Cross Site Scripting Cross Site Scripting Researcher: ChrisRanaMagar Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
self cross site scripting self cross site scripting Researcher: bugcrowd_staff Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure...
Self Reflected XSS on target.nasa.gov via unescaped user input in field Self Reflected XSS on target.nasa.gov via unescaped user input...
Graphql API exposes all groups and goups users leaking internal stucture, full names and emails Graphql API exposes all groups...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:geeknikLink to Submitters Profile:https://hackerone.com/geeknik Report Title:Stack use-after-scope in HTTP/3 POST request processing...
Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:treinLink to Submitters Profile:https://hackerone.com/trein Report Title:Mozilla VPN Clients: RCE via file write...
Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:yoyomiskiLink to Submitters Profile:https://hackerone.com/yoyomiski Report Title:Bypass "No Links" Restriction in Biography via...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:cyph3r_nitroLink to Submitters Profile:https://hackerone.com/cyph3r_nitro Report Title:Vulnerability Report: Public Exposure of Security Audit...
Account Takeover via Password Reset Token and Insecure Email Change Handling Account Takeover via Password Reset Token and Insecure Email...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:ejejohnLink to Submitters Profile:https://hackerone.com/ejejohn Report Title:Security check upReport Link:https://hackerone.com/reports/3269761Date Submitted:24 July 2025...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:catenacyberLink to Submitters Profile:https://hackerone.com/catenacyber Report Title:Use after free (or assert triggered) with...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:nyymiLink to Submitters Profile:https://hackerone.com/nyymi Report Title:GnuTLS CURLINFO_TLS_SESSION / CURLINFO_TLS_SSL_PTR type confusionReport Link:https://hackerone.com/reports/3261248Date...
Company Name: GitLab Company HackerOne URL: https://hackerone.com/gitlab Submitted By:timothyleungLink to Submitters Profile:https://hackerone.com/timothyleung Report Title:Mint Oauth2 access token for targeted userReport...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:lyb_unaffiliatedLink to Submitters Profile:https://hackerone.com/lyb_unaffiliated Report Title:on the implications of permitting procedural cullingReport...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:cmeister2Link to Submitters Profile:https://hackerone.com/cmeister2 Report Title:curl ASSERTs when accessing an LDAP URLReport...
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:muhammad_kasimLink to Submitters Profile:https://hackerone.com/muhammad_kasim Report Title:XSS on Amazon Aquisition: elementalReport Link:https://hackerone.com/reports/3205667Date...
CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. Researcher: Renatto Engagement: National Aeronautics and Space Administration (NASA) -...
HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory...
Company Name: 1Password - Enterprise Password Manager Company HackerOne URL: https://hackerone.com/1password Submitted By:sudosu001Link to Submitters Profile:https://hackerone.com/sudosu001 Report Title:API Key Exposed...
Company Name: MainWP Company HackerOne URL: https://hackerone.com/mainwp Submitted By:rishail01Link to Submitters Profile:https://hackerone.com/rishail01 Report Title:Reflected XSS in "Create Category" Functionality of...
Company Name: MainWP Company HackerOne URL: https://hackerone.com/mainwp Submitted By:rishail01Link to Submitters Profile:https://hackerone.com/rishail01 Report Title:Stored Cross-Site Scripting (XSS) in "Add Contact"...
Company Name: MainWP Company HackerOne URL: https://hackerone.com/mainwp Submitted By:rishail01Link to Submitters Profile:https://hackerone.com/rishail01 Report Title:Reflected XSS in "Cost Tracker" Notes FieldReport...
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:boy_child_Link to Submitters Profile:https://hackerone.com/boy_child_ Report Title:Account takeover of existing HackerOne accounts through...
Company Name: MainWP Company HackerOne URL: https://hackerone.com/mainwp Submitted By:rishail01Link to Submitters Profile:https://hackerone.com/rishail01 Report Title:Reflected XSS in "Manage Tags" Notes FieldReport...
