Bug Bounty

hackerone

HackerOne Bug Bounty Disclosure: logical-flaw-in-curl-url-set-leads-to-inconsistent-query-parameter-encoding-exploitguru

October 29, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:exploitguru101Link to Submitters Profile:https://hackerone.com/exploitguru101 Report Title:Logical Flaw in curl_url_set Leads to Inconsistent...

Read MoreRead more about HackerOne Bug Bounty Disclosure: logical-flaw-in-curl-url-set-leads-to-inconsistent-query-parameter-encoding-exploitguru
hackerone

HackerOne Bug Bounty Disclosure: curls-persistence-files-inherit-world-readable-writable-perms-from-umask-leaking-and-tampering-with-cookies-hsts-alt-svc-caches-geeknik

October 28, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:geeknikLink to Submitters Profile:https://hackerone.com/geeknik Report Title:curls persistence files inherit world-readable/writable perms from...

Read MoreRead more about HackerOne Bug Bounty Disclosure: curls-persistence-files-inherit-world-readable-writable-perms-from-umask-leaking-and-tampering-with-cookies-hsts-alt-svc-caches-geeknik
hackerone

HackerOne Bug Bounty Disclosure: memory-leak-in-curl-auth-create-ntlm-type-message-tjbecker-theori

October 28, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:tjbecker_theoriLink to Submitters Profile:https://hackerone.com/tjbecker_theori Report Title:Memory leak in Curl_auth_create_ntlm_type3_messageReport Link:https://hackerone.com/reports/3393539Date Submitted:28 October...

Read MoreRead more about HackerOne Bug Bounty Disclosure: memory-leak-in-curl-auth-create-ntlm-type-message-tjbecker-theori
hackerone

HackerOne Bug Bounty Disclosure: curlx-set-binmode-null-can-call-fileno-null-and-cause-undefined-behavior-crash-sippysir

October 27, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:sippysirLink to Submitters Profile:https://hackerone.com/sippysir Report Title:CURLX_SET_BINMODE(NULL) can call fileno(NULL) and cause undefined...

Read MoreRead more about HackerOne Bug Bounty Disclosure: curlx-set-binmode-null-can-call-fileno-null-and-cause-undefined-behavior-crash-sippysir
hackerone

HackerOne Bug Bounty Disclosure: error-based-time-based-sql-injection-in-keyword-parameter-of-admin-search-php-allowing-full-database-access-in-revive-adserver-v-kanon

October 24, 2025

Company Name: Revive Adserver Company HackerOne URL: https://hackerone.com/revive_adserver Submitted By:kanon4Link to Submitters Profile:https://hackerone.com/kanon4 Report Title:Error-Based & Time-Based SQL Injection in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: error-based-time-based-sql-injection-in-keyword-parameter-of-admin-search-php-allowing-full-database-access-in-revive-adserver-v-kanon
hackerone

HackerOne Bug Bounty Disclosure: -fa-bypass-possible-on-hxxps-authsvc-singlestore-com-axolot

October 22, 2025

Company Name: SingleStore Company HackerOne URL: https://hackerone.com/singlestore Submitted By:axolot23Link to Submitters Profile:https://hackerone.com/axolot23 Report Title:2FA bypass possible on hXXps://authsvcsinglestorecomReport Link:https://hackerone.com/reports/3329361Date Submitted:22...

Read MoreRead more about HackerOne Bug Bounty Disclosure: -fa-bypass-possible-on-hxxps-authsvc-singlestore-com-axolot
hackerone

HackerOne Bug Bounty Disclosure: buffer-overflow-in-websocket-handshake-lib-ws-c-aybanda

October 21, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:aybandaLink to Submitters Profile:https://hackerone.com/aybanda Report Title:Buffer Overflow in WebSocket Handshake (lib/wsc:1287)Report Link:https://hackerone.com/reports/3392174Date...

Read MoreRead more about HackerOne Bug Bounty Disclosure: buffer-overflow-in-websocket-handshake-lib-ws-c-aybanda
hackerone

HackerOne Bug Bounty Disclosure: application-level-dos-large-markdown-payload-in-reply-section-leading-to-resource-exhaustion-theteatoast

October 18, 2025

Company Name: Discourse Company HackerOne URL: https://hackerone.com/discourse Submitted By:theteatoastLink to Submitters Profile:https://hackerone.com/theteatoast Report Title:Application Level DoS - Large Markdown Payload...

Read MoreRead more about HackerOne Bug Bounty Disclosure: application-level-dos-large-markdown-payload-in-reply-section-leading-to-resource-exhaustion-theteatoast
hackerone

HackerOne Bug Bounty Disclosure: path-traversal-vulnerability-in-nextcloud-tables-enables-arbitrary-file-exfiltration-of-any-files-supported-by-phpspreadsheet-library-daroo

October 16, 2025

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:darooLink to Submitters Profile:https://hackerone.com/daroo Report Title:Path Traversal Vulnerability in Nextcloud Tables Enables...

Read MoreRead more about HackerOne Bug Bounty Disclosure: path-traversal-vulnerability-in-nextcloud-tables-enables-arbitrary-file-exfiltration-of-any-files-supported-by-phpspreadsheet-library-daroo
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P5 – internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) – Theekshana_kusal

October 16, 2025

internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) Researcher: Theekshana_kusal Engagement: National...

Read MoreRead more about BugCrowd Bug Bounty Disclosure: P5 – internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) – Theekshana_kusal
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P4 – open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ – uko3211

October 16, 2025

open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ Researcher: uko3211 Engagement: National Aeronautics and Space Administration...

Read MoreRead more about BugCrowd Bug Bounty Disclosure: P4 – open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ – uko3211
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P4 – Publicly editable Google Slides linked from nasa.gov enables unauthorized content modification (content integrity & brand abuse risk – Epenetus-Matias-Putra

October 16, 2025

Publicly editable Google Slides linked from nasa.gov enables unauthorized content modification (content integrity & brand abuse risk Publicly editable Google...

Read MoreRead more about BugCrowd Bug Bounty Disclosure: P4 – Publicly editable Google Slides linked from nasa.gov enables unauthorized content modification (content integrity & brand abuse risk – Epenetus-Matias-Putra
hackerone

HackerOne Bug Bounty Disclosure: samesite-restrictions-are-lifted-and-samesite-strict-cookie-are-being-sent-mingijung

October 15, 2025

Company Name: Brave Software Company HackerOne URL: https://hackerone.com/brave Submitted By:mingijungLink to Submitters Profile:https://hackerone.com/mingijung Report Title:SameSite restrictions are lifted, and SameSite:Strict...

Read MoreRead more about HackerOne Bug Bounty Disclosure: samesite-restrictions-are-lifted-and-samesite-strict-cookie-are-being-sent-mingijung
hackerone

HackerOne Bug Bounty Disclosure: apple-sectrust-legacy-path-accepts-untrusted-certificates-on-pre-macos-ios-when-built-with-use-apple-sectrust-giant-anteater

October 9, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:giant_anteaterLink to Submitters Profile:https://hackerone.com/giant_anteater Report Title:Apple SecTrust legacy path accepts untrusted certificates...

Read MoreRead more about HackerOne Bug Bounty Disclosure: apple-sectrust-legacy-path-accepts-untrusted-certificates-on-pre-macos-ios-when-built-with-use-apple-sectrust-giant-anteater
hackerone

HackerOne Bug Bounty Disclosure: dns-rebinding-ssrf-in-burp-suite-mcp-server-enables-internal-network-access-via-send-hxxp-request-tool-farmer

October 8, 2025

Company Name: PortSwigger Web Security Company HackerOne URL: https://hackerone.com/portswigger Submitted By:farmerLink to Submitters Profile:https://hackerone.com/farmer Report Title:DNS Rebinding SSRF in Burp...

Read MoreRead more about HackerOne Bug Bounty Disclosure: dns-rebinding-ssrf-in-burp-suite-mcp-server-enables-internal-network-access-via-send-hxxp-request-tool-farmer

You may have missed

image

CVE Alert: CVE-2025-12161 – burhandodhy – Smart Auto Upload Images – Import External Images

November 8, 2025
image

CVE Alert: CVE-2025-11452 – asgaros – Asgaros Forum

November 8, 2025
3328b9b1115c79977f9bac93f7cfd0f89e99279eeab0b6ed979ab4580751c22d

China Uses Mars Orbiter To Snap Interstellar Comet 3i/atlas

November 8, 2025
image

[DRAGONFORCE] – Ransomware Victim: GB Mail

November 8, 2025
image

[AKIRA] – Ransomware Victim: Mold In Graphic Systems

November 8, 2025