bug bounty

HackerOne Bug Bounty Disclosure: idor-leads-to-pii-leak-prakhar-x

July 19, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:prakhar0x01Link to Submitters Profile:https://hackerone.com/prakhar0x01 Report Title:IDOR leads to PII...

HackerOne Bug Bounty Disclosure: authentication-bypass-on-hxxps-bulldawg

July 19, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:bulldawgLink to Submitters Profile:https://hackerone.com/bulldawg Report Title:Authentication Bypass on hXXps:///Report...

HackerOne Bug Bounty Disclosure: xss-in-ibm-infocenter-redyetihacks

July 17, 2024

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:redyetihacksLink to Submitters Profile:https://hackerone.com/redyetihacks Report Title:XSS in IBM InfoCenterReport Link:https://hackerone.com/reports/2343548Date Submitted:17 July...

HackerOne Bug Bounty Disclosure: permission-model-improperly-processes-unc-paths-tniessen

July 15, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:tniessenLink to Submitters Profile:https://hackerone.com/tniessen Report Title:Permission model improperly processes UNC pathsReport Link:https://hackerone.com/reports/2079103Date...

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-http-response-splitting-cve-orange

July 13, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:orangeLink to Submitters Profile:https://hackerone.com/orange Report Title:moderate: Apache HTTP Server: HTTP...

HackerOne Bug Bounty Disclosure: account-takeover-via-authentication-bypass-in-tiktok-account-recovery-xtt-k

July 13, 2024

Company Name: TikTok Company HackerOne URL: https://hackerone.com/tiktok Submitted By:xtt0kLink to Submitters Profile:https://hackerone.com/xtt0k Report Title:Account Takeover via Authentication Bypass in TikTok...

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-proxy-encoding-problem-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-with-encoded-question-marks-in-backreferences-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-may-use-exploitable-malicious-backend-application-output-to-run-local-handlers-via-internal-redirect-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-in-mod-rewrite-when-first-segment-of-substitution-matches-filesystem-path-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-crash-resulting-in-denial-of-service-in-mod-proxy-via-a-malicious-request-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: important-apache-http-server-on-windows-unc-ssrf-cve-orange

July 13, 2024

HackerOne Bug Bounty Disclosure: file-sizes-may-be-manipulated-into-negative-numbers-when-uploading-yinmo

July 10, 2024

Company Name: LY Corporation Company HackerOne URL: https://hackerone.com/line Submitted By:yinmoLink to Submitters Profile:https://hackerone.com/yinmo Report Title:File sizes may be manipulated into...

HackerOne Bug Bounty Disclosure: xss-on-line-careers-nightm-re

July 10, 2024

Company Name: LY Corporation Company HackerOne URL: https://hackerone.com/line Submitted By:nightm4reLink to Submitters Profile:https://hackerone.com/nightm4re Report Title:XSS on LINE CAREERSReport Link:https://hackerone.com/reports/2403554Date Submitted:10...

HackerOne Bug Bounty Disclosure: fs-lstat-bypasses-permission-model-haxatron

July 9, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:haxatron1Link to Submitters Profile:https://hackerone.com/haxatron1 Report Title:fslstat bypasses permission modelReport Link:https://hackerone.com/reports/2145862Date Submitted:09 July...

HackerOne Bug Bounty Disclosure: path-traversal-in-deeplink-query-parameter-can-expose-any-user-s-private-info-to-a-public-directory-one-click-fr-via

July 9, 2024

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:fr4viaLink to Submitters Profile:https://hackerone.com/fr4via Report Title:Path traversal in deeplink query parameter can...

HackerOne Bug Bounty Disclosure: fs-fchown-fchmod-bypasses-permission-model–xpl-r-r

July 9, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:4xpl0r3rLink to Submitters Profile:https://hackerone.com/4xpl0r3r Report Title:fsfchown/fchmod bypasses permission modelReport Link:https://hackerone.com/reports/2472071Date Submitted:09 July...

HackerOne Bug Bounty Disclosure: navgraph-confusion-allows-any-p-app-to-send-and-read-requests-from-the-server-at-app-hey-com-fr-via

July 9, 2024

HackerOne Bug Bounty Disclosure: bypass-incomplete-fix-of-cve-tianst

July 9, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:tianstLink to Submitters Profile:https://hackerone.com/tianst Report Title:Bypass incomplete fix of CVE-2024-27980Report Link:https://hackerone.com/reports/2461831Date Submitted:09...

HackerOne Bug Bounty Disclosure: idor-may-allow-access-to-non-public-photos–xcyborg

July 6, 2024

Company Name: Flickr Company HackerOne URL: https://hackerone.com/flickr Submitted By:0xcyborgLink to Submitters Profile:https://hackerone.com/0xcyborg Report Title:IDOR may allow access to non-public photosReport...

HackerOne Bug Bounty Disclosure: incorrect-deep-link-validation-leading-to-unresponsive-application-and-device-fr-via

July 6, 2024

Company Name: Flickr Company HackerOne URL: https://hackerone.com/flickr Submitted By:fr4viaLink to Submitters Profile:https://hackerone.com/fr4via Report Title:Incorrect Deep-link validation leading to unresponsive application...

HackerOne Bug Bounty Disclosure: cve-apache-tomcat-dos-vulnerability-in-http-connector-devme-f

July 5, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:devme4fLink to Submitters Profile:https://hackerone.com/devme4f Report Title:CVE-2024-34750 Apache Tomcat DoS vulnerability...

HackerOne Bug Bounty Disclosure: authentication-registration-bypass-in-newspack-extended-access-xurizaemon

July 5, 2024

Company Name: Automattic Company HackerOne URL: https://hackerone.com/automattic Submitted By:xurizaemon0Link to Submitters Profile:https://hackerone.com/xurizaemon0 Report Title:Authentication & Registration Bypass in Newspack Extended...

HackerOne Bug Bounty Disclosure: rce-by-parsing-rdoc-options-in-rdoc-ooooooo-q

July 3, 2024

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:RCE by parsing `rdoc_options` in RDocReport Link:https://hackerone.com/reports/1187477Date...

bug bounty

HackerOne Bug Bounty Disclosure: idor-leads-to-pii-leak-prakhar-x

HackerOne Bug Bounty Disclosure: authentication-bypass-on-hxxps-bulldawg

HackerOne Bug Bounty Disclosure: xss-in-ibm-infocenter-redyetihacks

HackerOne Bug Bounty Disclosure: permission-model-improperly-processes-unc-paths-tniessen

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-http-response-splitting-cve-orange

HackerOne Bug Bounty Disclosure: account-takeover-via-authentication-bypass-in-tiktok-account-recovery-xtt-k

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-proxy-encoding-problem-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-with-encoded-question-marks-in-backreferences-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-may-use-exploitable-malicious-backend-application-output-to-run-local-handlers-via-internal-redirect-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-weakness-in-mod-rewrite-when-first-segment-of-substitution-matches-filesystem-path-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-crash-resulting-in-denial-of-service-in-mod-proxy-via-a-malicious-request-cve-orange

HackerOne Bug Bounty Disclosure: important-apache-http-server-on-windows-unc-ssrf-cve-orange

HackerOne Bug Bounty Disclosure: file-sizes-may-be-manipulated-into-negative-numbers-when-uploading-yinmo

HackerOne Bug Bounty Disclosure: xss-on-line-careers-nightm-re

HackerOne Bug Bounty Disclosure: fs-lstat-bypasses-permission-model-haxatron

HackerOne Bug Bounty Disclosure: path-traversal-in-deeplink-query-parameter-can-expose-any-user-s-private-info-to-a-public-directory-one-click-fr-via

HackerOne Bug Bounty Disclosure: fs-fchown-fchmod-bypasses-permission-model–xpl-r-r

HackerOne Bug Bounty Disclosure: navgraph-confusion-allows-any-p-app-to-send-and-read-requests-from-the-server-at-app-hey-com-fr-via

HackerOne Bug Bounty Disclosure: bypass-incomplete-fix-of-cve-tianst

HackerOne Bug Bounty Disclosure: idor-may-allow-access-to-non-public-photos–xcyborg

HackerOne Bug Bounty Disclosure: incorrect-deep-link-validation-leading-to-unresponsive-application-and-device-fr-via

HackerOne Bug Bounty Disclosure: cve-apache-tomcat-dos-vulnerability-in-http-connector-devme-f

HackerOne Bug Bounty Disclosure: authentication-registration-bypass-in-newspack-extended-access-xurizaemon

HackerOne Bug Bounty Disclosure: rce-by-parsing-rdoc-options-in-rdoc-ooooooo-q

CVE Alert: CVE-2025-7066

CVE Alert: CVE-2025-52807

CVE Alert: CVE-2025-52813

CVE Alert: CVE-2025-52833

CVE Alert: CVE-2025-6740

You may have missed