HackerOne Bug Bounty Disclosure: disclose-stuff-member-name-and-make-actions-byzambo
Programme HackerOne Shopify Submitted by zambo Report Disclose STUFF member name and make actions.
Read more
Bug Bounty
HackerOne Bug Bounty Disclosure: public-postman-api-collection-leaks-internal-access-to-https://assets-paris-dev-codefi-network/bypolem4rch
Programme HackerOne Consensys Submitted by polem4rch Report Public Postman Api Collection Leaks Internal access to https://assets-paris-dev.codefi.network/
Read more
HackerOne Bug Bounty Disclosure: disclose-customer-orders-details-by-shopify-chat-application-byzambo
Programme HackerOne Shopify Submitted by zambo Report Disclose customer orders details by shopify chat application.
Read more
HackerOne Bug Bounty Disclosure: [java]:-cwe-321—query-to-detect-hardcoded-jwt-secret-keysbyluchua
Programme HackerOne GitHub Security Lab Submitted by luchua Report [Java]: CWE-321 – Query to detect hardcoded JWT secret keys
Read more
HackerOne Bug Bounty Disclosure: [java]:-cwe-552-add-sources-and-sinks-to-detect-unsafe-getresource-calls-in-java-ee-applicationsbyluchua
Programme HackerOne GitHub Security Lab Submitted by luchua Report [Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls
Read more
HackerOne Bug Bounty Disclosure: [cpp]:-add-query-for-cwe-754:-improper-check-for-unusual-or-exceptional-conditions-when-using-functions-scanfbyihsinme
Programme HackerOne GitHub Security Lab Submitted by ihsinme Report [CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional
Read more
HackerOne Bug Bounty Disclosure: cookie-injection-from-non-secure-contextbynyymi
Programme HackerOne curl Submitted by nyymi Report Cookie injection from non-secure context
Read more
HackerOne Bug Bounty Disclosure: [cpp]:-add-query-for-cwe-190:-integer-overflow-or-wraparound-when-using-transform-after-operationbyihsinme
Programme HackerOne GitHub Security Lab Submitted by ihsinme Report [CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using
Read more
HackerOne Bug Bounty Disclosure: [java]-cwe-016:-query-to-detect-insecure-configuration-of-spring-boot-actuatorbyluchua
Programme HackerOne GitHub Security Lab Submitted by luchua Report [Java] CWE-016: Query to detect insecure configuration of Spring Boot Actuator
Read more
HackerOne Bug Bounty Disclosure: memory-leak-in-curlopt_xoauth2_bearerbypappacoda
Programme HackerOne curl Submitted by pappacoda Report Memory leak in CURLOPT_XOAUTH2_BEARER
Read more
BugCrowd Bug Bounty Disclosure: P4 – Reflected XSS in https://www.indeed.com/career-advice/ – By cr00k
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct
Read more
BugCrowd Bug Bounty Disclosure: P4 – Self XSS on my.indeed.com affecting multiple input fields – By iman122
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct
Read more
HackerOne Bug Bounty Disclosure: storage-of-old-passwords-in-plain-text-formatbysubuganz
Programme HackerOne Recorded Future Submitted by subuganz Report Storage of old passwords in plain text format
Read more
BugCrowd Bug Bounty Disclosure: P4 – No DMARC Record Found – By sujan_shetty
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct
Read more
HackerOne Bug Bounty Disclosure: misconfigured-rate-limit-in-sending-notifications-to-the-victims-phone-via-the-endpoint-“-/faxes/inbox-“byshamim_12__
Programme HackerOne Alohi Submitted by shamim_12__ Report Misconfigured Rate Limit in Sending Notifications to the Victims Phone Via the Endpoint
Read more
BugCrowd Bug Bounty Disclosure: P4 – XSS via file name – https://sms.indeed.com/signup/signage-details/ – By CGuillaume
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct
Read more
HackerOne Bug Bounty Disclosure: reflected-xss-in-https://sh-reddit-combyabhiramsita
Programme HackerOne Reddit Submitted by abhiramsita Report Reflected xss in https://sh.reddit.com
Read more
BugCrowd Bug Bounty Disclosure: P4 – Stored-xss is working – By agnihackers123
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct
Read more
BugCrowd Bug Bounty Disclosure: P4 – xss – By Ramesh_Kumar
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct
Read more
BugCrowd Bug Bounty Disclosure: P4 – Email HTML Injection at https://baito.indeed.com – By danibhai
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct
Read more
BugCrowd Bug Bounty Disclosure: P4 – Xss in resume – By Saidul_islam
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct
Read more
BugCrowd Bug Bounty Disclosure: P4 – Cleartext submission of password on http://insights.indeed.tech/users/sign_in – By dirty0124
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct
Read more
HackerOne Bug Bounty Disclosure: github-account-takeover-which-is-used-as-gradle-vcs-in-“github-com/palantir/gradle-launch-config-plugin”bycodermak
Programme HackerOne Palantir Public Submitted by codermak Report Github Account Takeover which is used as gradle vcs in “github.com/palantir/gradle-launch-config-plugin”
Read more
BugCrowd Bug Bounty Disclosure: P3 – XSS reflected – https://www.indeed.com/hire/employer-confirmation [co, hl] – By CGuillaume
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct
Read more