bug bounty

hackerone

HackerOne Bug Bounty Disclosure: default-admin-account-lead-to-full-access-control-at-hxxps-desk-demo-fareharbor-engineering-tuantv

July 3, 2024

Company Name: Booking.com Company HackerOne URL: https://hackerone.com/bookingcom Submitted By:tuantv89Link to Submitters Profile:https://hackerone.com/tuantv89 Report Title:Default Admin Account lead to full access...

Read MoreRead more about HackerOne Bug Bounty Disclosure: default-admin-account-lead-to-full-access-control-at-hxxps-desk-demo-fareharbor-engineering-tuantv
hackerone

HackerOne Bug Bounty Disclosure: unlimited-fake-rate-to-the-passenger-in-city-to-city-affected-endpoint-api-v-reviews-ride-id-driver-bugsv

July 2, 2024

Company Name: inDrive Company HackerOne URL: https://hackerone.com/indrive Submitted By:bugsv2Link to Submitters Profile:https://hackerone.com/bugsv2 Report Title:Unlimited fake rate to the passenger in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: unlimited-fake-rate-to-the-passenger-in-city-to-city-affected-endpoint-api-v-reviews-ride-id-driver-bugsv
hackerone

HackerOne Bug Bounty Disclosure: account-takeover-arbitrary-file-read-and-deletion-partial-code-execution-intent-redirection-through-com-mercadopago-wallet-splash-splashactivity-fr-via

June 28, 2024

Company Name: MercadoLibre Company HackerOne URL: https://hackerone.com/mercadolibre Submitted By:fr4viaLink to Submitters Profile:https://hackerone.com/fr4via Report Title:Account Takeover / Arbitrary File read and...

Read MoreRead more about HackerOne Bug Bounty Disclosure: account-takeover-arbitrary-file-read-and-deletion-partial-code-execution-intent-redirection-through-com-mercadopago-wallet-splash-splashactivity-fr-via
hackerone

HackerOne Bug Bounty Disclosure: idor-leading-unauthenticated-attacker-to-download-documents-discloses-pii-of-users-and-soldiers-via-hxxps-www-download-aspx-id-htus-berserker

June 27, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:berserker1999Link to Submitters Profile:https://hackerone.com/berserker1999 Report Title:IDOR leading unauthenticated attacker...

Read MoreRead more about HackerOne Bug Bounty Disclosure: idor-leading-unauthenticated-attacker-to-download-documents-discloses-pii-of-users-and-soldiers-via-hxxps-www-download-aspx-id-htus-berserker
hackerone

HackerOne Bug Bounty Disclosure: local-file-disclosure-on-the-hxxps-edu-leads-to-the-full-source-code-disclosure-and-credentials-leak-sp-d-rs

June 27, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:sp1d3rsLink to Submitters Profile:https://hackerone.com/sp1d3rs Report Title:Local File Disclosure on...

Read MoreRead more about HackerOne Bug Bounty Disclosure: local-file-disclosure-on-the-hxxps-edu-leads-to-the-full-source-code-disclosure-and-credentials-leak-sp-d-rs
hackerone

HackerOne Bug Bounty Disclosure: subdomain-takeover-of-ci-support-booking-com-pointing-to-zendesk-jub-bs

June 25, 2024

Company Name: Booking.com Company HackerOne URL: https://hackerone.com/bookingcom Submitted By:jub0bsLink to Submitters Profile:https://hackerone.com/jub0bs Report Title:Subdomain takeover of ci-supportbookingcom (pointing to Zendesk)Report...

Read MoreRead more about HackerOne Bug Bounty Disclosure: subdomain-takeover-of-ci-support-booking-com-pointing-to-zendesk-jub-bs
hackerone

HackerOne Bug Bounty Disclosure: monitoring-prow-canary-k-s-io-is-vulnerable-to-cve-grafana-day-jub-bs

June 25, 2024

Company Name: Kubernetes Company HackerOne URL: https://hackerone.com/kubernetes Submitted By:jub0bsLink to Submitters Profile:https://hackerone.com/jub0bs Report Title:monitoringprow-canaryk8sio is vulnerable to CVE-2022-21703 (Grafana 0-day)Report...

Read MoreRead more about HackerOne Bug Bounty Disclosure: monitoring-prow-canary-k-s-io-is-vulnerable-to-cve-grafana-day-jub-bs
hackerone

HackerOne Bug Bounty Disclosure: cloudflare-cdn-cgi-path-allows-resizing-images-from-unauthorised-sources-on-enjinusercontent-com–whoami

June 19, 2024

Company Name: Enjin Company HackerOne URL: https://hackerone.com/enjin Submitted By:19whoami19Link to Submitters Profile:https://hackerone.com/19whoami19 Report Title:Cloudflare /cdn-cgi/ path allows resizing images from...

Read MoreRead more about HackerOne Bug Bounty Disclosure: cloudflare-cdn-cgi-path-allows-resizing-images-from-unauthorised-sources-on-enjinusercontent-com–whoami
hackerone

HackerOne Bug Bounty Disclosure: -meetup-world-id-oidc-insufficient-filtering-of-state-parameter-in-response-mode-form-post-leads-to-xss-and-ato-lauritz

June 19, 2024

Company Name: Tools for Humanity Company HackerOne URL: https://hackerone.com/toolsforhumanity Submitted By:lauritzLink to Submitters Profile:https://hackerone.com/lauritz Report Title: Insufficient Filtering of "state"...

Read MoreRead more about HackerOne Bug Bounty Disclosure: -meetup-world-id-oidc-insufficient-filtering-of-state-parameter-in-response-mode-form-post-leads-to-xss-and-ato-lauritz
hackerone

HackerOne Bug Bounty Disclosure: -package-name-can-be-set-as-desired-when-submitting-a-pentest-opportunity-form-iam-srpk

June 19, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:iam_srpkLink to Submitters Profile:https://hackerone.com/iam_srpk Report Title:"package_name" can be set as desired when...

Read MoreRead more about HackerOne Bug Bounty Disclosure: -package-name-can-be-set-as-desired-when-submitting-a-pentest-opportunity-form-iam-srpk
hackerone

HackerOne Bug Bounty Disclosure: access-control-vulnerability-enabling-unauthorized-access-to-limited-disclosure-reports-akashhamal-x

June 17, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:akashhamal0x01Link to Submitters Profile:https://hackerone.com/akashhamal0x01 Report Title:Access Control Vulnerability Enabling Unauthorized Access to...

Read MoreRead more about HackerOne Bug Bounty Disclosure: access-control-vulnerability-enabling-unauthorized-access-to-limited-disclosure-reports-akashhamal-x
hackerone

HackerOne Bug Bounty Disclosure: account-deletion-using-the-v-account-destroy-api-endpoint-using-account-password-without-fa-verification-erdy

June 17, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:erdyLink to Submitters Profile:https://hackerone.com/erdy Report Title:Account deletion using the /v1/account/destroy API endpoint...

Read MoreRead more about HackerOne Bug Bounty Disclosure: account-deletion-using-the-v-account-destroy-api-endpoint-using-account-password-without-fa-verification-erdy
hackerone

HackerOne Bug Bounty Disclosure: -spot-check-ability-to-disclose-metadata-about-spot-checks-number-of-hackers-hackers-criteria-via-spotchecksinglequery-nagli

June 11, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:nagliLink to Submitters Profile:https://hackerone.com/nagli Report Title: - Ability to disclose metadata about...

Read MoreRead more about HackerOne Bug Bounty Disclosure: -spot-check-ability-to-disclose-metadata-about-spot-checks-number-of-hackers-hackers-criteria-via-spotchecksinglequery-nagli

You may have missed

image

CVE Alert: CVE-2025-7066

July 5, 2025
image

CVE Alert: CVE-2025-52807

July 5, 2025
image

CVE Alert: CVE-2025-52813

July 5, 2025
image

CVE Alert: CVE-2025-52833

July 5, 2025
image

CVE Alert: CVE-2025-6740

July 5, 2025