Bug Bounty

HackerOne Bug Bounty Disclosure: leaking-vpn-traffic-through-non-rfc-local-ip-addresses-vanhoefm

November 8, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:vanhoefmLink to Submitters Profile:https://hackerone.com/vanhoefm Report Title:Leaking VPN traffic through non-RFC1918 local IP...

HackerOne Bug Bounty Disclosure: buffer-overflow-in-strcpy-rootgh-st

November 7, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:rootgh0stLink to Submitters Profile:https://hackerone.com/rootgh0st Report Title:Buffer overflow in strcpyReport Link:https://hackerone.com/reports/2823554Date Submitted:07 November...

HackerOne Bug Bounty Disclosure: -potential-xss-vulnerability-in-acronis-login-callback-url-kindone

November 6, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:kindoneLink to Submitters Profile:https://hackerone.com/kindone Report Title: Potential XSS Vulnerability in Acronis Login...

HackerOne Bug Bounty Disclosure: exploitable-format-string-vulnerability-in-curl-mfprintf-function-reterix

November 6, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:reterixLink to Submitters Profile:https://hackerone.com/reterix Report Title:Exploitable Format String Vulnerability in curl_mfprintf FunctionReport...

HackerOne Bug Bounty Disclosure: potential-xss-in-redirect-url-parameter-kindone

November 6, 2024

HackerOne Bug Bounty Disclosure: cve-hsts-subdomain-overwrites-parent-cache-entry-newfunction

November 6, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:newfunctionLink to Submitters Profile:https://hackerone.com/newfunction Report Title:CVE-2024-9681: HSTS subdomain overwrites parent cache entryReport...

HackerOne Bug Bounty Disclosure: open-redirect-via-redirect-to-parameter-in-tumblr-com-shivangmauryaa

November 5, 2024

Company Name: Automattic Company HackerOne URL: https://hackerone.com/automattic Submitted By:shivangmauryaaLink to Submitters Profile:https://hackerone.com/shivangmauryaa Report Title:Open redirect via redirect_to parameter in tumblrcomReport...

HackerOne Bug Bounty Disclosure: overwrite-any-file-of-the-web-server-goedix

November 5, 2024

Company Name: MacTaggart Scott Company HackerOne URL: https://hackerone.com/mactaggart_scott Submitted By:goedixLink to Submitters Profile:https://hackerone.com/goedix Report Title:Overwrite any file of the web...

HackerOne Bug Bounty Disclosure: stored-xss-on-trix-editor-version-thwin-htet

November 4, 2024

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:thwin_htetLink to Submitters Profile:https://hackerone.com/thwin_htet Report Title:Stored XSS on trix editor version 211Report...

HackerOne Bug Bounty Disclosure: social-media-account-takeover-haythem

November 3, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:haythem02Link to Submitters Profile:https://hackerone.com/haythem02 Report Title:Social media account takeover Report Link:https://hackerone.com/reports/2682974Date...

HackerOne Bug Bounty Disclosure: insecure-invitation-link-handling-mous-haxk

October 31, 2024

Company Name: ProductBoard, Inc. Company HackerOne URL: https://hackerone.com/productboard Submitted By:mous_haxkLink to Submitters Profile:https://hackerone.com/mous_haxk Report Title:Insecure Invitation Link HandlingReport Link:https://hackerone.com/reports/2586433Date Submitted:31...

HackerOne Bug Bounty Disclosure: redos-vulnerability-in-http-accept-headers-parsing-dwisiswant

October 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:dwisiswant0Link to Submitters Profile:https://hackerone.com/dwisiswant0 Report Title:ReDoS Vulnerability in HTTP Accept...

HackerOne Bug Bounty Disclosure: bypassing-hackerone-fa-due-to-race-condition-akashhamal-x

October 30, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:akashhamal0x01Link to Submitters Profile:https://hackerone.com/akashhamal0x01 Report Title:Bypassing HackerOne 2FA due to race conditionReport...

HackerOne Bug Bounty Disclosure: -csrf-to-information-disclosure-on-password-cancel-endpoint-hackeriron

October 29, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:hackeriron1Link to Submitters Profile:https://hackerone.com/hackeriron1 Report Title:#2 CSRF to Information disclosure on password...

HackerOne Bug Bounty Disclosure: -ssn-edpi-badlifeguard

October 25, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:badlifeguardLink to Submitters Profile:https://hackerone.com/badlifeguard Report Title: SSN/EDPIReport Link:https://hackerone.com/reports/1541817Date Submitted:25...

HackerOne Bug Bounty Disclosure: unauthenticated-lfi-local-file-inclusion-using-the-symbol-at-the-target-hxxps–xym

October 25, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:0xymLink to Submitters Profile:https://hackerone.com/0xym Report Title:Unauthenticated LFI (Local File...

HackerOne Bug Bounty Disclosure: cve-rce-liferay-portal-unauthenticated-via-hxxps-exploitmsf

October 25, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:exploitmsfLink to Submitters Profile:https://hackerone.com/exploitmsf Report Title:CVE-2020-7961 RCE Liferay Portal...

HackerOne Bug Bounty Disclosure: sql-injection-k-x

October 25, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:k0xLink to Submitters Profile:https://hackerone.com/k0x Report Title:SQL InjectionReport Link:https://hackerone.com/reports/2737595Date Submitted:25...

HackerOne Bug Bounty Disclosure: pull-any-automated-record-brief-badlifeguard

October 25, 2024

HackerOne Bug Bounty Disclosure: lack-of-rate-limiting-in-hxxps-pki-passreset-aspx-leads-to-pii-disclosure-and-potential-account-takeover-hypervis-r

October 25, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:hypervis0rLink to Submitters Profile:https://hackerone.com/hypervis0r Report Title:Lack of rate limiting...

HackerOne Bug Bounty Disclosure: memory-leak-in-bytes-to-hexstring-function-hackergandhi

October 24, 2024

Company Name: Hyperledger Company HackerOne URL: https://hackerone.com/hyperledger Submitted By:hackergandhiLink to Submitters Profile:https://hackerone.com/hackergandhi Report Title:Memory Leak in bytes_to_hexstring FunctionReport Link:https://hackerone.com/reports/2779070Date Submitted:24...

HackerOne Bug Bounty Disclosure: information-disclosure-due-to-exposed-env-file-directory-listing-at-necr-mancer

October 22, 2024

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:necr0mancerLink to Submitters Profile:https://hackerone.com/necr0mancer Report Title:Information Disclosure Due To exposed env...

HackerOne Bug Bounty Disclosure: weak-password-policy-via-directadmin-password-change-functionality-seqode

October 22, 2024

Company Name: Endless Group Company HackerOne URL: https://hackerone.com/endless_group Submitted By:seqodeLink to Submitters Profile:https://hackerone.com/seqode Report Title:Weak Password Policy via DirectAdmin Password...

HackerOne Bug Bounty Disclosure: reflected-xss-mathara

October 21, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:matharaLink to Submitters Profile:https://hackerone.com/mathara Report Title:Reflected - XSSReport Link:https://hackerone.com/reports/1779447Date Submitted:21 October...

Bug Bounty

HackerOne Bug Bounty Disclosure: leaking-vpn-traffic-through-non-rfc-local-ip-addresses-vanhoefm

HackerOne Bug Bounty Disclosure: buffer-overflow-in-strcpy-rootgh-st

HackerOne Bug Bounty Disclosure: -potential-xss-vulnerability-in-acronis-login-callback-url-kindone

HackerOne Bug Bounty Disclosure: exploitable-format-string-vulnerability-in-curl-mfprintf-function-reterix

HackerOne Bug Bounty Disclosure: potential-xss-in-redirect-url-parameter-kindone

HackerOne Bug Bounty Disclosure: cve-hsts-subdomain-overwrites-parent-cache-entry-newfunction

HackerOne Bug Bounty Disclosure: open-redirect-via-redirect-to-parameter-in-tumblr-com-shivangmauryaa

HackerOne Bug Bounty Disclosure: overwrite-any-file-of-the-web-server-goedix

HackerOne Bug Bounty Disclosure: stored-xss-on-trix-editor-version-thwin-htet

HackerOne Bug Bounty Disclosure: social-media-account-takeover-haythem

HackerOne Bug Bounty Disclosure: insecure-invitation-link-handling-mous-haxk

HackerOne Bug Bounty Disclosure: redos-vulnerability-in-http-accept-headers-parsing-dwisiswant

HackerOne Bug Bounty Disclosure: bypassing-hackerone-fa-due-to-race-condition-akashhamal-x

HackerOne Bug Bounty Disclosure: -csrf-to-information-disclosure-on-password-cancel-endpoint-hackeriron

HackerOne Bug Bounty Disclosure: -ssn-edpi-badlifeguard

HackerOne Bug Bounty Disclosure: unauthenticated-lfi-local-file-inclusion-using-the-symbol-at-the-target-hxxps–xym

HackerOne Bug Bounty Disclosure: cve-rce-liferay-portal-unauthenticated-via-hxxps-exploitmsf

HackerOne Bug Bounty Disclosure: sql-injection-k-x

HackerOne Bug Bounty Disclosure: pull-any-automated-record-brief-badlifeguard

HackerOne Bug Bounty Disclosure: lack-of-rate-limiting-in-hxxps-pki-passreset-aspx-leads-to-pii-disclosure-and-potential-account-takeover-hypervis-r

HackerOne Bug Bounty Disclosure: memory-leak-in-bytes-to-hexstring-function-hackergandhi

HackerOne Bug Bounty Disclosure: information-disclosure-due-to-exposed-env-file-directory-listing-at-necr-mancer

HackerOne Bug Bounty Disclosure: weak-password-policy-via-directadmin-password-change-functionality-seqode

HackerOne Bug Bounty Disclosure: reflected-xss-mathara

CVE Alert: CVE-2025-3867

CVE Alert: CVE-2025-46617

CVE Alert: CVE-2025-46616

CVE Alert: CVE-2025-3868

CVE Alert: CVE-2025-3866

You may have missed