Bug Bounty

hackerone

HackerOne Bug Bounty Disclosure: incorrect-deep-link-validation-leading-to-unresponsive-application-and-device-fr-via

July 6, 2024

Company Name: Flickr Company HackerOne URL: https://hackerone.com/flickr Submitted By:fr4viaLink to Submitters Profile:https://hackerone.com/fr4via Report Title:Incorrect Deep-link validation leading to unresponsive application...

Read MoreRead more about HackerOne Bug Bounty Disclosure: incorrect-deep-link-validation-leading-to-unresponsive-application-and-device-fr-via
hackerone

HackerOne Bug Bounty Disclosure: authentication-registration-bypass-in-newspack-extended-access-xurizaemon

July 5, 2024

Company Name: Automattic Company HackerOne URL: https://hackerone.com/automattic Submitted By:xurizaemon0Link to Submitters Profile:https://hackerone.com/xurizaemon0 Report Title:Authentication & Registration Bypass in Newspack Extended...

Read MoreRead more about HackerOne Bug Bounty Disclosure: authentication-registration-bypass-in-newspack-extended-access-xurizaemon
hackerone

HackerOne Bug Bounty Disclosure: default-admin-account-lead-to-full-access-control-at-hxxps-desk-demo-fareharbor-engineering-tuantv

July 3, 2024

Company Name: Booking.com Company HackerOne URL: https://hackerone.com/bookingcom Submitted By:tuantv89Link to Submitters Profile:https://hackerone.com/tuantv89 Report Title:Default Admin Account lead to full access...

Read MoreRead more about HackerOne Bug Bounty Disclosure: default-admin-account-lead-to-full-access-control-at-hxxps-desk-demo-fareharbor-engineering-tuantv
hackerone

HackerOne Bug Bounty Disclosure: unlimited-fake-rate-to-the-passenger-in-city-to-city-affected-endpoint-api-v-reviews-ride-id-driver-bugsv

July 2, 2024

Company Name: inDrive Company HackerOne URL: https://hackerone.com/indrive Submitted By:bugsv2Link to Submitters Profile:https://hackerone.com/bugsv2 Report Title:Unlimited fake rate to the passenger in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: unlimited-fake-rate-to-the-passenger-in-city-to-city-affected-endpoint-api-v-reviews-ride-id-driver-bugsv
hackerone

HackerOne Bug Bounty Disclosure: account-takeover-arbitrary-file-read-and-deletion-partial-code-execution-intent-redirection-through-com-mercadopago-wallet-splash-splashactivity-fr-via

June 28, 2024

Company Name: MercadoLibre Company HackerOne URL: https://hackerone.com/mercadolibre Submitted By:fr4viaLink to Submitters Profile:https://hackerone.com/fr4via Report Title:Account Takeover / Arbitrary File read and...

Read MoreRead more about HackerOne Bug Bounty Disclosure: account-takeover-arbitrary-file-read-and-deletion-partial-code-execution-intent-redirection-through-com-mercadopago-wallet-splash-splashactivity-fr-via
hackerone

HackerOne Bug Bounty Disclosure: idor-leading-unauthenticated-attacker-to-download-documents-discloses-pii-of-users-and-soldiers-via-hxxps-www-download-aspx-id-htus-berserker

June 27, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:berserker1999Link to Submitters Profile:https://hackerone.com/berserker1999 Report Title:IDOR leading unauthenticated attacker...

Read MoreRead more about HackerOne Bug Bounty Disclosure: idor-leading-unauthenticated-attacker-to-download-documents-discloses-pii-of-users-and-soldiers-via-hxxps-www-download-aspx-id-htus-berserker
hackerone

HackerOne Bug Bounty Disclosure: local-file-disclosure-on-the-hxxps-edu-leads-to-the-full-source-code-disclosure-and-credentials-leak-sp-d-rs

June 27, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:sp1d3rsLink to Submitters Profile:https://hackerone.com/sp1d3rs Report Title:Local File Disclosure on...

Read MoreRead more about HackerOne Bug Bounty Disclosure: local-file-disclosure-on-the-hxxps-edu-leads-to-the-full-source-code-disclosure-and-credentials-leak-sp-d-rs
hackerone

HackerOne Bug Bounty Disclosure: subdomain-takeover-of-ci-support-booking-com-pointing-to-zendesk-jub-bs

June 25, 2024

Company Name: Booking.com Company HackerOne URL: https://hackerone.com/bookingcom Submitted By:jub0bsLink to Submitters Profile:https://hackerone.com/jub0bs Report Title:Subdomain takeover of ci-supportbookingcom (pointing to Zendesk)Report...

Read MoreRead more about HackerOne Bug Bounty Disclosure: subdomain-takeover-of-ci-support-booking-com-pointing-to-zendesk-jub-bs
hackerone

HackerOne Bug Bounty Disclosure: monitoring-prow-canary-k-s-io-is-vulnerable-to-cve-grafana-day-jub-bs

June 25, 2024

Company Name: Kubernetes Company HackerOne URL: https://hackerone.com/kubernetes Submitted By:jub0bsLink to Submitters Profile:https://hackerone.com/jub0bs Report Title:monitoringprow-canaryk8sio is vulnerable to CVE-2022-21703 (Grafana 0-day)Report...

Read MoreRead more about HackerOne Bug Bounty Disclosure: monitoring-prow-canary-k-s-io-is-vulnerable-to-cve-grafana-day-jub-bs
hackerone

HackerOne Bug Bounty Disclosure: cloudflare-cdn-cgi-path-allows-resizing-images-from-unauthorised-sources-on-enjinusercontent-com–whoami

June 19, 2024

Company Name: Enjin Company HackerOne URL: https://hackerone.com/enjin Submitted By:19whoami19Link to Submitters Profile:https://hackerone.com/19whoami19 Report Title:Cloudflare /cdn-cgi/ path allows resizing images from...

Read MoreRead more about HackerOne Bug Bounty Disclosure: cloudflare-cdn-cgi-path-allows-resizing-images-from-unauthorised-sources-on-enjinusercontent-com–whoami
hackerone

HackerOne Bug Bounty Disclosure: -meetup-world-id-oidc-insufficient-filtering-of-state-parameter-in-response-mode-form-post-leads-to-xss-and-ato-lauritz

June 19, 2024

Company Name: Tools for Humanity Company HackerOne URL: https://hackerone.com/toolsforhumanity Submitted By:lauritzLink to Submitters Profile:https://hackerone.com/lauritz Report Title: Insufficient Filtering of "state"...

Read MoreRead more about HackerOne Bug Bounty Disclosure: -meetup-world-id-oidc-insufficient-filtering-of-state-parameter-in-response-mode-form-post-leads-to-xss-and-ato-lauritz

You may have missed

image

[AKIRA] – Ransomware Victim: Fayrefield Foods

July 17, 2025
image

[AKIRA] – Ransomware Victim: Multilift Logistic Group

July 17, 2025
image

CVE Alert: CVE-2025-3871

July 17, 2025
image

CVE Alert: CVE-2025-40923

July 17, 2025
image

CVE Alert: CVE-2025-40919

July 17, 2025