Bug Bounty

HackerOne Bug Bounty Disclosure: view-any-user-email-using-the-team-s-audit-log-section–verw-tch

March 26, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0verw4tchLink to Submitters Profile:https://hackerone.com/0verw4tch Report Title:View any user email using the Team's...

HackerOne Bug Bounty Disclosure: creation-of-bounties-through-customer-api-leads-to-private-email-disclosure–verw-tch

March 26, 2024

HackerOne Bug Bounty Disclosure: authentication-bypass-with-usage-of-presignedurl-kolokokop

March 22, 2024

Company Name: ownCloud Company HackerOne URL: https://hackerone.com/owncloud Submitted By:kolokokopLink to Submitters Profile:https://hackerone.com/kolokokop Report Title:Authentication Bypass with usage of PreSignedURLReport Link:https://hackerone.com/reports/2337427Date...

HackerOne Bug Bounty Disclosure: reflective-cross-site-scripting-xss-on-pages-anonymlss

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:anonymlssLink to Submitters Profile:https://hackerone.com/anonymlss Report Title:Reflective Cross Site Scripting...

HackerOne Bug Bounty Disclosure: full-access-to-sonarqube-and-docker-elevenoo

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:elevenoo1Link to Submitters Profile:https://hackerone.com/elevenoo1 Report Title:Full Access to sonarQube...

HackerOne Bug Bounty Disclosure: resource-injection-geej

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:geejLink to Submitters Profile:https://hackerone.com/geej Report Title:Resource Injection - Report...

HackerOne Bug Bounty Disclosure: parmetro-xss-nome-de-usurio-chor-o

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:chor4oLink to Submitters Profile:https://hackerone.com/chor4o Report Title:Parmetro XSS: Nome de...

HackerOne Bug Bounty Disclosure: dbms-information-getting-exposed-publicly-on-dishant-singh

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:dishant_singhLink to Submitters Profile:https://hackerone.com/dishant_singh Report Title:DBMS information getting exposed...

HackerOne Bug Bounty Disclosure: xss-parameter-s-s-css-chor-o

March 22, 2024

HackerOne Bug Bounty Disclosure: attacker-can-add-itself-as-admin-user-and-can-also-change-privileges-of-existing-users-dishant-singh

March 22, 2024

HackerOne Bug Bounty Disclosure: xss-chor-o

March 22, 2024

HackerOne Bug Bounty Disclosure: improper-authentication-login-without-registration-with-any-user-at-archyxsec

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:archyxsecLink to Submitters Profile:https://hackerone.com/archyxsec Report Title:Improper Authentication (Login without...

HackerOne Bug Bounty Disclosure: -leaking-pii-of-tour-visitors-names-email-addresses-phone-numbers-via-misconfigured-record-permissions-oxylis

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:oxylisLink to Submitters Profile:https://hackerone.com/oxylis Report Title: leaking PII of...

HackerOne Bug Bounty Disclosure: open-redirect-via-non-latin-subdomain-in-vcc-x-com-agui-php-pentestor

March 20, 2024

Company Name: 8x8 Bounty Company HackerOne URL: https://hackerone.com/8x8-bounty Submitted By:pentestorLink to Submitters Profile:https://hackerone.com/pentestor Report Title:Open Redirect via Non-Latin Subdomain in...

HackerOne Bug Bounty Disclosure: patch-method-manipulation-allowing-the-users-to-escalate-their-functionalities-and-edit-upgrade-downgrade-api-keys-settings-which-is-not-allowed-bugsv

March 20, 2024

Company Name: Frontegg Company HackerOne URL: https://hackerone.com/frontegg Submitted By:bugsv2Link to Submitters Profile:https://hackerone.com/bugsv2 Report Title:PATCH method manipulation allowing the users to...

HackerOne Bug Bounty Disclosure: bypassing-the-block-of-security-domain-restriction-and-normally-invite-blocked-domains-with-special-characters-bugsv

March 20, 2024

HackerOne Bug Bounty Disclosure: steal-any-user-in-your-orgs-private-github-token-by-pointing-the-gh-integration-at-an-attacker-controlled-ghe-instance-archangel

March 19, 2024

Company Name: New Relic Company HackerOne URL: https://hackerone.com/newrelic Submitted By:archangelLink to Submitters Profile:https://hackerone.com/archangel Report Title:Steal any user in your orgs...

HackerOne Bug Bounty Disclosure: missing-authorization-check-on-view-permissions-for-alerting-conditions-via-internal-api-accounts-xxxxxxx-policies-yyyyyyy-conditions-offs-endpoint-archangel

March 19, 2024

HackerOne Bug Bounty Disclosure: user-without-view-modify-delete-permissions-on-destinations-can-view-modify-delete-destinations-archangel

March 19, 2024

HackerOne Bug Bounty Disclosure: xss-in-new-loading-page-html-redyetihacks

March 17, 2024

Company Name: GoCD Company HackerOne URL: https://hackerone.com/gocd Submitted By:redyetihacksLink to Submitters Profile:https://hackerone.com/redyetihacks Report Title:XSS in newloadingpagehtmlReport Link:https://hackerone.com/reports/2419227Date Submitted:17 March 2024...

HackerOne Bug Bounty Disclosure: being-able-to-disclose-ibb-bounty-table-of-any-public-program-akashhamal-x

March 17, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:akashhamal0x01Link to Submitters Profile:https://hackerone.com/akashhamal0x01 Report Title:Being able to disclose IBB bounty table...

HackerOne Bug Bounty Disclosure: denial-of-service-by-resource-exhaustion-in-fetch-brotli-decoding-maple

March 16, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:maple3142Link to Submitters Profile:https://hackerone.com/maple3142 Report Title:Denial of Service by resource exhaustion in...

HackerOne Bug Bounty Disclosure: setuid-does-not-drop-all-privileges-due-to-io-uring-valette

March 16, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:valetteLink to Submitters Profile:https://hackerone.com/valette Report Title:setuid() does not drop all privileges due...

HackerOne Bug Bounty Disclosure: github-app-link-takeover-listed-on-hxxps-docs-doppler-com-docs-github-actions-page-w-shi

March 15, 2024

Company Name: Doppler Company HackerOne URL: https://hackerone.com/doppler Submitted By:w3shiLink to Submitters Profile:https://hackerone.com/w3shi Report Title:Github app(link) Takeover Listed on "hXXps://docsdopplercom/docs/github-actions" pageReport...

Bug Bounty

HackerOne Bug Bounty Disclosure: view-any-user-email-using-the-team-s-audit-log-section–verw-tch

HackerOne Bug Bounty Disclosure: creation-of-bounties-through-customer-api-leads-to-private-email-disclosure–verw-tch

HackerOne Bug Bounty Disclosure: authentication-bypass-with-usage-of-presignedurl-kolokokop

HackerOne Bug Bounty Disclosure: reflective-cross-site-scripting-xss-on-pages-anonymlss

HackerOne Bug Bounty Disclosure: full-access-to-sonarqube-and-docker-elevenoo

HackerOne Bug Bounty Disclosure: resource-injection-geej

HackerOne Bug Bounty Disclosure: parmetro-xss-nome-de-usurio-chor-o

HackerOne Bug Bounty Disclosure: dbms-information-getting-exposed-publicly-on-dishant-singh

HackerOne Bug Bounty Disclosure: xss-parameter-s-s-css-chor-o

HackerOne Bug Bounty Disclosure: attacker-can-add-itself-as-admin-user-and-can-also-change-privileges-of-existing-users-dishant-singh

HackerOne Bug Bounty Disclosure: xss-chor-o

HackerOne Bug Bounty Disclosure: improper-authentication-login-without-registration-with-any-user-at-archyxsec

HackerOne Bug Bounty Disclosure: -leaking-pii-of-tour-visitors-names-email-addresses-phone-numbers-via-misconfigured-record-permissions-oxylis

HackerOne Bug Bounty Disclosure: open-redirect-via-non-latin-subdomain-in-vcc-x-com-agui-php-pentestor

HackerOne Bug Bounty Disclosure: patch-method-manipulation-allowing-the-users-to-escalate-their-functionalities-and-edit-upgrade-downgrade-api-keys-settings-which-is-not-allowed-bugsv

HackerOne Bug Bounty Disclosure: bypassing-the-block-of-security-domain-restriction-and-normally-invite-blocked-domains-with-special-characters-bugsv

HackerOne Bug Bounty Disclosure: steal-any-user-in-your-orgs-private-github-token-by-pointing-the-gh-integration-at-an-attacker-controlled-ghe-instance-archangel

HackerOne Bug Bounty Disclosure: missing-authorization-check-on-view-permissions-for-alerting-conditions-via-internal-api-accounts-xxxxxxx-policies-yyyyyyy-conditions-offs-endpoint-archangel

HackerOne Bug Bounty Disclosure: user-without-view-modify-delete-permissions-on-destinations-can-view-modify-delete-destinations-archangel

HackerOne Bug Bounty Disclosure: xss-in-new-loading-page-html-redyetihacks

HackerOne Bug Bounty Disclosure: being-able-to-disclose-ibb-bounty-table-of-any-public-program-akashhamal-x

HackerOne Bug Bounty Disclosure: denial-of-service-by-resource-exhaustion-in-fetch-brotli-decoding-maple

HackerOne Bug Bounty Disclosure: setuid-does-not-drop-all-privileges-due-to-io-uring-valette

HackerOne Bug Bounty Disclosure: github-app-link-takeover-listed-on-hxxps-docs-doppler-com-docs-github-actions-page-w-shi

CVE Alert: CVE-2025-49876

CVE Alert: CVE-2025-49884

CVE Alert: CVE-2025-50028

CVE Alert: CVE-2025-49888

CVE Alert: CVE-2025-52714

You may have missed