Bug Bounty

Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P3 – RXSS at `https://skyview.gsfc.nasa.gov/current/cgi/vo/sia.pl` – GxbNt

June 24, 2025

RXSS at `https://skyview.gsfc.nasa.gov/current/cgi/vo/sia.pl` RXSS at `https://skyview.gsfc.nasa.gov/current/cgi/vo/sia.pl` Researcher: GxbNt Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...

Read MoreRead more about BugCrowd Bug Bounty Disclosure: P3 – RXSS at `https://skyview.gsfc.nasa.gov/current/cgi/vo/sia.pl` – GxbNt
hackerone

HackerOne Bug Bounty Disclosure: idor-vulnerability-at-addtagtoassets-operation-name-root-geek

June 8, 2025

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:root_geek280Link to Submitters Profile:https://hackerone.com/root_geek280 Report Title:IDOR Vulnerability at AddTagToAssets operation nameReport Link:https://hackerone.com/reports/2633771Date...

Read MoreRead more about HackerOne Bug Bounty Disclosure: idor-vulnerability-at-addtagtoassets-operation-name-root-geek
hackerone

HackerOne Bug Bounty Disclosure: returnurl-allow-attacker-to-redirect-users-to-the-another-phising-website-and-takeover-credientials-basant-x

June 4, 2025

Company Name: Insightly Company HackerOne URL: https://hackerone.com/insightly Submitted By:basant0x01Link to Submitters Profile:https://hackerone.com/basant0x01 Report Title:returnUrl= allow attacker to redirect users to...

Read MoreRead more about HackerOne Bug Bounty Disclosure: returnurl-allow-attacker-to-redirect-users-to-the-another-phising-website-and-takeover-credientials-basant-x
hackerone

HackerOne Bug Bounty Disclosure: idor-account-deletion-via-session-misbinding-attacker-can-delete-victim-account-z-phyrus

June 3, 2025

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:z3phyrusLink to Submitters Profile:https://hackerone.com/z3phyrus Report Title:IDOR: Account Deletion via Session Misbinding Attacker...

Read MoreRead more about HackerOne Bug Bounty Disclosure: idor-account-deletion-via-session-misbinding-attacker-can-delete-victim-account-z-phyrus
hackerone

HackerOne Bug Bounty Disclosure: public-github-repositories-for-multiple-hackerone-managed-triage-team-profiles-contain-private-hackerone-reports-information-w-w

May 31, 2025

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:w2wLink to Submitters Profile:https://hackerone.com/w2w Report Title:Public GitHub repositories for multiple HackerOne managed...

Read MoreRead more about HackerOne Bug Bounty Disclosure: public-github-repositories-for-multiple-hackerone-managed-triage-team-profiles-contain-private-hackerone-reports-information-w-w
hackerone

HackerOne Bug Bounty Disclosure: information-disclosure-of-metrics-fax-wavecell-com-metrics-kauenavarro

May 30, 2025

Company Name: 8x8 Bounty Company HackerOne URL: https://hackerone.com/8x8-bounty Submitted By:kauenavarroLink to Submitters Profile:https://hackerone.com/kauenavarro Report Title:Information Disclosure of metrics faxwavecellcom/metricsReport Link:https://hackerone.com/reports/1365076Date...

Read MoreRead more about HackerOne Bug Bounty Disclosure: information-disclosure-of-metrics-fax-wavecell-com-metrics-kauenavarro
hackerone

HackerOne Bug Bounty Disclosure: facebook-username-takeover-via-broken-link-in-footer-vulnerability-is-here

May 30, 2025

Company Name: Omise Company HackerOne URL: https://hackerone.com/omise Submitted By:vulnerability_is_hereLink to Submitters Profile:https://hackerone.com/vulnerability_is_here Report Title:Facebook Username Takeover via Broken Link in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: facebook-username-takeover-via-broken-link-in-footer-vulnerability-is-here
hackerone

HackerOne Bug Bounty Disclosure: apache-airflow-fab-provider-application-does-not-invalidate-session-after-password-change-via-airflow-cli-saurabhb

May 29, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:saurabhbLink to Submitters Profile:https://hackerone.com/saurabhb Report Title:Apache Airflow Fab Provider: Application...

Read MoreRead more about HackerOne Bug Bounty Disclosure: apache-airflow-fab-provider-application-does-not-invalidate-session-after-password-change-via-airflow-cli-saurabhb
hackerone

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-global-accelerator-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the Global...

Read MoreRead more about HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-global-accelerator-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-health-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the Health...

Read MoreRead more about HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-health-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: amazon-pinpoint-sms-and-voice-version-service-reporting-aws-internal-for-cloudtrail-events-generated-from-fips-endpoints-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Amazon Pinpoint SMS and Voice, version...

Read MoreRead more about HackerOne Bug Bounty Disclosure: amazon-pinpoint-sms-and-voice-version-service-reporting-aws-internal-for-cloudtrail-events-generated-from-fips-endpoints-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: non-production-api-endpoint-for-the-eventbridge-service-fails-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoint for the EventBridge...

Read MoreRead more about HackerOne Bug Bounty Disclosure: non-production-api-endpoint-for-the-eventbridge-service-fails-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: amazon-kendra-intelligent-ranking-service-reporting-aws-internal-for-cloudtrail-events-generated-from-fips-endpoints-nick-frichette-dd

May 28, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Amazon Kendra Intelligent Ranking Service Reporting...

Read MoreRead more about HackerOne Bug Bounty Disclosure: amazon-kendra-intelligent-ranking-service-reporting-aws-internal-for-cloudtrail-events-generated-from-fips-endpoints-nick-frichette-dd

You may have missed

image

CVE Alert: CVE-2025-12399 – alexreservations – Alex Reservations: Smart Restaurant Booking

November 8, 2025
image

CVE Alert: CVE-2025-12099 – academylms – Academy LMS – WordPress LMS Plugin for Complete eLearning Solution

November 8, 2025
image

CVE Alert: CVE-2025-9334 – codesolz – Better Find and Replace – AI-Powered Suggestions

November 8, 2025
image

CVE Alert: CVE-2025-11967 – getwpfunnels – Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more

November 8, 2025
image

[DRAGONFORCE] – Ransomware Victim: DCS TECHNOLOGIES INC[.]

November 8, 2025