Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:kurohiroLink to Submitters Profile:https://hackerone.com/kurohiro Report Title:CVE-2025-4947: QUIC certificate check skip with wolfSSLReport...
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the bedrock-agent...
Company Name: Fastify Company HackerOne URL: https://hackerone.com/fastify Submitted By:oblivionsageLink to Submitters Profile:https://hackerone.com/oblivionsage Report Title:Remote Code Execution via unsafe usage of...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:kurohiroLink to Submitters Profile:https://hackerone.com/kurohiro Report Title:CVE-2025-5025: No QUIC certificate pinning with wolfSSLReport...
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the bedrock...
Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:sav_Link to Submitters Profile:https://hackerone.com/sav_ Report Title:CVE-2024-56374: Denial-of-service vulnerability in IPv6...
Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:nxczjeLink to Submitters Profile:https://hackerone.com/nxczje Report Title:Apache Airflow Sql injection by...
Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:snhebrokLink to Submitters Profile:https://hackerone.com/snhebrok Report Title:TLS client authentication can be...
Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:nacl_123Link to Submitters Profile:https://hackerone.com/nacl_123 Report Title: CVE-2024-50379 Apache Tomcat -...
Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:jessewilsonLink to Submitters Profile:https://hackerone.com/jessewilson Report Title:WASI sandbox escape via symlinkReport Link:https://hackerone.com/reports/2084280Date Submitted:24...
Company Name: Monero Company HackerOne URL: https://hackerone.com/monero Submitted By:ptrstrLink to Submitters Profile:https://hackerone.com/ptrstr Report Title:RPC service DOSReport Link:https://hackerone.com/reports/2338094Date Submitted:23 May 2025...
Company Name: Monero Company HackerOne URL: https://hackerone.com/monero Submitted By:sech1Link to Submitters Profile:https://hackerone.com/sech1 Report Title:Dynamic fee algorithm doesn't check for zero...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:darkroomdragonLink to Submitters Profile:https://hackerone.com/darkroomdragon Report Title:Memory Leak in libcurl via Location Header...
Unauthenticated Remote Code Execution (CVE-2025-4428) Unauthenticated Remote Code Execution (CVE-2025-4428) Researcher: Ironsoul74 Engagement: Unisys Vulnerability Disclosure Engagement Disclosed at: 2025-05-22T06:59:01Z...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:jmanojlovichLink to Submitters Profile:https://hackerone.com/jmanojlovich Report Title:`Curl_socketpair()` fallback vulnerable to man-in-the-middle attackReport Link:https://hackerone.com/reports/3148937Date...
Host Header Injection on Password-Reset Functionality Causes Unauthorized Redirect to Attacker-Controlled Domain Where a Users Could be Tricked into Entering...
Company Name: Nintendo Company HackerOne URL: https://hackerone.com/nintendo Submitted By:roccodevLink to Submitters Profile:https://hackerone.com/roccodev Report Title: Improper validation of names allows injecting...
Company Name: Nintendo Company HackerOne URL: https://hackerone.com/nintendo Submitted By:roccodevLink to Submitters Profile:https://hackerone.com/roccodev Report Title: Unrestricted RPCs allow DoS and writing...
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nkirk-nrlabsLink to Submitters Profile:https://hackerone.com/nkirk-nrlabs Report Title:Bedrock Guardrails Evasion with Prompt FormattingReport...
Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:justinnietzelLink to Submitters Profile:https://hackerone.com/justinnietzel Report Title:Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo& args) when...
Company Name: Lichess Company HackerOne URL: https://hackerone.com/lichess Submitted By:hajjaj-Link to Submitters Profile:https://hackerone.com/hajjaj- Report Title:Weak Rate Limiting Controls in the (LOGIN)...
Company Name: Lichess Company HackerOne URL: https://hackerone.com/lichess Submitted By:delsec_Link to Submitters Profile:https://hackerone.com/delsec_ Report Title:Open Redirect Vulnerability in OAuth Flow Leading...
Possible Public Exposure of CONFIDENTIAL Document on NASA NTRS Possible Public Exposure of CONFIDENTIAL Document on NASA NTRS Researcher: b1t3x0p...
Exposed Python Script with Hardcoded SFTP Credentials, Internal IPs, and Sensitive Data Access Exposed Python Script with Hardcoded SFTP Credentials,...
