Bug Bounty

HackerOne Bug Bounty Disclosure: idor-vulnerability-allowing-unauthorized-profile-picture-change-tasin-zucced

February 19, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:tasin_zucced___Link to Submitters Profile:https://hackerone.com/tasin_zucced___ Report Title:IDOR Vulnerability Allowing Unauthorized Profile Picture ChangeReport...

HackerOne Bug Bounty Disclosure: wordpress-users-disclosure-karimtantawy

February 12, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:karimtantawyLink to Submitters Profile:https://hackerone.com/karimtantawy Report Title:Wordpress users DisclosureReport Link:https://hackerone.com/reports/2981756Date Submitted:12 February 2025...

HackerOne Bug Bounty Disclosure: improper-cache-handling-allows-access-to-post-logout-pages-victim-of-life

February 10, 2025

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:victim_of_lifeLink to Submitters Profile:https://hackerone.com/victim_of_life Report Title:Improper Cache Handling Allows Access to Post-Logout...

HackerOne Bug Bounty Disclosure: clickjacking-in-main-domain-hxxps-topechelon-com-genz

February 10, 2025

Company Name: Top Echelon Software Company HackerOne URL: https://hackerone.com/top_echelon_software Submitted By:genz-1Link to Submitters Profile:https://hackerone.com/genz-1 Report Title:Clickjacking in main domain hXXps://topecheloncom/Report...

HackerOne Bug Bounty Disclosure: cve-django-potential-sql-injection-in-haskey-lhs-rhs-on-oracle-scyoon

February 7, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:scyoonLink to Submitters Profile:https://hackerone.com/scyoon Report Title:CVE-2024-53908: Django Potential SQL injection...

HackerOne Bug Bounty Disclosure: cve-netrc-and-default-credential-leak-sherlock

February 7, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:sherlock2010Link to Submitters Profile:https://hackerone.com/sherlock2010 Report Title:CVE-2025-0167: netrc and default credential leakReport Link:https://hackerone.com/reports/2917232Date...

HackerOne Bug Bounty Disclosure: error-page-content-spoofing-or-text-injection-mcblockchamp

February 7, 2025

Company Name: XVIDEOS Company HackerOne URL: https://hackerone.com/xvideos Submitted By:mcblockchampLink to Submitters Profile:https://hackerone.com/mcblockchamp Report Title:Error Page Content Spoofing or Text InjectionReport...

HackerOne Bug Bounty Disclosure: cve-eventfd-double-close-ankomcoper

February 7, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:ankomcoperLink to Submitters Profile:https://hackerone.com/ankomcoper Report Title:CVE-2025-0665: eventfd double closeReport Link:https://hackerone.com/reports/2954286Date Submitted:07 February...

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-style-and-math-mokusou

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:mokusouLink to Submitters Profile:https://hackerone.com/mokusou Report Title: ActionView sanitize helper bypass...

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-noscript-taise

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:taiseLink to Submitters Profile:https://hackerone.com/taise Report Title:ActionView sanitize helper bypass with...

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-math-related-tags-mokusou

February 6, 2025

HackerOne Bug Bounty Disclosure: goaway-http-frames-cause-memory-leak-outside-heap-newtmitch

February 6, 2025

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:newtmitchLink to Submitters Profile:https://hackerone.com/newtmitch Report Title:GOAWAY HTTP/2 frames cause memory leak outside...

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-mokusou

February 6, 2025

HackerOne Bug Bounty Disclosure: -cve-possible-content-security-policy-bypass-in-action-dispatch-ryotak

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:ryotakLink to Submitters Profile:https://hackerone.com/ryotak Report Title: Possible Content Security Policy...

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-ipv-validation–xsaravana

February 6, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:0xsaravanaLink to Submitters Profile:https://hackerone.com/0xsaravana Report Title:CVE-2024-56374 Potential denial-of-service in IPv6...

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-and-svg-tags-taise

February 6, 2025

HackerOne Bug Bounty Disclosure: xss-on-using-the-legacy-graphie-to-png-api-sikn

February 6, 2025

Company Name: Khan Academy Company HackerOne URL: https://hackerone.com/khanacademy Submitted By:siknLink to Submitters Profile:https://hackerone.com/sikn Report Title:XSS on using the legacy "Graphie...

HackerOne Bug Bounty Disclosure: open-redirect-p-anand

February 6, 2025

Company Name: XVIDEOS Company HackerOne URL: https://hackerone.com/xvideos Submitted By:p_anand1234Link to Submitters Profile:https://hackerone.com/p_anand1234 Report Title:Open redirectReport Link:https://hackerone.com/reports/2957962Date Submitted:06 February 2025 A...

HackerOne Bug Bounty Disclosure: weak-credentials-found-in-jenkins-endpoint-sweetheart

February 5, 2025

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:sweetheart1337_Link to Submitters Profile:https://hackerone.com/sweetheart1337_ Report Title:Weak credentials found in Jenkins endpointReport Link:https://hackerone.com/reports/2954547Date...

HackerOne Bug Bounty Disclosure: cve-gzip-integer-overflow-z

February 5, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:z2_Link to Submitters Profile:https://hackerone.com/z2_ Report Title:CVE-2025-0725: gzip integer overflowReport Link:https://hackerone.com/reports/2956023Date Submitted:05 February...

HackerOne Bug Bounty Disclosure: there-is-a-post-based-csrf-issue-over-ibm-endpoint-leading-to-modification-of-contact-information-youssifs

February 4, 2025

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:youssifs7Link to Submitters Profile:https://hackerone.com/youssifs7 Report Title:There is a POST based CSRF issue...

HackerOne Bug Bounty Disclosure: action-text-xss-rails-x-ooooooo-q

February 4, 2025

Company Name: Ruby on Rails Company HackerOne URL: https://hackerone.com/rails Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:Action Text XSS (Rails 71x)Report...

HackerOne Bug Bounty Disclosure: open-redirection-effects-autodiscover-rockstargames-com-osama-hamad

February 3, 2025

Company Name: Rockstar Games Company HackerOne URL: https://hackerone.com/rockstargames Submitted By:osama-hamadLink to Submitters Profile:https://hackerone.com/osama-hamad Report Title:Open Redirection effects autodiscoverrockstargamescomReport Link:https://hackerone.com/reports/1269332Date Submitted:03...

HackerOne Bug Bounty Disclosure: broken-access-control-horizontal-privilege-escalation-aliyueka

January 31, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:aliyuekaLink to Submitters Profile:https://hackerone.com/aliyueka Report Title:Broken Access Control(Horizontal Privilege Escalation)Report Link:https://hackerone.com/reports/2319586Date...

Bug Bounty

HackerOne Bug Bounty Disclosure: idor-vulnerability-allowing-unauthorized-profile-picture-change-tasin-zucced

HackerOne Bug Bounty Disclosure: wordpress-users-disclosure-karimtantawy

HackerOne Bug Bounty Disclosure: improper-cache-handling-allows-access-to-post-logout-pages-victim-of-life

HackerOne Bug Bounty Disclosure: clickjacking-in-main-domain-hxxps-topechelon-com-genz

HackerOne Bug Bounty Disclosure: cve-django-potential-sql-injection-in-haskey-lhs-rhs-on-oracle-scyoon

HackerOne Bug Bounty Disclosure: cve-netrc-and-default-credential-leak-sherlock

HackerOne Bug Bounty Disclosure: error-page-content-spoofing-or-text-injection-mcblockchamp

HackerOne Bug Bounty Disclosure: cve-eventfd-double-close-ankomcoper

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-style-and-math-mokusou

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-noscript-taise

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-math-related-tags-mokusou

HackerOne Bug Bounty Disclosure: goaway-http-frames-cause-memory-leak-outside-heap-newtmitch

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-mokusou

HackerOne Bug Bounty Disclosure: -cve-possible-content-security-policy-bypass-in-action-dispatch-ryotak

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-ipv-validation–xsaravana

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-and-svg-tags-taise

HackerOne Bug Bounty Disclosure: xss-on-using-the-legacy-graphie-to-png-api-sikn

HackerOne Bug Bounty Disclosure: open-redirect-p-anand

HackerOne Bug Bounty Disclosure: weak-credentials-found-in-jenkins-endpoint-sweetheart

HackerOne Bug Bounty Disclosure: cve-gzip-integer-overflow-z

HackerOne Bug Bounty Disclosure: there-is-a-post-based-csrf-issue-over-ibm-endpoint-leading-to-modification-of-contact-information-youssifs

HackerOne Bug Bounty Disclosure: action-text-xss-rails-x-ooooooo-q

HackerOne Bug Bounty Disclosure: open-redirection-effects-autodiscover-rockstargames-com-osama-hamad

HackerOne Bug Bounty Disclosure: broken-access-control-horizontal-privilege-escalation-aliyueka

CVE Alert: CVE-2025-2070

CVE Alert: CVE-2025-2068

CVE Alert: CVE-2025-25775

CVE Alert: CVE-2025-2069

CVE Alert: CVE-2025-3928

You may have missed