Bug Bounty

hackerone

HackerOne Bug Bounty Disclosure: returnurl-allow-attacker-to-redirect-users-to-the-another-phising-website-and-takeover-credientials-basant-x

June 4, 2025

Company Name: Insightly Company HackerOne URL: https://hackerone.com/insightly Submitted By:basant0x01Link to Submitters Profile:https://hackerone.com/basant0x01 Report Title:returnUrl= allow attacker to redirect users to...

Read MoreRead more about HackerOne Bug Bounty Disclosure: returnurl-allow-attacker-to-redirect-users-to-the-another-phising-website-and-takeover-credientials-basant-x
hackerone

HackerOne Bug Bounty Disclosure: idor-account-deletion-via-session-misbinding-attacker-can-delete-victim-account-z-phyrus

June 3, 2025

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:z3phyrusLink to Submitters Profile:https://hackerone.com/z3phyrus Report Title:IDOR: Account Deletion via Session Misbinding Attacker...

Read MoreRead more about HackerOne Bug Bounty Disclosure: idor-account-deletion-via-session-misbinding-attacker-can-delete-victim-account-z-phyrus
hackerone

HackerOne Bug Bounty Disclosure: public-github-repositories-for-multiple-hackerone-managed-triage-team-profiles-contain-private-hackerone-reports-information-w-w

May 31, 2025

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:w2wLink to Submitters Profile:https://hackerone.com/w2w Report Title:Public GitHub repositories for multiple HackerOne managed...

Read MoreRead more about HackerOne Bug Bounty Disclosure: public-github-repositories-for-multiple-hackerone-managed-triage-team-profiles-contain-private-hackerone-reports-information-w-w
hackerone

HackerOne Bug Bounty Disclosure: information-disclosure-of-metrics-fax-wavecell-com-metrics-kauenavarro

May 30, 2025

Company Name: 8x8 Bounty Company HackerOne URL: https://hackerone.com/8x8-bounty Submitted By:kauenavarroLink to Submitters Profile:https://hackerone.com/kauenavarro Report Title:Information Disclosure of metrics faxwavecellcom/metricsReport Link:https://hackerone.com/reports/1365076Date...

Read MoreRead more about HackerOne Bug Bounty Disclosure: information-disclosure-of-metrics-fax-wavecell-com-metrics-kauenavarro
hackerone

HackerOne Bug Bounty Disclosure: facebook-username-takeover-via-broken-link-in-footer-vulnerability-is-here

May 30, 2025

Company Name: Omise Company HackerOne URL: https://hackerone.com/omise Submitted By:vulnerability_is_hereLink to Submitters Profile:https://hackerone.com/vulnerability_is_here Report Title:Facebook Username Takeover via Broken Link in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: facebook-username-takeover-via-broken-link-in-footer-vulnerability-is-here
hackerone

HackerOne Bug Bounty Disclosure: apache-airflow-fab-provider-application-does-not-invalidate-session-after-password-change-via-airflow-cli-saurabhb

May 29, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:saurabhbLink to Submitters Profile:https://hackerone.com/saurabhb Report Title:Apache Airflow Fab Provider: Application...

Read MoreRead more about HackerOne Bug Bounty Disclosure: apache-airflow-fab-provider-application-does-not-invalidate-session-after-password-change-via-airflow-cli-saurabhb
hackerone

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-global-accelerator-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the Global...

Read MoreRead more about HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-global-accelerator-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-health-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the Health...

Read MoreRead more about HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-health-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: amazon-pinpoint-sms-and-voice-version-service-reporting-aws-internal-for-cloudtrail-events-generated-from-fips-endpoints-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Amazon Pinpoint SMS and Voice, version...

Read MoreRead more about HackerOne Bug Bounty Disclosure: amazon-pinpoint-sms-and-voice-version-service-reporting-aws-internal-for-cloudtrail-events-generated-from-fips-endpoints-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: non-production-api-endpoint-for-the-eventbridge-service-fails-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoint for the EventBridge...

Read MoreRead more about HackerOne Bug Bounty Disclosure: non-production-api-endpoint-for-the-eventbridge-service-fails-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: amazon-kendra-intelligent-ranking-service-reporting-aws-internal-for-cloudtrail-events-generated-from-fips-endpoints-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Amazon Kendra Intelligent Ranking Service Reporting...

Read MoreRead more about HackerOne Bug Bounty Disclosure: amazon-kendra-intelligent-ranking-service-reporting-aws-internal-for-cloudtrail-events-generated-from-fips-endpoints-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-bedrock-agent-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the bedrock-agent...

Read MoreRead more about HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-bedrock-agent-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: remote-code-execution-via-unsafe-usage-of-reply-view-raw-in-fastify-view-ejs-template-engine-oblivionsage

May 28, 2025

Company Name: Fastify Company HackerOne URL: https://hackerone.com/fastify Submitted By:oblivionsageLink to Submitters Profile:https://hackerone.com/oblivionsage Report Title:Remote Code Execution via unsafe usage of...

Read MoreRead more about HackerOne Bug Bounty Disclosure: remote-code-execution-via-unsafe-usage-of-reply-view-raw-in-fastify-view-ejs-template-engine-oblivionsage
hackerone

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-bedrock-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the bedrock...

Read MoreRead more about HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-bedrock-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

You may have missed

image

CVE Alert: CVE-2025-7511

July 15, 2025
image

CVE Alert: CVE-2025-7512

July 15, 2025
image

CVE Alert: CVE-2025-7508

July 15, 2025
image

CVE Alert: CVE-2025-7510

July 15, 2025
image

CVE Alert: CVE-2025-7509

July 15, 2025