Bug Bounty

hackerone

HackerOne Bug Bounty Disclosure: domain-highlighting-on-external-link-warning-is-not-working-on-chrome-microsoft-edge-browsers-on-mobile-sarthakbhingare

March 13, 2025

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:sarthakbhingare015Link to Submitters Profile:https://hackerone.com/sarthakbhingare015 Report Title:Domain highlighting on External link warning is...

Read MoreRead more about HackerOne Bug Bounty Disclosure: domain-highlighting-on-external-link-warning-is-not-working-on-chrome-microsoft-edge-browsers-on-mobile-sarthakbhingare
hackerone

HackerOne Bug Bounty Disclosure: cgi-scripts-wordlist-entry-for-windmail-exe-has-payload-that-sends-arbitrary-file-read-result-to-third-party-floyd

March 13, 2025

Company Name: PortSwigger Web Security Company HackerOne URL: https://hackerone.com/portswigger Submitted By:floydLink to Submitters Profile:https://hackerone.com/floyd Report Title:cgi scripts wordlist entry for...

Read MoreRead more about HackerOne Bug Bounty Disclosure: cgi-scripts-wordlist-entry-for-windmail-exe-has-payload-that-sends-arbitrary-file-read-result-to-third-party-floyd
hackerone

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-in-mercadopago-com-ar-elmago

March 13, 2025

Company Name: MercadoLibre Company HackerOne URL: https://hackerone.com/mercadolibre Submitted By:elmagoLink to Submitters Profile:https://hackerone.com/elmago Report Title:Stored Cross-Site Scripting in mercadopagocomarReport Link:https://hackerone.com/reports/1955485Date Submitted:13...

Read MoreRead more about HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-in-mercadopago-com-ar-elmago
hackerone

HackerOne Bug Bounty Disclosure: use-after-free-read-in-curl-multi-perform-with-doh-and-proxy-options-and-resolve-timeouts-catenacyber

March 6, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:catenacyberLink to Submitters Profile:https://hackerone.com/catenacyber Report Title:Use after free (read) in curl_multi_perform with...

Read MoreRead more about HackerOne Bug Bounty Disclosure: use-after-free-read-in-curl-multi-perform-with-doh-and-proxy-options-and-resolve-timeouts-catenacyber
hackerone

HackerOne Bug Bounty Disclosure: ability-to-add-and-verify-uncontrolled-mobile-numbers-leading-to-account-takeover-ato-trev-ck

March 4, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:trev0ckLink to Submitters Profile:https://hackerone.com/trev0ck Report Title:Ability to Add and Verify Uncontrolled...

Read MoreRead more about HackerOne Bug Bounty Disclosure: ability-to-add-and-verify-uncontrolled-mobile-numbers-leading-to-account-takeover-ato-trev-ck
hackerone

HackerOne Bug Bounty Disclosure: broken-access-control-leads-to-disclosure-of-transaction-history-via-v-rechargetransactionhistory-endpoint-hafiz-ng

March 2, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:hafiz-ngLink to Submitters Profile:https://hackerone.com/hafiz-ng Report Title:Broken Access Control leads to disclosure...

Read MoreRead more about HackerOne Bug Bounty Disclosure: broken-access-control-leads-to-disclosure-of-transaction-history-via-v-rechargetransactionhistory-endpoint-hafiz-ng
hackerone

HackerOne Bug Bounty Disclosure: stored-xss-via-post-tittle-enabling-non-privileged-user-to-privileged-user-exploitation-on-hxxps-forums-autodesk-com-the-white-evil

February 26, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:the-white-evilLink to Submitters Profile:https://hackerone.com/the-white-evil Report Title:Stored XSS via Post Tittle Enabling Non-Privileged...

Read MoreRead more about HackerOne Bug Bounty Disclosure: stored-xss-via-post-tittle-enabling-non-privileged-user-to-privileged-user-exploitation-on-hxxps-forums-autodesk-com-the-white-evil
hackerone

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-datazone-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

February 26, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the Datazone...

Read MoreRead more about HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-datazone-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: format-string-vulnerability-curl-msnprintf-function-orcahack

February 20, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:orcahackLink to Submitters Profile:https://hackerone.com/orcahack Report Title:Format string vulnerability, curl_msnprintf() function Report Link:https://hackerone.com/reports/2990139Date...

Read MoreRead more about HackerOne Bug Bounty Disclosure: format-string-vulnerability-curl-msnprintf-function-orcahack
hackerone

HackerOne Bug Bounty Disclosure: uncontrolled-resource-consumption-when-parsing-maliciously-crafted-xml-with-rexml-l-thaxor

February 20, 2025

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:l33thaxorLink to Submitters Profile:https://hackerone.com/l33thaxor Report Title:Uncontrolled Resource Consumption when parsing maliciously crafted...

Read MoreRead more about HackerOne Bug Bounty Disclosure: uncontrolled-resource-consumption-when-parsing-maliciously-crafted-xml-with-rexml-l-thaxor
hackerone

HackerOne Bug Bounty Disclosure: unauthenticated-phpinfo-files-could-lead-to-ability-file-read-at-h-f-n-ips-mtn-co-ug-dashboard-offensiveops

February 20, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:offensiveopsLink to Submitters Profile:https://hackerone.com/offensiveops Report Title:Unauthenticated phpinfo()files could lead to ability...

Read MoreRead more about HackerOne Bug Bounty Disclosure: unauthenticated-phpinfo-files-could-lead-to-ability-file-read-at-h-f-n-ips-mtn-co-ug-dashboard-offensiveops
hackerone

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-idor-vulnerability-in-autodesk-user-profile-eyax

February 19, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:eyax0Link to Submitters Profile:https://hackerone.com/eyax0 Report Title:Insecure Direct Object Reference (IDOR) Vulnerability in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-idor-vulnerability-in-autodesk-user-profile-eyax
hackerone

HackerOne Bug Bounty Disclosure: idor-vulnerability-allowing-unauthorized-profile-picture-change-tasin-zucced

February 19, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:tasin_zucced___Link to Submitters Profile:https://hackerone.com/tasin_zucced___ Report Title:IDOR Vulnerability Allowing Unauthorized Profile Picture ChangeReport...

Read MoreRead more about HackerOne Bug Bounty Disclosure: idor-vulnerability-allowing-unauthorized-profile-picture-change-tasin-zucced
hackerone

HackerOne Bug Bounty Disclosure: improper-cache-handling-allows-access-to-post-logout-pages-victim-of-life

February 10, 2025

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:victim_of_lifeLink to Submitters Profile:https://hackerone.com/victim_of_life Report Title:Improper Cache Handling Allows Access to Post-Logout...

Read MoreRead more about HackerOne Bug Bounty Disclosure: improper-cache-handling-allows-access-to-post-logout-pages-victim-of-life

You may have missed

image

CVE Alert: CVE-2023-37534

April 25, 2025
image

CVE Alert: CVE-2025-31324

April 25, 2025
image

CVE Alert: CVE-2024-30113

April 25, 2025
image

CVE Alert: CVE-2023-45720

April 25, 2025
image

CVE Alert: CVE-2024-30147

April 25, 2025