BugCrowd Bug Bounty Disclosure: P5 – RTLO Injection leads to URi Spoofing – By nt3c
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
Programme HackerOne Nextcloud Nextcloud Submitted by michag86 michag86 Report user can bypass password enforcement when federated sharing is enabled Full...
Programme HackerOne Nextcloud Nextcloud Submitted by demonia demonia Report Improper input-size validation on the user new session name can result...
Programme HackerOne Vanilla Vanilla Submitted by mohit0786 mohit0786 Report BlIND XSS on https://open.vanillaforums.com Full Report
Programme HackerOne Acronis Acronis Submitted by mega7 mega7 Report Self XSS in attachments name Full Report
Programme HackerOne Alohi Alohi Submitted by darkknight4688 darkknight4688 Report Users who are restricted to use the application because of a...
Programme HackerOne Nextcloud Nextcloud Submitted by david_h1 david_h1 Report Control character filtering misses leading and trailing whitespace in file and...
Programme HackerOne Nextcloud Nextcloud Submitted by qj_test qj_test Report Notification implicit PendingIntent in com.nextcloud.client allows to access contacts Full Report
Programme HackerOne U.S. General Services Administration U.S. General Services Administration Submitted by hollaatm3 hollaatm3 Report Read Other Users Reports Through...
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by ashutosh7 ashutosh7 Report Critical Vulnerability on vulnerable to...
Programme HackerOne Omise Omise Submitted by oblivionlight oblivionlight Report Cross-site scripting on dashboard2.omise.co Full Report
Programme HackerOne EXNESS EXNESS Submitted by nearsecurity nearsecurity Report Universal XSS in webview. Lead to steal user cookies Full Report
Programme HackerOne GitLab GitLab Submitted by joaxcar joaxcar Report Arbitrary POST request as victim user from HTML injection in Jupyter...
Programme HackerOne lemlist lemlist Submitted by ondermedia ondermedia Report Clickjacking at app.lemlist.com Full Report
Programme HackerOne Nextcloud Nextcloud Submitted by geekysherlock geekysherlock Report Sensitive files/ data exists post deletion of user account Full Report
Programme HackerOne Nextcloud Nextcloud Submitted by ctulhu ctulhu Report Error in Deleting Deck cards attachment reveals the full path of...
Programme HackerOne Nextcloud Nextcloud Submitted by supr4s supr4s Report Nextcloud Deck : Possibility for anyone to add a stack with...
Programme HackerOne GitLab GitLab Submitted by kannthu kannthu Report Stored XSS in repository file viewer Full Report
Programme HackerOne Slack Slack Submitted by smitgharat0001 smitgharat0001 Report Email html Injection Full Report
Programme HackerOne TikTok TikTok Submitted by cancerz cancerz Report XSS and iframe injection on tiktok ads portal using redirect params...
Programme HackerOne Phabricator Phabricator Submitted by dyls dyls Report Conduit feed.publish API allows you to spoof other users or make...
Programme HackerOne lemlist lemlist Submitted by omarelfarsaoui omarelfarsaoui Report Improper handling of payment lead to bypass payment Full Report
Programme HackerOne Glovo Glovo Submitted by 0f1c3r 0f1c3r Report Integer overflow vulnerability Full Report
Programme HackerOne curl curl Submitted by sybr sybr Report CVE-2022-27781: CERTINFO never-ending busy-loop Full Report