Bug Bounty

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-noscript-taise

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:taiseLink to Submitters Profile:https://hackerone.com/taise Report Title:ActionView sanitize helper bypass with...

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-math-related-tags-mokusou

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:mokusouLink to Submitters Profile:https://hackerone.com/mokusou Report Title:#2931639 ActionView sanitize helper bypass...

HackerOne Bug Bounty Disclosure: goaway-http-frames-cause-memory-leak-outside-heap-newtmitch

February 6, 2025

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:newtmitchLink to Submitters Profile:https://hackerone.com/newtmitch Report Title:GOAWAY HTTP/2 frames cause memory leak outside...

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-mokusou

February 6, 2025

HackerOne Bug Bounty Disclosure: -cve-possible-content-security-policy-bypass-in-action-dispatch-ryotak

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:ryotakLink to Submitters Profile:https://hackerone.com/ryotak Report Title: Possible Content Security Policy...

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-ipv-validation–xsaravana

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:0xsaravanaLink to Submitters Profile:https://hackerone.com/0xsaravana Report Title:CVE-2024-56374 Potential denial-of-service in IPv6...

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-and-svg-tags-taise

February 6, 2025

HackerOne Bug Bounty Disclosure: xss-on-using-the-legacy-graphie-to-png-api-sikn

February 6, 2025

Company Name: Khan Academy Company HackerOne URL: https://hackerone.com/khanacademy Submitted By:siknLink to Submitters Profile:https://hackerone.com/sikn Report Title:XSS on using the legacy "Graphie...

HackerOne Bug Bounty Disclosure: open-redirect-p-anand

February 6, 2025

Company Name: XVIDEOS Company HackerOne URL: https://hackerone.com/xvideos Submitted By:p_anand1234Link to Submitters Profile:https://hackerone.com/p_anand1234 Report Title:Open redirectReport Link:https://hackerone.com/reports/2957962Date Submitted:06 February 2025 A...

HackerOne Bug Bounty Disclosure: weak-credentials-found-in-jenkins-endpoint-sweetheart

February 5, 2025

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:sweetheart1337_Link to Submitters Profile:https://hackerone.com/sweetheart1337_ Report Title:Weak credentials found in Jenkins endpointReport Link:https://hackerone.com/reports/2954547Date...

HackerOne Bug Bounty Disclosure: cve-gzip-integer-overflow-z

February 5, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:z2_Link to Submitters Profile:https://hackerone.com/z2_ Report Title:CVE-2025-0725: gzip integer overflowReport Link:https://hackerone.com/reports/2956023Date Submitted:05 February...

HackerOne Bug Bounty Disclosure: there-is-a-post-based-csrf-issue-over-ibm-endpoint-leading-to-modification-of-contact-information-youssifs

February 4, 2025

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:youssifs7Link to Submitters Profile:https://hackerone.com/youssifs7 Report Title:There is a POST based CSRF issue...

HackerOne Bug Bounty Disclosure: action-text-xss-rails-x-ooooooo-q

February 4, 2025

Company Name: Ruby on Rails Company HackerOne URL: https://hackerone.com/rails Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:Action Text XSS (Rails 71x)Report...

HackerOne Bug Bounty Disclosure: open-redirection-effects-autodiscover-rockstargames-com-osama-hamad

February 3, 2025

Company Name: Rockstar Games Company HackerOne URL: https://hackerone.com/rockstargames Submitted By:osama-hamadLink to Submitters Profile:https://hackerone.com/osama-hamad Report Title:Open Redirection effects autodiscoverrockstargamescomReport Link:https://hackerone.com/reports/1269332Date Submitted:03...

HackerOne Bug Bounty Disclosure: broken-access-control-horizontal-privilege-escalation-aliyueka

January 31, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:aliyuekaLink to Submitters Profile:https://hackerone.com/aliyueka Report Title:Broken Access Control(Horizontal Privilege Escalation)Report Link:https://hackerone.com/reports/2319586Date...

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-horizontal-escalation-aliyueka

January 31, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:aliyuekaLink to Submitters Profile:https://hackerone.com/aliyueka Report Title:Insecure direct Object Reference(Horizontal Escalation)Report Link:https://hackerone.com/reports/2322663Date...

HackerOne Bug Bounty Disclosure: improper-access-controls-admin-path-aliyueka

January 31, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:aliyuekaLink to Submitters Profile:https://hackerone.com/aliyueka Report Title:Improper Access Controls(Admin Path)Report Link:https://hackerone.com/reports/2342461Date Submitted:31...

HackerOne Bug Bounty Disclosure: unauthorized-reservation-cancellation-through-idor-vulnerability-no-need

January 29, 2025

Company Name: Yelp Company HackerOne URL: https://hackerone.com/yelp Submitted By:no-needLink to Submitters Profile:https://hackerone.com/no-need Report Title:Unauthorized Reservation Cancellation Through IDOR VulnerabilityReport Link:https://hackerone.com/reports/2944357Date...

HackerOne Bug Bounty Disclosure: registration-information-leakage-titanrain

January 29, 2025

Company Name: Adobe Company HackerOne URL: https://hackerone.com/adobe Submitted By:titanrainLink to Submitters Profile:https://hackerone.com/titanrain Report Title:Registration Information Leakage Report Link:https://hackerone.com/reports/1318936Date Submitted:29 January...

HackerOne Bug Bounty Disclosure: privilege-escalation-a-non-owner-user-who-does-not-have-access-to-the-user-management-can-invite-other-users-to-the-restaurant-page-vijaysimha-reddy

January 29, 2025

Company Name: Yelp Company HackerOne URL: https://hackerone.com/yelp Submitted By:vijaysimha-reddyLink to Submitters Profile:https://hackerone.com/vijaysimha-reddy Report Title:Privilege Escalation - A Non Owner User...

HackerOne Bug Bounty Disclosure: disclosure-of-the-valid-cognizant-credentials-at-the-postman-collection-hellicopter

January 29, 2025

Company Name: Cognizant Company HackerOne URL: https://hackerone.com/cognizant Submitted By:hellicopterLink to Submitters Profile:https://hackerone.com/hellicopter Report Title:Disclosure of the valid Cognizant credentials at...

HackerOne Bug Bounty Disclosure: privilege-escalation-a-low-privilege-user-who-does-not-have-access-to-the-user-management-module-can-remove-the-owner-of-the-business-account-vijaysimha-reddy

January 28, 2025

HackerOne Bug Bounty Disclosure: path-traversal-by-drive-name-in-windows-environment-taise

January 27, 2025

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:taiseLink to Submitters Profile:https://hackerone.com/taise Report Title:Path traversal by drive name in Windows...

HackerOne Bug Bounty Disclosure: post-based-cross-site-scripting-on-ibm-research-endpoint-youssifs

January 23, 2025

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:youssifs7Link to Submitters Profile:https://hackerone.com/youssifs7 Report Title:POST based Cross-Site Scripting on IBM research...

Bug Bounty

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-noscript-taise

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-math-related-tags-mokusou

HackerOne Bug Bounty Disclosure: goaway-http-frames-cause-memory-leak-outside-heap-newtmitch

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-mokusou

HackerOne Bug Bounty Disclosure: -cve-possible-content-security-policy-bypass-in-action-dispatch-ryotak

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-ipv-validation–xsaravana

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-and-svg-tags-taise

HackerOne Bug Bounty Disclosure: xss-on-using-the-legacy-graphie-to-png-api-sikn

HackerOne Bug Bounty Disclosure: open-redirect-p-anand

HackerOne Bug Bounty Disclosure: weak-credentials-found-in-jenkins-endpoint-sweetheart

HackerOne Bug Bounty Disclosure: cve-gzip-integer-overflow-z

HackerOne Bug Bounty Disclosure: there-is-a-post-based-csrf-issue-over-ibm-endpoint-leading-to-modification-of-contact-information-youssifs

HackerOne Bug Bounty Disclosure: action-text-xss-rails-x-ooooooo-q

HackerOne Bug Bounty Disclosure: open-redirection-effects-autodiscover-rockstargames-com-osama-hamad

HackerOne Bug Bounty Disclosure: broken-access-control-horizontal-privilege-escalation-aliyueka

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-horizontal-escalation-aliyueka

HackerOne Bug Bounty Disclosure: improper-access-controls-admin-path-aliyueka

HackerOne Bug Bounty Disclosure: unauthorized-reservation-cancellation-through-idor-vulnerability-no-need

HackerOne Bug Bounty Disclosure: registration-information-leakage-titanrain

HackerOne Bug Bounty Disclosure: privilege-escalation-a-non-owner-user-who-does-not-have-access-to-the-user-management-can-invite-other-users-to-the-restaurant-page-vijaysimha-reddy

HackerOne Bug Bounty Disclosure: disclosure-of-the-valid-cognizant-credentials-at-the-postman-collection-hellicopter

HackerOne Bug Bounty Disclosure: privilege-escalation-a-low-privilege-user-who-does-not-have-access-to-the-user-management-module-can-remove-the-owner-of-the-business-account-vijaysimha-reddy

HackerOne Bug Bounty Disclosure: path-traversal-by-drive-name-in-windows-environment-taise

HackerOne Bug Bounty Disclosure: post-based-cross-site-scripting-on-ibm-research-endpoint-youssifs

FreeOnes – 960,213 breached accounts

Cobalt Strike Beacon Detected – 47[.]120[.]32[.]72:8081

Cobalt Strike Beacon Detected – 8[.]147[.]128[.]54:443

Cobalt Strike Beacon Detected – 43[.]100[.]27[.]141:8443

Cobalt Strike Beacon Detected – 101[.]35[.]109[.]246:443

You may have missed