Bug Bounty

HackerOne Bug Bounty Disclosure: cve-django-potential-sql-injection-in-haskey-lhs-rhs-on-oracle-scyoon

February 7, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:scyoonLink to Submitters Profile:https://hackerone.com/scyoon Report Title:CVE-2024-53908: Django Potential SQL injection...

HackerOne Bug Bounty Disclosure: cve-netrc-and-default-credential-leak-sherlock

February 7, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:sherlock2010Link to Submitters Profile:https://hackerone.com/sherlock2010 Report Title:CVE-2025-0167: netrc and default credential leakReport Link:https://hackerone.com/reports/2917232Date...

HackerOne Bug Bounty Disclosure: error-page-content-spoofing-or-text-injection-mcblockchamp

February 7, 2025

Company Name: XVIDEOS Company HackerOne URL: https://hackerone.com/xvideos Submitted By:mcblockchampLink to Submitters Profile:https://hackerone.com/mcblockchamp Report Title:Error Page Content Spoofing or Text InjectionReport...

HackerOne Bug Bounty Disclosure: cve-eventfd-double-close-ankomcoper

February 7, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:ankomcoperLink to Submitters Profile:https://hackerone.com/ankomcoper Report Title:CVE-2025-0665: eventfd double closeReport Link:https://hackerone.com/reports/2954286Date Submitted:07 February...

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-style-and-math-mokusou

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:mokusouLink to Submitters Profile:https://hackerone.com/mokusou Report Title: ActionView sanitize helper bypass...

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-noscript-taise

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:taiseLink to Submitters Profile:https://hackerone.com/taise Report Title:ActionView sanitize helper bypass with...

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-math-related-tags-mokusou

February 6, 2025

HackerOne Bug Bounty Disclosure: goaway-http-frames-cause-memory-leak-outside-heap-newtmitch

February 6, 2025

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:newtmitchLink to Submitters Profile:https://hackerone.com/newtmitch Report Title:GOAWAY HTTP/2 frames cause memory leak outside...

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-mokusou

February 6, 2025

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-and-svg-tags-taise

February 6, 2025

HackerOne Bug Bounty Disclosure: xss-on-using-the-legacy-graphie-to-png-api-sikn

February 6, 2025

Company Name: Khan Academy Company HackerOne URL: https://hackerone.com/khanacademy Submitted By:siknLink to Submitters Profile:https://hackerone.com/sikn Report Title:XSS on using the legacy "Graphie...

HackerOne Bug Bounty Disclosure: open-redirect-p-anand

February 6, 2025

Company Name: XVIDEOS Company HackerOne URL: https://hackerone.com/xvideos Submitted By:p_anand1234Link to Submitters Profile:https://hackerone.com/p_anand1234 Report Title:Open redirectReport Link:https://hackerone.com/reports/2957962Date Submitted:06 February 2025 A...

HackerOne Bug Bounty Disclosure: -cve-possible-content-security-policy-bypass-in-action-dispatch-ryotak

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:ryotakLink to Submitters Profile:https://hackerone.com/ryotak Report Title: Possible Content Security Policy...

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-ipv-validation–xsaravana

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:0xsaravanaLink to Submitters Profile:https://hackerone.com/0xsaravana Report Title:CVE-2024-56374 Potential denial-of-service in IPv6...

HackerOne Bug Bounty Disclosure: weak-credentials-found-in-jenkins-endpoint-sweetheart

February 5, 2025

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:sweetheart1337_Link to Submitters Profile:https://hackerone.com/sweetheart1337_ Report Title:Weak credentials found in Jenkins endpointReport Link:https://hackerone.com/reports/2954547Date...

HackerOne Bug Bounty Disclosure: cve-gzip-integer-overflow-z

February 5, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:z2_Link to Submitters Profile:https://hackerone.com/z2_ Report Title:CVE-2025-0725: gzip integer overflowReport Link:https://hackerone.com/reports/2956023Date Submitted:05 February...

HackerOne Bug Bounty Disclosure: there-is-a-post-based-csrf-issue-over-ibm-endpoint-leading-to-modification-of-contact-information-youssifs

February 4, 2025

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:youssifs7Link to Submitters Profile:https://hackerone.com/youssifs7 Report Title:There is a POST based CSRF issue...

HackerOne Bug Bounty Disclosure: action-text-xss-rails-x-ooooooo-q

February 4, 2025

Company Name: Ruby on Rails Company HackerOne URL: https://hackerone.com/rails Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:Action Text XSS (Rails 71x)Report...

HackerOne Bug Bounty Disclosure: open-redirection-effects-autodiscover-rockstargames-com-osama-hamad

February 3, 2025

Company Name: Rockstar Games Company HackerOne URL: https://hackerone.com/rockstargames Submitted By:osama-hamadLink to Submitters Profile:https://hackerone.com/osama-hamad Report Title:Open Redirection effects autodiscoverrockstargamescomReport Link:https://hackerone.com/reports/1269332Date Submitted:03...

HackerOne Bug Bounty Disclosure: broken-access-control-horizontal-privilege-escalation-aliyueka

January 31, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:aliyuekaLink to Submitters Profile:https://hackerone.com/aliyueka Report Title:Broken Access Control(Horizontal Privilege Escalation)Report Link:https://hackerone.com/reports/2319586Date...

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-horizontal-escalation-aliyueka

January 31, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:aliyuekaLink to Submitters Profile:https://hackerone.com/aliyueka Report Title:Insecure direct Object Reference(Horizontal Escalation)Report Link:https://hackerone.com/reports/2322663Date...

HackerOne Bug Bounty Disclosure: improper-access-controls-admin-path-aliyueka

January 31, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:aliyuekaLink to Submitters Profile:https://hackerone.com/aliyueka Report Title:Improper Access Controls(Admin Path)Report Link:https://hackerone.com/reports/2342461Date Submitted:31...

HackerOne Bug Bounty Disclosure: unauthorized-reservation-cancellation-through-idor-vulnerability-no-need

January 29, 2025

Company Name: Yelp Company HackerOne URL: https://hackerone.com/yelp Submitted By:no-needLink to Submitters Profile:https://hackerone.com/no-need Report Title:Unauthorized Reservation Cancellation Through IDOR VulnerabilityReport Link:https://hackerone.com/reports/2944357Date...

HackerOne Bug Bounty Disclosure: registration-information-leakage-titanrain

January 29, 2025

Company Name: Adobe Company HackerOne URL: https://hackerone.com/adobe Submitted By:titanrainLink to Submitters Profile:https://hackerone.com/titanrain Report Title:Registration Information Leakage Report Link:https://hackerone.com/reports/1318936Date Submitted:29 January...

Bug Bounty

HackerOne Bug Bounty Disclosure: cve-django-potential-sql-injection-in-haskey-lhs-rhs-on-oracle-scyoon

HackerOne Bug Bounty Disclosure: cve-netrc-and-default-credential-leak-sherlock

HackerOne Bug Bounty Disclosure: error-page-content-spoofing-or-text-injection-mcblockchamp

HackerOne Bug Bounty Disclosure: cve-eventfd-double-close-ankomcoper

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-style-and-math-mokusou

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-noscript-taise

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-math-related-tags-mokusou

HackerOne Bug Bounty Disclosure: goaway-http-frames-cause-memory-leak-outside-heap-newtmitch

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-mokusou

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-and-svg-tags-taise

HackerOne Bug Bounty Disclosure: xss-on-using-the-legacy-graphie-to-png-api-sikn

HackerOne Bug Bounty Disclosure: open-redirect-p-anand

HackerOne Bug Bounty Disclosure: -cve-possible-content-security-policy-bypass-in-action-dispatch-ryotak

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-ipv-validation–xsaravana

HackerOne Bug Bounty Disclosure: weak-credentials-found-in-jenkins-endpoint-sweetheart

HackerOne Bug Bounty Disclosure: cve-gzip-integer-overflow-z

HackerOne Bug Bounty Disclosure: there-is-a-post-based-csrf-issue-over-ibm-endpoint-leading-to-modification-of-contact-information-youssifs

HackerOne Bug Bounty Disclosure: action-text-xss-rails-x-ooooooo-q

HackerOne Bug Bounty Disclosure: open-redirection-effects-autodiscover-rockstargames-com-osama-hamad

HackerOne Bug Bounty Disclosure: broken-access-control-horizontal-privilege-escalation-aliyueka

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-horizontal-escalation-aliyueka

HackerOne Bug Bounty Disclosure: improper-access-controls-admin-path-aliyueka

HackerOne Bug Bounty Disclosure: unauthorized-reservation-cancellation-through-idor-vulnerability-no-need

HackerOne Bug Bounty Disclosure: registration-information-leakage-titanrain

[MEDUSA] – Ransomware Victim: Simon Property Group

CVE Alert: CVE-2025-12399 – alexreservations – Alex Reservations: Smart Restaurant Booking

CVE Alert: CVE-2025-12099 – academylms – Academy LMS – WordPress LMS Plugin for Complete eLearning Solution

CVE Alert: CVE-2025-9334 – codesolz – Better Find and Replace – AI-Powered Suggestions

CVE Alert: CVE-2025-11967 – getwpfunnels – Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more

You may have missed