Bug Bounty

HackerOne Bug Bounty Disclosure: unauthenticated-arbitrary-file-upload-on-the-hxxps-mil-sp-d-rs

July 19, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:sp1d3rsLink to Submitters Profile:https://hackerone.com/sp1d3rs Report Title:Unauthenticated arbitrary file upload...

HackerOne Bug Bounty Disclosure: authentication-bypass-and-potential-rce-on-the-hxxps-due-to-exposed-cisco-telepresence-sx-with-default-credentials-sp-d-rs

July 19, 2024

HackerOne Bug Bounty Disclosure: missing-access-control-allows-for-user-creation-and-privilege-escalation-bulldawg

July 19, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:bulldawgLink to Submitters Profile:https://hackerone.com/bulldawg Report Title:Missing Access Control Allows...

HackerOne Bug Bounty Disclosure: email-takeover-leads-to-permanent-account-deletion-prakhar-x

July 19, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:prakhar0x01Link to Submitters Profile:https://hackerone.com/prakhar0x01 Report Title:Email Takeover leads to...

HackerOne Bug Bounty Disclosure: endpoint-redirects-to-admin-page-and-provides-admin-role-bulldawg

July 19, 2024

HackerOne Bug Bounty Disclosure: xml-external-entity-xxe-injection-maskedpersian

July 19, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:maskedpersianLink to Submitters Profile:https://hackerone.com/maskedpersian Report Title:XML External Entity (XXE)...

HackerOne Bug Bounty Disclosure: restrict-any-user-from-login-to-their-account-prakhar-x

July 19, 2024

HackerOne Bug Bounty Disclosure: local-file-inclusion-in-download-php-tokyoenigma

July 19, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:tokyoenigmaLink to Submitters Profile:https://hackerone.com/tokyoenigma Report Title:Local File Inclusion in...

HackerOne Bug Bounty Disclosure: idor-leads-to-pii-leak-prakhar-x

July 19, 2024

HackerOne Bug Bounty Disclosure: authentication-bypass-on-hxxps-bulldawg

July 19, 2024

HackerOne Bug Bounty Disclosure: idor-modify-other-users-demographic-details-prakhar-x

July 19, 2024

HackerOne Bug Bounty Disclosure: idor-leads-to-view-other-user-biographical-details-possible-pii-leak-prakhar-x

July 19, 2024

HackerOne Bug Bounty Disclosure: automatic-admin-access-bulldawg

July 19, 2024

HackerOne Bug Bounty Disclosure: xss-in-ibm-infocenter-redyetihacks

July 17, 2024

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:redyetihacksLink to Submitters Profile:https://hackerone.com/redyetihacks Report Title:XSS in IBM InfoCenterReport Link:https://hackerone.com/reports/2343548Date Submitted:17 July...

HackerOne Bug Bounty Disclosure: permission-model-improperly-processes-unc-paths-tniessen

July 15, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:tniessenLink to Submitters Profile:https://hackerone.com/tniessen Report Title:Permission model improperly processes UNC pathsReport Link:https://hackerone.com/reports/2079103Date...

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-http-response-splitting-cve-orange

July 13, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:orangeLink to Submitters Profile:https://hackerone.com/orange Report Title:moderate: Apache HTTP Server: HTTP...

HackerOne Bug Bounty Disclosure: account-takeover-via-authentication-bypass-in-tiktok-account-recovery-xtt-k

July 13, 2024

Company Name: TikTok Company HackerOne URL: https://hackerone.com/tiktok Submitted By:xtt0kLink to Submitters Profile:https://hackerone.com/xtt0k Report Title:Account Takeover via Authentication Bypass in TikTok...

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-proxy-encoding-problem-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-with-encoded-question-marks-in-backreferences-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-may-use-exploitable-malicious-backend-application-output-to-run-local-handlers-via-internal-redirect-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-in-mod-rewrite-when-first-segment-of-substitution-matches-filesystem-path-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-crash-resulting-in-denial-of-service-in-mod-proxy-via-a-malicious-request-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-on-windows-unc-ssrf-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: file-sizes-may-be-manipulated-into-negative-numbers-when-uploading-yinmo

July 10, 2024

Company Name: LY Corporation Company HackerOne URL: https://hackerone.com/line Submitted By:yinmoLink to Submitters Profile:https://hackerone.com/yinmo Report Title:File sizes may be manipulated into...

Bug Bounty

HackerOne Bug Bounty Disclosure: unauthenticated-arbitrary-file-upload-on-the-hxxps-mil-sp-d-rs

HackerOne Bug Bounty Disclosure: authentication-bypass-and-potential-rce-on-the-hxxps-due-to-exposed-cisco-telepresence-sx-with-default-credentials-sp-d-rs

HackerOne Bug Bounty Disclosure: missing-access-control-allows-for-user-creation-and-privilege-escalation-bulldawg

HackerOne Bug Bounty Disclosure: email-takeover-leads-to-permanent-account-deletion-prakhar-x

HackerOne Bug Bounty Disclosure: endpoint-redirects-to-admin-page-and-provides-admin-role-bulldawg

HackerOne Bug Bounty Disclosure: xml-external-entity-xxe-injection-maskedpersian

HackerOne Bug Bounty Disclosure: restrict-any-user-from-login-to-their-account-prakhar-x

HackerOne Bug Bounty Disclosure: local-file-inclusion-in-download-php-tokyoenigma

HackerOne Bug Bounty Disclosure: idor-leads-to-pii-leak-prakhar-x

HackerOne Bug Bounty Disclosure: authentication-bypass-on-hxxps-bulldawg

HackerOne Bug Bounty Disclosure: idor-modify-other-users-demographic-details-prakhar-x

HackerOne Bug Bounty Disclosure: idor-leads-to-view-other-user-biographical-details-possible-pii-leak-prakhar-x

HackerOne Bug Bounty Disclosure: automatic-admin-access-bulldawg

HackerOne Bug Bounty Disclosure: xss-in-ibm-infocenter-redyetihacks

HackerOne Bug Bounty Disclosure: permission-model-improperly-processes-unc-paths-tniessen

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-http-response-splitting-cve-orange

HackerOne Bug Bounty Disclosure: account-takeover-via-authentication-bypass-in-tiktok-account-recovery-xtt-k

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-proxy-encoding-problem-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-with-encoded-question-marks-in-backreferences-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-may-use-exploitable-malicious-backend-application-output-to-run-local-handlers-via-internal-redirect-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-in-mod-rewrite-when-first-segment-of-substitution-matches-filesystem-path-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-crash-resulting-in-denial-of-service-in-mod-proxy-via-a-malicious-request-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-on-windows-unc-ssrf-cve-orange

HackerOne Bug Bounty Disclosure: file-sizes-may-be-manipulated-into-negative-numbers-when-uploading-yinmo

[MEDUSA] – Ransomware Victim: Simon Property Group

CVE Alert: CVE-2025-12399 – alexreservations – Alex Reservations: Smart Restaurant Booking

CVE Alert: CVE-2025-12099 – academylms – Academy LMS – WordPress LMS Plugin for Complete eLearning Solution

CVE Alert: CVE-2025-9334 – codesolz – Better Find and Replace – AI-Powered Suggestions

CVE Alert: CVE-2025-11967 – getwpfunnels – Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more

You may have missed