Bug Bounty

Programme HackerOne Nextcloud Submitted by david_h1 Report Control character filtering misses leading and trailing whitespace in file and folder names

Programme HackerOne Nextcloud Submitted by qj_test Report Notification implicit PendingIntent in com.nextcloud.client allows to access contacts

Programme HackerOne U.S. General Services Administration Submitted by hollaatm3 Report Read Other Users Reports Through Cloning

Programme HackerOne U.S. Dept Of Defense Submitted by ashutosh7 Report [Urgent] Critical Vulnerability [RCE] on vulnerable to Remote Code Execution

Programme HackerOne Omise Submitted by oblivionlight Report Cross-site scripting on dashboard2.omise.co

Programme HackerOne EXNESS Submitted by nearsecurity Report [com.exness.android.pa Android] Universal XSS in webview. Lead to steal user cookies

Programme HackerOne Nextcloud Submitted by geekysherlock Report Sensitive files/ data exists post deletion of user account

Programme HackerOne GitLab Submitted by joaxcar Report Arbitrary POST request as victim user from HTML injection in Jupyter notebooks

Programme HackerOne lemlist Submitted by ondermedia Report Clickjacking at app.lemlist.com

Programme HackerOne Nextcloud Submitted by supr4s Report Nextcloud Deck : Possibility for anyone to add a stack with existing tasks

Programme HackerOne Nextcloud Submitted by ctulhu Report Error in Deleting Deck cards attachment reveals the full path of the website

Programme HackerOne GitLab Submitted by kannthu Report Stored XSS in repository file viewer

Programme HackerOne Slack Submitted by smitgharat0001 Report Email html Injection

Programme HackerOne TikTok Submitted by cancerz Report XSS and iframe injection on tiktok ads portal using redirect params

Programme HackerOne Phabricator Submitted by dyls Report Conduit feed.publish API allows you to spoof other users or make it look

Programme HackerOne Glovo Submitted by 0f1c3r Report Integer overflow vulnerability

Programme HackerOne lemlist Submitted by omarelfarsaoui Report [app.lemlist.com] Improper handling of payment lead to bypass payment

Programme HackerOne lemlist Submitted by mr23r0 Report Security misconfiguration

Programme HackerOne Cloudflare Public Bug Bounty Submitted by albertspedersen Report HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences

Programme HackerOne curl Submitted by sybr Report CVE-2022-27781: CERTINFO never-ending busy-loop

Programme HackerOne Automattic Submitted by sawrav-chowdhury Report Site information’s Display Name section vulnerable for XSS attacks and HTML Injections.

Programme HackerOne SMTP2GO BBP Submitted by mrrobot2050 Report Origin IP found, WAF Cloudflare Bypass

Programme HackerOne MTN Group Submitted by ibrahimatix0x01 Report Download full backup [Mtn.co.rw]

Programme HackerOne curl Submitted by iylz Report Credential leak on redirect