-can-impersonate-other-modules-in-using-module-constructor-createrequire-b-haxatron

October 8, 2023

Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'haxatron1'Link to Submitters Profile:https://hackerone.com/b'haxatron1' Report Title:b'(CVE-2023-32006) Permissions policies can impersonate...

HackerOne Bug Bounty Disclosure: b-previously-created-sessions-continue-being-valid-after-fa-activation-b-tanvir-x

October 7, 2023

Company Name: b'WordPress' Company HackerOne URL: https://hackerone.com/wordpress Submitted By:b'tanvir0x'Link to Submitters Profile:https://hackerone.com/b'tanvir0x' Report Title:b'Previously created sessions continue being valid after...

HackerOne Bug Bounty Disclosure: b-draft-report-exposure-via-slack-alerting-system-for-programs-b-imranhudaa

October 6, 2023

Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'imranhudaa'Link to Submitters Profile:https://hackerone.com/b'imranhudaa' Report Title:b'Draft report exposure via slack alerting system...

HackerOne Bug Bounty Disclosure: b-mysupport-informatica-com-reflected-xss-b-mtk

October 5, 2023

Company Name: b'Informatica' Company HackerOne URL: https://hackerone.com/informatica Submitted By:b'mtk0308'Link to Submitters Profile:https://hackerone.com/b'mtk0308' Report Title:b' - reflected XSS'Report Link:https://hackerone.com/reports/39069Date Submitted:05 October...

HackerOne Bug Bounty Disclosure: b-reflected-xss-in-oauth-login-flow-https-access-line-me-b-tosun

October 4, 2023

Company Name: b'LY Corporation' Company HackerOne URL: https://hackerone.com/line Submitted By:b'tosun'Link to Submitters Profile:https://hackerone.com/b'tosun' Report Title:b'Reflected XSS in OAUTH2 login flow...

HackerOne Bug Bounty Disclosure: b-bypassing-garbage-collection-with-uppercase-endpoint-b-h-xploit

October 4, 2023

Company Name: b'inDrive' Company HackerOne URL: https://hackerone.com/indrive Submitted By:b'h1xploit'Link to Submitters Profile:https://hackerone.com/b'h1xploit' Report Title:b'Bypassing Garbage Collection with Uppercase Endpoint'Report Link:https://hackerone.com/reports/2078527Date...

bug bounty

HackerOne Bug Bounty Disclosure: b-critical-curl-cve-vulnerability-code-changes-are-disclosed-on-the-internet-b-shelldoit

HackerOne Bug Bounty Disclosure: b-inviting-excessive-long-email-addresses-to-a-calendar-event-makes-the-server-unresponsive-b-shuvam

HackerOne Bug Bounty Disclosure: b-client-side-string-length-check-b-tomh

HackerOne Bug Bounty Disclosure: b-exposing-django-debug-panel-and-sensitive-infrastructure-information-at-https-dev-fxprivaterelay-nonprod-cloudops-mozgcp-net-b-aliend

HackerOne Bug Bounty Disclosure: b-xss-reflected-pqm-tva-com-b-tvmbug

HackerOne Bug Bounty Disclosure: b-potential-spoofing-risk-through-firefox-private-relay-service-b-nicholas-cw

HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-b-holybugx

HackerOne Bug Bounty Disclosure: b-admin-mytva-com-customer-lookup-and-internal-notes-bypass-b-itssixtynein

HackerOne Bug Bounty Disclosure: b-stored-xss-at-nordvpn-com-b-tvmbug

HackerOne Bug Bounty Disclosure: b-cve-socks-heap-buffer-overflow-b-raysatiro

HackerOne Bug Bounty Disclosure: b-cve-cookie-injection-with-none-file-b-w-x

HackerOne Bug Bounty Disclosure: b-uaf-on-jsethereumprovider-b-nick-ve

HackerOne Bug Bounty Disclosure: b-rce-of-burp-scanner-crawler-via-clickjacking-b-mattaustin

HackerOne Bug Bounty Disclosure: b-limited-path-traversal-in-node-js-sdk-leads-to-pii-disclosure-b-zerodivisi-n

HackerOne Bug Bounty Disclosure: b-rce-and-dos-in-cosmovisor-b-strikeout

HackerOne Bug Bounty Disclosure: b-no-rate-limit-in-login-page-b-mr-sparrow

HackerOne Bug Bounty Disclosure: b-xss-from-mastodon-embeds-b-lotsofloops

HackerOne Bug Bounty Disclosure: b-stored-xss-in-plan-name-field-acronis-cyber-protect-b-und-sc-n-c-d

HackerOne Bug Bounty Disclosure: b-cve-permissions-policies-can-impersonate-other-modules-in-using-module-constructor-createrequire-b-haxatron

HackerOne Bug Bounty Disclosure: b-previously-created-sessions-continue-being-valid-after-fa-activation-b-tanvir-x

HackerOne Bug Bounty Disclosure: b-draft-report-exposure-via-slack-alerting-system-for-programs-b-imranhudaa

HackerOne Bug Bounty Disclosure: b-mysupport-informatica-com-reflected-xss-b-mtk

HackerOne Bug Bounty Disclosure: b-reflected-xss-in-oauth-login-flow-https-access-line-me-b-tosun

HackerOne Bug Bounty Disclosure: b-bypassing-garbage-collection-with-uppercase-endpoint-b-h-xploit

CVE Alert: CVE-2024-13412

CVE Alert: CVE-2024-13410

CVE Alert: CVE-2024-12137

CVE Alert: CVE-2024-13790

CVE Alert: CVE-2024-12136

You may have missed