HackerOne Bug Bounty Disclosure: full-passcode-bypass-on-nextcloud-app-iosbyctulhu
Programme HackerOne Nextcloud Nextcloud Submitted by ctulhu ctulhu Report Full Passcode bypass on Nextcloud App iOS Full Report A...
bug bounty
HackerOne Bug Bounty Disclosure: use-of-cryptographically-weak-pseudo-random-number-generator-in-webcrypto-keygenbybn00rdhuis
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by bn00rdhuis bn00rdhuis Report Use of Cryptographically Weak Pseudo-Random Number Generator...
HackerOne Bug Bounty Disclosure: inadequate-encryption-strength-in-nodejs-current-reads-openssl-cnf-from-/home/iojs/build/—-upon-startup-on-macosbymhdawson_
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by mhdawson_ mhdawson_ Report Inadequate Encryption Strength in nodejs-current reads openssl.cnf...
HackerOne Bug Bounty Disclosure: http-request-smuggling-due-to-incorrect-parsing-of-header-fieldsbyvwx7
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by vwx7 vwx7 Report HTTP Request Smuggling Due to Incorrect Parsing...
HackerOne Bug Bounty Disclosure: [shop-resmed-com]csrf-leads-to–unsubscribe-victim-from-communication-and–reward-membershipbypranav-pranayx01
Programme HackerOne ResMed ResMed Submitted by pranav-pranayx01 pranav-pranayx01 Report CSRF leads to Unsubscribe victim from Communication and Reward Membership Full...
BugCrowd Bug Bounty Disclosure: – Clickjacking with reflected xss and redirected to google – By Orange_hacker
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: – Auth.Tesla.com Account Takeover of Internal Tesla Accounts – By evanconnelly
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: csrf-protection-on-oidc-login-is-brokenbymikaelgundersen
Programme HackerOne Nextcloud Nextcloud Submitted by mikaelgundersen mikaelgundersen Report CSRF protection on OIDC login is broken Full Report A...
HackerOne Bug Bounty Disclosure: [www-32red-com]-reverse-proxy-misconfiguration-leads-to-1-click-account-takeoverbysw33tlie
Programme HackerOne Kindred Group Kindred Group Submitted by sw33tlie sw33tlie Report Reverse proxy misconfiguration leads to 1-click account takeover Full...
HackerOne Bug Bounty Disclosure: dangling-dns-record-docs-jitsi-net-(unsuccessful-gsuite-takeover)bybababounty99
Programme HackerOne 8x8 Bounty 8x8 Bounty Submitted by bababounty99 bababounty99 Report Dangling DNS Record docs.jitsi.net (unsuccessful GSuite takeover) Full Report...
HackerOne Bug Bounty Disclosure: full-account-takeover-on-*-unibet-com-due-to-crossdomain-xml-and-akamaiplayer-loadercontextbyfransrosen
Programme HackerOne Kindred Group Kindred Group Submitted by fransrosen fransrosen Report Full Account Takeover on *.unibet.com due to crossdomain.xml and...
HackerOne Bug Bounty Disclosure: [unibet-com]-delete-messages-via-idor-at-/mom-api/messages/unibet_@unibet/bynaaash
Programme HackerOne Kindred Group Kindred Group Submitted by naaash naaash Report Delete messages via IDOR at /mom-api/messages/unibet_@unibet/ Full Report ...
BugCrowd Bug Bounty Disclosure: – Linux client – Lack of certificate validation leading to RCE – By mmmdspl
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: unauthorized-user-can-view-subscribers-of-other-users-newslettersbytushar6378
Programme HackerOne LinkedIn LinkedIn Submitted by tushar6378 tushar6378 Report Unauthorized User can View Subscribers of Other Users Newsletters Full Report...
HackerOne Bug Bounty Disclosure: ios-group-chat-denial-of-servicebyyinmo
Programme HackerOne LINE LINE Submitted by yinmo yinmo Report iOS group chat denial of service Full Report A considerable...
HackerOne Bug Bounty Disclosure: stored-xss-via-filename-on-https://partners-line-me/byrioncool22
Programme HackerOne LINE LINE Submitted by rioncool22 rioncool22 Report Stored XSS Via Filename On https://partners.line.me/ Full Report A considerable...
HackerOne Bug Bounty Disclosure: path-traversal-in-a-tomcat-serverbytosun
Programme HackerOne LINE LINE Submitted by tosun tosun Report Path traversal in a Tomcat server Full Report A considerable...
HackerOne Bug Bounty Disclosure: speedtest-8×8-com:-enabled-directory-listingbyshriyanss
Programme HackerOne 8x8 8x8 Submitted by shriyanss shriyanss Report speedtest.8x8.com: Enabled Directory Listing Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: debugging-panel-exposurebytosun
Programme HackerOne LINE LINE Submitted by tosun tosun Report Debugging panel exposure Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: bypassing-creation-of–api-tokens-without-email-verificationbyboy_child_
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by boy_child_ boy_child_ Report Bypassing creation of API tokens...
HackerOne Bug Bounty Disclosure: arbitrary-read-of-all-svg-files-on-a-nextcloud-serverbybncrypted
Programme HackerOne Nextcloud Nextcloud Submitted by bncrypted bncrypted Report Arbitrary read of all SVG files on a Nextcloud server Full...
HackerOne Bug Bounty Disclosure: lack-of-bruteforce-protection-for-totp-2fabybncrypted
Programme HackerOne Nextcloud Nextcloud Submitted by bncrypted bncrypted Report Lack of bruteforce protection for TOTP 2FA Full Report A...
HackerOne Bug Bounty Disclosure: cards-in-deck-are-readable-by-any-userbyshakierbellows
Programme HackerOne Nextcloud Nextcloud Submitted by shakierbellows shakierbellows Report Cards in Deck are readable by any user Full Report ...
HackerOne Bug Bounty Disclosure: accessing-unauthorized-administration-pages-and-seeing-admin-password—speakerkit-state-govbyqualw1n
Programme HackerOne U.S. Department of State U.S. Department of State Submitted by qualw1n qualw1n Report Accessing unauthorized administration pages and...
