Bug Bounty

Bug Bounty

BugCrowd Bug Bounty Disclosure: – XSS via file name – https://sms.indeed.com/signup/signage-details/ – By CGuillaume

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Asana Desktop Application Includes Personal Access Token – By lauritz

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Email HTML Injection at https://baito.indeed.com – By danibhai

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Reflected XSS in https://www.indeed.com/career-advice/ – By cr00k

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Publisher owner doesn’t able to delete low privilege user – By AlWaYsHuNt

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – xss – By Ramesh_Kumar

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – No DMARC Record Found – By sujan_shetty

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Xss in resume – By Saidul_islam

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Cleartext submission of password on http://insights.indeed.tech/users/sign_in – By dirty0124

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Dangerous RTLO Injection – By nt3c

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – RTLO Injection leads to URi Spoofing – By nt3c

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Stored-xss is working – By agnihackers123

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – XSS – By shahzeenkhan00

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Backend Stock access which can be accessed to the admin – By KennY-S

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – HTML Injection in email when deactivate a user – By mega7

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – HTML Injection in meeting owner email – By mega7

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Critical Local File Read in Electron Desktop App – By Renwa

August 24, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

HackerOne Bug Bounty Disclosure: blind-ssrf-external-interaction-on-https://mtngbissau-com/byerror201

August 21, 2022

Programme HackerOne MTN Group MTN Group Submitted by error201 error201 Report Blind SSRF External Interaction on https://mtngbissau.com/ Full Report A...

HackerOne Bug Bounty Disclosure: rpc-call-crashes-nodebyxfang

August 20, 2022

Programme HackerOne Monero Monero Submitted by xfang xfang Report RPC call crashes node Full Report A considerable amount of time...

HackerOne Bug Bounty Disclosure: stored-xss-on-tiktok-adsbysinayeganeh

August 19, 2022

Programme HackerOne TikTok TikTok Submitted by sinayeganeh sinayeganeh Report Stored XSS on TikTok Ads Full Report A considerable amount of...

HackerOne Bug Bounty Disclosure: cross-site-scripting-vulnerability-in-fabric-sdk-py-source-codebybhaskar_ram

August 17, 2022

Programme HackerOne Hyperledger Hyperledger Submitted by bhaskar_ram bhaskar_ram Report Cross Site Scripting Vulnerability in fabric-sdk-py source code Full Report A...

Bug Bounty

BugCrowd Bug Bounty Disclosure: P1 – Critical Local File Read in Electron Desktop App – By Renwa

August 17, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

HackerOne Bug Bounty Disclosure: idor-allowing-to-read-another-user’s-token-on-the-social-media-ads-servicebya_d_a_m

August 16, 2022

Programme HackerOne Semrush Semrush Submitted by a_d_a_m a_d_a_m Report IDOR allowing to read another user's token on the Social Media...

HackerOne Bug Bounty Disclosure: reflected-xss-at-https://stories-showmax-com/wp-content/themes/theme-internal_ss/blocks/ajax/a-php-via-`ss_country_filter`-parambymiron666

August 12, 2022

Programme HackerOne Showmax Showmax Submitted by miron666 miron666 Report Reflected XSS at https://stories.showmax.com/wp-content/themes/theme-internal_ss/blocks/ajax/a.php via `ss_country_filter` param Full Report A considerable...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – XSS via file name – https://sms.indeed.com/signup/signage-details/ – By CGuillaume

BugCrowd Bug Bounty Disclosure: – Asana Desktop Application Includes Personal Access Token – By lauritz

BugCrowd Bug Bounty Disclosure: – Email HTML Injection at https://baito.indeed.com – By danibhai

BugCrowd Bug Bounty Disclosure: – Reflected XSS in https://www.indeed.com/career-advice/ – By cr00k

BugCrowd Bug Bounty Disclosure: – Publisher owner doesn’t able to delete low privilege user – By AlWaYsHuNt

BugCrowd Bug Bounty Disclosure: – xss – By Ramesh_Kumar

BugCrowd Bug Bounty Disclosure: – No DMARC Record Found – By sujan_shetty

BugCrowd Bug Bounty Disclosure: – Xss in resume – By Saidul_islam

BugCrowd Bug Bounty Disclosure: – Cleartext submission of password on http://insights.indeed.tech/users/sign_in – By dirty0124

BugCrowd Bug Bounty Disclosure: – Dangerous RTLO Injection – By nt3c

BugCrowd Bug Bounty Disclosure: – RTLO Injection leads to URi Spoofing – By nt3c

BugCrowd Bug Bounty Disclosure: – Stored-xss is working – By agnihackers123

BugCrowd Bug Bounty Disclosure: – XSS – By shahzeenkhan00

BugCrowd Bug Bounty Disclosure: – Backend Stock access which can be accessed to the admin – By KennY-S

BugCrowd Bug Bounty Disclosure: – HTML Injection in email when deactivate a user – By mega7

BugCrowd Bug Bounty Disclosure: – HTML Injection in meeting owner email – By mega7

BugCrowd Bug Bounty Disclosure: – Critical Local File Read in Electron Desktop App – By Renwa

HackerOne Bug Bounty Disclosure: blind-ssrf-external-interaction-on-https://mtngbissau-com/byerror201

HackerOne Bug Bounty Disclosure: rpc-call-crashes-nodebyxfang

HackerOne Bug Bounty Disclosure: stored-xss-on-tiktok-adsbysinayeganeh

HackerOne Bug Bounty Disclosure: cross-site-scripting-vulnerability-in-fabric-sdk-py-source-codebybhaskar_ram

BugCrowd Bug Bounty Disclosure: P1 – Critical Local File Read in Electron Desktop App – By Renwa

HackerOne Bug Bounty Disclosure: idor-allowing-to-read-another-user’s-token-on-the-social-media-ads-servicebya_d_a_m

HackerOne Bug Bounty Disclosure: reflected-xss-at-https://stories-showmax-com/wp-content/themes/theme-internal_ss/blocks/ajax/a-php-via-`ss_country_filter`-parambymiron666

CVE Alert: CVE-2025-20274

CVE Alert: CVE-2025-20284

CVE Alert: CVE-2025-20285

CVE Alert: CVE-2025-20337

CVE Alert: CVE-2025-20288

You may have missed