HackerOne Bug Bounty Disclosure: html-injection–(stored)bycriptex
Programme HackerOne Judge.me Judge.me Submitted by criptex criptex Report HTML INJECTION (STORED) Full Report A considerable amount of time and...
bug bounty
HackerOne Bug Bounty Disclosure: rails-actionview-sanitize-helper-bypass-leading-to-xss-using-svg-tag-byhaqpl
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by haqpl haqpl Report Rails ActionView sanitize helper bypass leading to...
HackerOne Bug Bounty Disclosure: xss-at-tiktok-ads-endpointbys3c
Programme HackerOne TikTok TikTok Submitted by s3c s3c Report XSS at TikTok Ads Endpoint Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: verification-process-done-using-different-documents-without-corresponding-to-user-information-/-user-information-can-be-changed-after-verificationbysiddharthamx
Programme HackerOne EXNESS EXNESS Submitted by siddharthamx siddharthamx Report Verification process done using different documents without corresponding to user information...
HackerOne Bug Bounty Disclosure: wavecell-com:-broken-link-hijacking-/-instagram-takeover-@byxdopa
Programme HackerOne 8x8 8x8 Submitted by xdopa xdopa Report wavecell.com: Broken Link Hijacking / Instagram Takeover @ Full Report A...
HackerOne Bug Bounty Disclosure: idor-for-changing-privacy-settings-on-any-memoriesbymrhavit
Programme HackerOne TikTok TikTok Submitted by mrhavit mrhavit Report IDOR for changing privacy settings on any memories Full Report A...
HackerOne Bug Bounty Disclosure: any-user-can-vote-on-`friend-only`-video-pullbymrhavit
Programme HackerOne TikTok TikTok Submitted by mrhavit mrhavit Report Any user can vote on `Friend Only` video pull Full Report...
HackerOne Bug Bounty Disclosure: github-apps-can-use-scoped-user-to-server-tokens-to-obtain-full-access-to-user’s-projects-in-project-v2-graphql-apibyahacker1
Programme HackerOne GitHub GitHub Submitted by ahacker1 ahacker1 Report Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to...
HackerOne Bug Bounty Disclosure: using-special-ipv4-mapped-ipv6-addresses-to-bypass-local-ip-banbyalbertspedersen
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by albertspedersen albertspedersen Report Using special IPv4-mapped IPv6 addresses...
HackerOne Bug Bounty Disclosure: xss-on-link-and-window-openerbypisarenko
Programme HackerOne Slack Slack Submitted by pisarenko pisarenko Report XSS on link and window.opener Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: 1-click-account-takeover-via-deeplink-in-[com-kayak-android]byretr02332
Programme HackerOne KAYAK KAYAK Submitted by retr02332 retr02332 Report 1 click Account takeover via deeplink in Full Report A considerable...
HackerOne Bug Bounty Disclosure: private-information-exposed-through-graphql-search-endpoints-aggregatesbyreigertje
Programme HackerOne HackerOne HackerOne Submitted by reigertje reigertje Report Private information exposed through GraphQL search endpoints aggregates Full Report A...
HackerOne Bug Bounty Disclosure: github-security-lab-(ghsl)-vulnerability-report:-insufficient-path-validation-in-receiveexternalfilesactivity-java-(ghsl-2022-060)byatorralba
Programme HackerOne ownCloud ownCloud Submitted by atorralba atorralba Report GitHub Security Lab (GHSL) Vulnerability Report: Insufficient path validation in ReceiveExternalFilesActivity.java...
HackerOne Bug Bounty Disclosure: uninstalling-mattermost-launcher-for-windows-(64-bit),-then-reinstalling-keeps-you-logged-in-without-authenticationbyannonmous
Programme HackerOne Mattermost Mattermost Submitted by annonmous annonmous Report Uninstalling Mattermost Launcher for Windows (64-bit), then reinstalling keeps you logged...
BugCrowd Bug Bounty Disclosure: – Improper Authorization – Second (Additional) Driver can list “add-driver” invitation links – By sagarparmar121
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: github-app-privilege-escalation-to-administrator/owner-of-the-organizationbyvaib25vicky
Programme HackerOne GitHub GitHub Submitted by vaib25vicky vaib25vicky Report Github app Privilege Escalation to Administrator/Owner of the Organization Full Report...
HackerOne Bug Bounty Disclosure: reference-caching-can-leak-data-to-unauthorized-usersbysystemkeeper
Programme HackerOne Nextcloud Nextcloud Submitted by systemkeeper systemkeeper Report Reference caching can leak data to unauthorized users Full Report A...
HackerOne Bug Bounty Disclosure: csrf-vulnerability-in-nextcloud-desktop-client-3-6-1-on-windows-when-clicking-malicious-linkbylukasreschke
Programme HackerOne Nextcloud Nextcloud Submitted by lukasreschke lukasreschke Report CSRF vulnerability in Nextcloud Desktop Client 3.6.1 on Windows when clicking...
HackerOne Bug Bounty Disclosure: take-over-subdomain-undici-nodejs-org-cdn-cloudflare-netbyalgisec1337
Programme HackerOne Node.js Node.js Submitted by algisec1337 algisec1337 Report Take over subdomain undici.nodejs.org.cdn.cloudflare.net Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: security-issue-into-wallet-lock-protectionbybug_vs_me
Programme HackerOne Hiro Hiro Submitted by bug_vs_me bug_vs_me Report Security Issue into Wallet lock protection Full Report A considerable amount...
BugCrowd Bug Bounty Disclosure: – I found a text injection – By Orange_hacker
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: cross-origin-resource-sharing-misconfigurationbyparshwa_21
Programme HackerOne Acronis Acronis Submitted by parshwa_21 parshwa_21 Report Cross Origin Resource Sharing Misconfiguration Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: origin-ip-address-disclosure-through-pingora-response-headerbysmither
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by smither smither Report Origin IP address disclosure through...
HackerOne Bug Bounty Disclosure: possibility-to-delete-files-attached-to-deck-cards-of-other-usersbysupr4s
Programme HackerOne Nextcloud Nextcloud Submitted by supr4s supr4s Report Possibility to delete files attached to deck cards of other users...
