Company Name: Nintendo Company HackerOne URL: https://hackerone.com/nintendo Submitted By:kinnayLink to Submitters Profile:https://hackerone.com/kinnay Report Title:Man-in-the-middle through broken SSL certificate verificationReport Link:https://hackerone.com/reports/3174987Date...
Authentication Bypass + exposure of PII + reflected XSS Authentication Bypass + exposure of PII + reflected XSS Researcher: snillx...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:letshack9707Link to Submitters Profile:https://hackerone.com/letshack9707 Report Title:Use After Free (that leads to arbitrary...
Company Name: WakaTime Company HackerOne URL: https://hackerone.com/wakatime Submitted By:ctrl_cipherLink to Submitters Profile:https://hackerone.com/ctrl_cipher Report Title:Unauthorized Disclosure of Private Emails via WakaTime...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:kakorrhaphiophobiaLink to Submitters Profile:https://hackerone.com/kakorrhaphiophobia Report Title:Integer Overflow in schannelc TLS Data TransmissionReport...
Self Reflected XSS on target.nasa.gov via unescaped user input in field Self Reflected XSS on target.nasa.gov via unescaped user input...
Graphql API exposes all groups and goups users leaking internal stucture, full names and emails Graphql API exposes all groups...
Cross Site Scripting Cross Site Scripting Researcher: ChrisRanaMagar Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
self cross site scripting self cross site scripting Researcher: bugcrowd_staff Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:geeknikLink to Submitters Profile:https://hackerone.com/geeknik Report Title:Stack use-after-scope in HTTP/3 POST request processing...
Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:treinLink to Submitters Profile:https://hackerone.com/trein Report Title:Mozilla VPN Clients: RCE via file write...
Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:yoyomiskiLink to Submitters Profile:https://hackerone.com/yoyomiski Report Title:Bypass "No Links" Restriction in Biography via...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:cyph3r_nitroLink to Submitters Profile:https://hackerone.com/cyph3r_nitro Report Title:Vulnerability Report: Public Exposure of Security Audit...
Account Takeover via Password Reset Token and Insecure Email Change Handling Account Takeover via Password Reset Token and Insecure Email...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:ejejohnLink to Submitters Profile:https://hackerone.com/ejejohn Report Title:Security check upReport Link:https://hackerone.com/reports/3269761Date Submitted:24 July 2025...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:catenacyberLink to Submitters Profile:https://hackerone.com/catenacyber Report Title:Use after free (or assert triggered) with...
Company Name: GitLab Company HackerOne URL: https://hackerone.com/gitlab Submitted By:timothyleungLink to Submitters Profile:https://hackerone.com/timothyleung Report Title:Mint Oauth2 access token for targeted userReport...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:nyymiLink to Submitters Profile:https://hackerone.com/nyymi Report Title:GnuTLS CURLINFO_TLS_SESSION / CURLINFO_TLS_SSL_PTR type confusionReport Link:https://hackerone.com/reports/3261248Date...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:lyb_unaffiliatedLink to Submitters Profile:https://hackerone.com/lyb_unaffiliated Report Title:on the implications of permitting procedural cullingReport...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:cmeister2Link to Submitters Profile:https://hackerone.com/cmeister2 Report Title:curl ASSERTs when accessing an LDAP URLReport...
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:muhammad_kasimLink to Submitters Profile:https://hackerone.com/muhammad_kasim Report Title:XSS on Amazon Aquisition: elementalReport Link:https://hackerone.com/reports/3205667Date...
CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. Researcher: Renatto Engagement: National Aeronautics and Space Administration (NASA) -...
HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory...
Company Name: 1Password - Enterprise Password Manager Company HackerOne URL: https://hackerone.com/1password Submitted By:sudosu001Link to Submitters Profile:https://hackerone.com/sudosu001 Report Title:API Key Exposed...
