Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:sav_Link to Submitters Profile:https://hackerone.com/sav_ Report Title:CVE-2024-56374: Denial-of-service vulnerability in IPv6...
Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:nxczjeLink to Submitters Profile:https://hackerone.com/nxczje Report Title:Apache Airflow Sql injection by...
Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:nacl_123Link to Submitters Profile:https://hackerone.com/nacl_123 Report Title: CVE-2024-50379 Apache Tomcat -...
Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:jessewilsonLink to Submitters Profile:https://hackerone.com/jessewilson Report Title:WASI sandbox escape via symlinkReport Link:https://hackerone.com/reports/2084280Date Submitted:24...
Company Name: Monero Company HackerOne URL: https://hackerone.com/monero Submitted By:ptrstrLink to Submitters Profile:https://hackerone.com/ptrstr Report Title:RPC service DOSReport Link:https://hackerone.com/reports/2338094Date Submitted:23 May 2025...
Company Name: Monero Company HackerOne URL: https://hackerone.com/monero Submitted By:sech1Link to Submitters Profile:https://hackerone.com/sech1 Report Title:Dynamic fee algorithm doesn't check for zero...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:darkroomdragonLink to Submitters Profile:https://hackerone.com/darkroomdragon Report Title:Memory Leak in libcurl via Location Header...
Unauthenticated Remote Code Execution (CVE-2025-4428) Unauthenticated Remote Code Execution (CVE-2025-4428) Researcher: Ironsoul74 Engagement: Unisys Vulnerability Disclosure Engagement Disclosed at: 2025-05-22T06:59:01Z...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:jmanojlovichLink to Submitters Profile:https://hackerone.com/jmanojlovich Report Title:`Curl_socketpair()` fallback vulnerable to man-in-the-middle attackReport Link:https://hackerone.com/reports/3148937Date...
Host Header Injection on Password-Reset Functionality Causes Unauthorized Redirect to Attacker-Controlled Domain Where a Users Could be Tricked into Entering...
Company Name: Nintendo Company HackerOne URL: https://hackerone.com/nintendo Submitted By:roccodevLink to Submitters Profile:https://hackerone.com/roccodev Report Title: Improper validation of names allows injecting...
Company Name: Nintendo Company HackerOne URL: https://hackerone.com/nintendo Submitted By:roccodevLink to Submitters Profile:https://hackerone.com/roccodev Report Title: Unrestricted RPCs allow DoS and writing...
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nkirk-nrlabsLink to Submitters Profile:https://hackerone.com/nkirk-nrlabs Report Title:Bedrock Guardrails Evasion with Prompt FormattingReport...
Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:justinnietzelLink to Submitters Profile:https://hackerone.com/justinnietzel Report Title:Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo& args) when...
Company Name: Lichess Company HackerOne URL: https://hackerone.com/lichess Submitted By:hajjaj-Link to Submitters Profile:https://hackerone.com/hajjaj- Report Title:Weak Rate Limiting Controls in the (LOGIN)...
Company Name: Lichess Company HackerOne URL: https://hackerone.com/lichess Submitted By:delsec_Link to Submitters Profile:https://hackerone.com/delsec_ Report Title:Open Redirect Vulnerability in OAuth Flow Leading...
EXIF Geolocation Data Not Stripped in NASA CDSCC Image - Exposure of Sensitive Location (Canberra Deep Space Communication Complex) EXIF...
Reflected XSS Vulnerability in SEWP Provider Lookup Tool - www.sewp.nasa.gov Reflected XSS Vulnerability in SEWP Provider Lookup Tool - www.sewp.nasa.gov...
Improper Access Control: Authenticated Resource Exposed via Wayback Machine Archive- Nasa sheets& docs Improper Access Control: Authenticated Resource Exposed via...
Possible Public Exposure of CONFIDENTIAL Document on NASA NTRS Possible Public Exposure of CONFIDENTIAL Document on NASA NTRS Researcher: b1t3x0p...
Exposed Python Script with Hardcoded SFTP Credentials, Internal IPs, and Sensitive Data Access Exposed Python Script with Hardcoded SFTP Credentials,...
Stored XSS in NASA ASRS Maintenance Form – Payload Executes on Print Page Stored XSS in NASA ASRS Maintenance Form...
Hardcoded API Key Found in Public NASA GitHub Repository Hardcoded API Key Found in Public NASA GitHub Repository Researcher: Uma_Maheshwar_Ayyala...
Information Disclosure through configuration and various logs Information Disclosure through configuration and various logs Researcher: yashjare Engagement: National Aeronautics and...
