bug bounty

hackerone

HackerOne Bug Bounty Disclosure: rdoc-methodattr-is-vulnerable-to-regular-expression-denial-of-service-redos-sighook

July 18, 2023

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:sighookLink to Submitters Profile:https://hackerone.com/sighook Report Title:RDoc::MethodAttr is vulnerable to Regular Expression Denial...

Read MoreRead more about HackerOne Bug Bounty Disclosure: rdoc-methodattr-is-vulnerable-to-regular-expression-denial-of-service-redos-sighook
hackerone

HackerOne Bug Bounty Disclosure: an-idor-that-can-lead-to-enumeration-of-a-user-and-disclosure-of-email-and-phone-number-within-cashier-miquinho

July 17, 2023

Company Name: Unikrn Company HackerOne URL: https://hackerone.com/unikrn Submitted By:miquinhoLink to Submitters Profile:https://hackerone.com/miquinho Report Title:An IDOR that can lead to enumeration...

Read MoreRead more about HackerOne Bug Bounty Disclosure: an-idor-that-can-lead-to-enumeration-of-a-user-and-disclosure-of-email-and-phone-number-within-cashier-miquinho
hackerone

HackerOne Bug Bounty Disclosure: an-attacker-can-can-view-any-hacker-email-via-savecollaboratorsmutation-operation-name–xrayan

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0xrayan1996Link to Submitters Profile:https://hackerone.com/0xrayan1996 Report Title:An attacker can can view any hacker...

Read MoreRead more about HackerOne Bug Bounty Disclosure: an-attacker-can-can-view-any-hacker-email-via-savecollaboratorsmutation-operation-name–xrayan
hackerone

HackerOne Bug Bounty Disclosure: metamask-browser-url-and-transaction-origin-spoofing-metamask-wallet-android-metamask-wallet-ios-renekroka

July 14, 2023

Company Name: MetaMask Company HackerOne URL: https://hackerone.com/metamask Submitted By:renekrokaLink to Submitters Profile:https://hackerone.com/renekroka Report Title:MetaMask Browser URL and Transaction Origin Spoofing...

Read MoreRead more about HackerOne Bug Bounty Disclosure: metamask-browser-url-and-transaction-origin-spoofing-metamask-wallet-android-metamask-wallet-ios-renekroka
hackerone

HackerOne Bug Bounty Disclosure: improper-authentication-inside-the-rockstar-games-launcher-which-leads-to-account-takeover-to-some-extend–xshivam

July 14, 2023

Company Name: Rockstar Games Company HackerOne URL: https://hackerone.com/rockstargames Submitted By:0xshivamLink to Submitters Profile:https://hackerone.com/0xshivam Report Title:Improper Authentication inside the Rockstar Games...

Read MoreRead more about HackerOne Bug Bounty Disclosure: improper-authentication-inside-the-rockstar-games-launcher-which-leads-to-account-takeover-to-some-extend–xshivam
hackerone

HackerOne Bug Bounty Disclosure: internal-machine-learning-api-endpoint-for-cwe-classification-is-vulnerable-to-path-traversal-jobert

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:jobertLink to Submitters Profile:https://hackerone.com/jobert Report Title:Internal machine learning API endpoint for CWE...

Read MoreRead more about HackerOne Bug Bounty Disclosure: internal-machine-learning-api-endpoint-for-cwe-classification-is-vulnerable-to-path-traversal-jobert
hackerone

HackerOne Bug Bounty Disclosure: banned-user-still-able-to-invited-to-reports-as-a-collabrator-and-reset-the-password-light-r

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:light3rLink to Submitters Profile:https://hackerone.com/light3r Report Title:Banned user still able to invited to...

Read MoreRead more about HackerOne Bug Bounty Disclosure: banned-user-still-able-to-invited-to-reports-as-a-collabrator-and-reset-the-password-light-r
hackerone

HackerOne Bug Bounty Disclosure: arbitrary-file-write-triggered-by-deeplink-abuse-metamask-android-hackerontwowheels

July 14, 2023

Company Name: MetaMask Company HackerOne URL: https://hackerone.com/metamask Submitted By:hackerontwowheelsLink to Submitters Profile:https://hackerone.com/hackerontwowheels Report Title:Arbitrary file write triggered by deeplink abuse...

Read MoreRead more about HackerOne Bug Bounty Disclosure: arbitrary-file-write-triggered-by-deeplink-abuse-metamask-android-hackerontwowheels
hackerone

HackerOne Bug Bounty Disclosure: server-side-rce-through-directory-traversal-based-arbitrary-file-write-fabianfreyer

July 14, 2023

Company Name: Rocket.Chat Company HackerOne URL: https://hackerone.com/rocket_chat Submitted By:fabianfreyerLink to Submitters Profile:https://hackerone.com/fabianfreyer Report Title:Server-side RCE through directory traversal-based arbitrary file...

Read MoreRead more about HackerOne Bug Bounty Disclosure: server-side-rce-through-directory-traversal-based-arbitrary-file-write-fabianfreyer
hackerone

HackerOne Bug Bounty Disclosure: rce-via-npm-misconfig-installing-internal-libraries-from-the-public-registry-x-loser

July 14, 2023

Company Name: SHEIN Company HackerOne URL: https://hackerone.com/shein Submitted By:x1337loserLink to Submitters Profile:https://hackerone.com/x1337loser Report Title:RCE via npm misconfig -- installing internal...

Read MoreRead more about HackerOne Bug Bounty Disclosure: rce-via-npm-misconfig-installing-internal-libraries-from-the-public-registry-x-loser
hackerone

HackerOne Bug Bounty Disclosure: asset-inventory-internal-descriptions-are-leaked-in-csv-export-the-arch-angel

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:the_arch_angelLink to Submitters Profile:https://hackerone.com/the_arch_angel Report Title:Asset Inventory Internal Descriptions are leaked in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: asset-inventory-internal-descriptions-are-leaked-in-csv-export-the-arch-angel

You may have missed

image

CVE Alert: CVE-2025-0454

March 21, 2025
image

CVE Alert: CVE-2025-0655

March 21, 2025
image

CVE Alert: CVE-2025-0508

March 21, 2025
image

CVE Alert: CVE-2025-1040

March 21, 2025
image

CVE Alert: CVE-2025-0628

March 21, 2025