Programme HackerOne New Relic New Relic Submitted by sairanga sairanga Report Reflected Cross site Scripting (XSS) on https://one.newrelic.com Full Report A considerable amount of time and effort goes into maintaining…
Programme HackerOne GitLab GitLab Submitted by ledz1996 ledz1996 Report Exposure of a valid Gitlab-Workhorse JWT leading to various bad things Full Report A considerable amount of time and effort goes…
Programme HackerOne UPS VDP UPS VDP Submitted by 3amoura 3amoura Report Reflected XSS on https://wwwapps.ups.com/ctc/request?loc= Full Report A considerable amount of time and effort goes into maintaining this website, creating…
Programme HackerOne Reddit Reddit Submitted by zqyzoid zqyzoid Report Moderators can send messages to users from banned subreddits via `oauth.reddit.com/api/mod/conversations` Full Report A considerable amount of time and effort goes…
Programme HackerOne Nextcloud Nextcloud Submitted by spaceraccoon spaceraccoon Report SMTP Command Injection in iCalendar Attachments to Emails via Newlines Full Report A considerable amount of time and effort goes into…
Programme HackerOne Nextcloud Nextcloud Submitted by rtod rtod Report Federated editing allows iframing possibly malicious remotes Full Report A considerable amount of time and effort goes into maintaining this website,…
Programme HackerOne TikTok TikTok Submitted by aidilarf_2000 aidilarf_2000 Report XSS Payload on TikTok Seller Center endpoint Full Report A considerable amount of time and effort goes into maintaining this website,…
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by bombon bombon Report Bypassing Cache Deception Armor using .avif extension file Full Report
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by mattipv4 mattipv4 Report Sign in with Apple works on existing accounts, bypasses 2FA Full Report
Programme HackerOne curl curl Submitted by nyymi nyymi Report CVE-2022-32206: HTTP compression denial of service Full Report
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by sainaen sainaen Report API docs expose an active token for the sample domain theburritobot.com Full Report
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by mattipv4 mattipv4 Report Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts…
Programme HackerOne curl curl Submitted by chen172 chen172 Report Credential leak when use two url Full Report
Programme HackerOne curl curl Submitted by nyymi nyymi Report CVE-2022-32207: Unpreserved file permissions Full Report
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by albertspedersen albertspedersen Report HTTP request smuggling with Origin Rules using newlines in the host_header action parameter Full Report
Programme HackerOne curl curl Submitted by nyymi nyymi Report CVE-2022-32208: FTP-KRB bad message verification Full Report
Programme HackerOne curl curl Submitted by nyymi nyymi Report CVE-2022-32205: Set-Cookie denial of service Full Report
Programme HackerOne Reddit Reddit Submitted by bisesh bisesh Report Able to approve admin approval and change effective status without adding payment details . Full Report
Programme HackerOne UPS VDP UPS VDP Submitted by 7odamo 7odamo Report Admin Authentication Bypass Lead to Admin Account Takeover Full Report
Programme HackerOne Krisp Krisp Submitted by life__001 life__001 Report Add more seats by paying less via PUT /v2/seats request manipulation Full Report
Programme HackerOne Krisp Krisp Submitted by yassineaboukir yassineaboukir Report Authentication CSRF resulting in unauthorized account access on Krisp app Full Report
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct at the time of posting. Program Program Information asana Program…
Programme HackerOne Reddit Reddit Submitted by marvelmaniac marvelmaniac Report CSRF (protection bypassed) to force a below 18 user into viewing an nsfw subreddit ! Full Report
Programme HackerOne TikTok TikTok Submitted by aidilarf_2000 aidilarf_2000 Report Stored XSS on TikTok Live Form Full Report
