Bug Bounty

HackerOne Bug Bounty Disclosure: privilege-escalation-in-edit-and-create-secret-endpoints-leads-to-unauthorized-secret-modification–xsom-a

April 24, 2025

Company Name: Dust Company HackerOne URL: https://hackerone.com/dust Submitted By:0xsom3aLink to Submitters Profile:https://hackerone.com/0xsom3a Report Title:Privilege Escalation in Edit and Create Secret...

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-ssm-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

April 24, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the ssm...

HackerOne Bug Bounty Disclosure: spamming-highly-nested-json-rpc-requests-cause-node-to-disconnect-from-p-p-network-asurar

April 23, 2025

Company Name: Monero Company HackerOne URL: https://hackerone.com/monero Submitted By:asurar0Link to Submitters Profile:https://hackerone.com/asurar0 Report Title:Spamming highly nested JSON RPC requests cause...

HackerOne Bug Bounty Disclosure: remote-memory-exhaustion-in-epee-rpc-stack-under-zero-receive-window-sagewilder

April 23, 2025

Company Name: Monero Company HackerOne URL: https://hackerone.com/monero Submitted By:sagewilder2022Link to Submitters Profile:https://hackerone.com/sagewilder2022 Report Title:Remote memory exhaustion in Epee RPC stack...

HackerOne Bug Bounty Disclosure: a-peer-can-remotely-fill-the-pending-block-queue-to-an-extremely-high-size-with-blocks-that-will-never-leave-the-queue-boog

April 23, 2025

Company Name: Monero Company HackerOne URL: https://hackerone.com/monero Submitted By:boog900Link to Submitters Profile:https://hackerone.com/boog900 Report Title:A peer can remotely fill the pending...

HackerOne Bug Bounty Disclosure: sys-fsc-h-ctrl-kernel-stack-free-theflow

April 18, 2025

Company Name: PlayStation Company HackerOne URL: https://hackerone.com/playstation Submitted By:theflow0Link to Submitters Profile:https://hackerone.com/theflow0 Report Title:sys_fsc2h_ctrl kernel stack freeReport Link:https://hackerone.com/reports/2900606Date Submitted:18 April...

HackerOne Bug Bounty Disclosure: reflected-xss-vulnerability-in-svg-file-at-area-resources-stg-autodesk-com-ahmednasr

April 17, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:ahmednasr1Link to Submitters Profile:https://hackerone.com/ahmednasr1 Report Title:Reflected XSS Vulnerability in SVG File at...

HackerOne Bug Bounty Disclosure: leaked-credentials-emails-and-passwords-etc–x-matrix

April 16, 2025

Company Name: WakaTime Company HackerOne URL: https://hackerone.com/wakatime Submitted By:0x_matrixLink to Submitters Profile:https://hackerone.com/0x_matrix Report Title:Leaked credentials ( emails and passwords ,...

HackerOne Bug Bounty Disclosure: -csv-injection-in-shared-passwords-leads-to-complete-private-vault-exfiltration-stomper

April 12, 2025

Company Name: 1Password - Enterprise Password Manager Company HackerOne URL: https://hackerone.com/1password Submitted By:stomper4Link to Submitters Profile:https://hackerone.com/stomper4 Report Title:#**CSV Injection in...

HackerOne Bug Bounty Disclosure: direct-ip-access-to-website-ryomenshuvro

April 11, 2025

Company Name: Lichess Company HackerOne URL: https://hackerone.com/lichess Submitted By:ryomenshuvroLink to Submitters Profile:https://hackerone.com/ryomenshuvro Report Title:Direct IP Access to WebsiteReport Link:https://hackerone.com/reports/3068485Date Submitted:11...

HackerOne Bug Bounty Disclosure: -click-cross-site-scripting-via-custom-configuration-in-safelistsanitizer-leonsirio

April 9, 2025

Company Name: Ruby on Rails Company HackerOne URL: https://hackerone.com/rails Submitted By:leonsirioLink to Submitters Profile:https://hackerone.com/leonsirio Report Title:1-Click Cross-Site Scripting via Custom...

HackerOne Bug Bounty Disclosure: -part-non-production-api-endpoints-for-the-datazone-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

April 8, 2025

HackerOne Bug Bounty Disclosure: disclosure-of-git-metadata-and-springboot-actuator-information-jf-x-r

April 7, 2025

Company Name: Adobe Company HackerOne URL: https://hackerone.com/adobe Submitted By:jf0x0rLink to Submitters Profile:https://hackerone.com/jf0x0r Report Title:Disclosure of git metadata and springboot actuator...

HackerOne Bug Bounty Disclosure: information-disclouser-from-url-parameter-access-lead-to-account-takeover-eneri

April 7, 2025

Company Name: KHealth Company HackerOne URL: https://hackerone.com/khealth Submitted By:eneriLink to Submitters Profile:https://hackerone.com/eneri Report Title:Information disclouser from URL parameter "access" lead...

HackerOne Bug Bounty Disclosure: no-rate-limiting-on-form-register-growler

March 28, 2025

Company Name: Informatica Company HackerOne URL: https://hackerone.com/informatica Submitted By:growler09Link to Submitters Profile:https://hackerone.com/growler09 Report Title:No rate limiting on formReport Link:https://hackerone.com/reports/2583500Date Submitted:28...

HackerOne Bug Bounty Disclosure: http-response-header-injection-in-shopify-pitchfork-rack-ooooooo-q

March 27, 2025

Company Name: Shopify Company HackerOne URL: https://hackerone.com/shopify Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:HTTP Response Header Injection in shopify/pitchfork +...

HackerOne Bug Bounty Disclosure: cloudflare-waf-bypass-origin-ip-exposure-aaravhex

March 27, 2025

Company Name: Hemi VDP Company HackerOne URL: https://hackerone.com/hemi_labs_vdp Submitted By:aaravhexLink to Submitters Profile:https://hackerone.com/aaravhex Report Title:Cloudflare WAF Bypass - Origin IP...

HackerOne Bug Bounty Disclosure: null-pointer-dereference-by-crafted-response-from-ai-model-canalun

March 26, 2025

Company Name: Brave Software Company HackerOne URL: https://hackerone.com/brave Submitted By:canalunLink to Submitters Profile:https://hackerone.com/canalun Report Title:Null Pointer Dereference by Crafted Response...

HackerOne Bug Bounty Disclosure: twitter-broken-link-hijacking-in-thewild-com-yunxohang

March 24, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:yunxohangLink to Submitters Profile:https://hackerone.com/yunxohang Report Title:Twitter broken link hijacking in thewildcomReport Link:https://hackerone.com/reports/3035275Date...

HackerOne Bug Bounty Disclosure: cache-poisoning-allows-zero-interaction-store-xss-samark

March 22, 2025

Company Name: Trendyol Company HackerOne URL: https://hackerone.com/trendyol Submitted By:samark19Link to Submitters Profile:https://hackerone.com/samark19 Report Title:Cache Poisoning Allows Zero Interaction Store XSSReport...

HackerOne Bug Bounty Disclosure: django-debug-mode-enabled-information-disclosure-on-api-wwm-dev-autodesk-com-khoof

March 18, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:khoofLink to Submitters Profile:https://hackerone.com/khoof Report Title:Django Debug Mode Enabled - Information Disclosure...

HackerOne Bug Bounty Disclosure: ssrf-in-autodesk-rendering-leading-to-account-takeover-metereorpreter

March 18, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:metereorpreterLink to Submitters Profile:https://hackerone.com/metereorpreter Report Title:SSRF in Autodesk Rendering leading to account...

HackerOne Bug Bounty Disclosure: -fa-bypass-leads-to-impersonation-of-legimate-users-dedoxd

March 14, 2025

Company Name: Drugs.com Company HackerOne URL: https://hackerone.com/drugs_com Submitted By:dedoxd2Link to Submitters Profile:https://hackerone.com/dedoxd2 Report Title:2FA Bypass leads to impersonation of legimate...

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-found-in-custom-integration-app-on-hxxps-admin-b-autodesk-com-the-white-evil

March 14, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:the-white-evilLink to Submitters Profile:https://hackerone.com/the-white-evil Report Title:Stored Cross-Site Scripting found in custom integration...

Bug Bounty

HackerOne Bug Bounty Disclosure: privilege-escalation-in-edit-and-create-secret-endpoints-leads-to-unauthorized-secret-modification–xsom-a

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-ssm-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

HackerOne Bug Bounty Disclosure: spamming-highly-nested-json-rpc-requests-cause-node-to-disconnect-from-p-p-network-asurar

HackerOne Bug Bounty Disclosure: remote-memory-exhaustion-in-epee-rpc-stack-under-zero-receive-window-sagewilder

HackerOne Bug Bounty Disclosure: a-peer-can-remotely-fill-the-pending-block-queue-to-an-extremely-high-size-with-blocks-that-will-never-leave-the-queue-boog

HackerOne Bug Bounty Disclosure: sys-fsc-h-ctrl-kernel-stack-free-theflow

HackerOne Bug Bounty Disclosure: reflected-xss-vulnerability-in-svg-file-at-area-resources-stg-autodesk-com-ahmednasr

HackerOne Bug Bounty Disclosure: leaked-credentials-emails-and-passwords-etc–x-matrix

HackerOne Bug Bounty Disclosure: -csv-injection-in-shared-passwords-leads-to-complete-private-vault-exfiltration-stomper

HackerOne Bug Bounty Disclosure: direct-ip-access-to-website-ryomenshuvro

HackerOne Bug Bounty Disclosure: -click-cross-site-scripting-via-custom-configuration-in-safelistsanitizer-leonsirio

HackerOne Bug Bounty Disclosure: -part-non-production-api-endpoints-for-the-datazone-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

HackerOne Bug Bounty Disclosure: disclosure-of-git-metadata-and-springboot-actuator-information-jf-x-r

HackerOne Bug Bounty Disclosure: information-disclouser-from-url-parameter-access-lead-to-account-takeover-eneri

HackerOne Bug Bounty Disclosure: no-rate-limiting-on-form-register-growler

HackerOne Bug Bounty Disclosure: http-response-header-injection-in-shopify-pitchfork-rack-ooooooo-q

HackerOne Bug Bounty Disclosure: cloudflare-waf-bypass-origin-ip-exposure-aaravhex

HackerOne Bug Bounty Disclosure: null-pointer-dereference-by-crafted-response-from-ai-model-canalun

HackerOne Bug Bounty Disclosure: twitter-broken-link-hijacking-in-thewild-com-yunxohang

HackerOne Bug Bounty Disclosure: cache-poisoning-allows-zero-interaction-store-xss-samark

HackerOne Bug Bounty Disclosure: django-debug-mode-enabled-information-disclosure-on-api-wwm-dev-autodesk-com-khoof

HackerOne Bug Bounty Disclosure: ssrf-in-autodesk-rendering-leading-to-account-takeover-metereorpreter

HackerOne Bug Bounty Disclosure: -fa-bypass-leads-to-impersonation-of-legimate-users-dedoxd

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-found-in-custom-integration-app-on-hxxps-admin-b-autodesk-com-the-white-evil

[BLACKSUIT] – Ransomware Victim: The Fortune Society

[BLACKSUIT] – Ransomware Victim: Pacific Metallurgical

CVE Alert: CVE-2025-1048

CVE Alert: CVE-2025-1049

CVE Alert: CVE-2025-46394

You may have missed