bug bounty

HackerOne Bug Bounty Disclosure: graphql-attribute-batching-dos-can-take-down-pwapi-ex-b-com-alexandrio

June 4, 2024

Company Name: EXNESS Company HackerOne URL: https://hackerone.com/exness Submitted By:alexandrioLink to Submitters Profile:https://hackerone.com/alexandrio Report Title:GraphQL attribute Batching DOS can take down...

HackerOne Bug Bounty Disclosure: idor-to-view-order-information-of-users-and-personal-information-hasn-x

June 2, 2024

Company Name: WakaTime Company HackerOne URL: https://hackerone.com/wakatime Submitted By:hasn0xLink to Submitters Profile:https://hackerone.com/hasn0x Report Title:IDOR to view order information of users...

HackerOne Bug Bounty Disclosure: inadequate-redaction-exposes-sensitive-information-via-the-sharereportviaemail-graphql-endpoint-iambouali

May 24, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:iamboualiLink to Submitters Profile:https://hackerone.com/iambouali Report Title:Inadequate redaction exposes sensitive information via the...

HackerOne Bug Bounty Disclosure: -cve-header-parsing-leads-to-possible-denial-of-service-vulnerability-svalkanov

May 24, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:svalkanovLink to Submitters Profile:https://hackerone.com/svalkanov Report Title: Header Parsing leads to...

HackerOne Bug Bounty Disclosure: a-user-with-only-modify-settings-permmision-could-takeover-any-user-accounts-osama-hamad

May 20, 2024

Company Name: PortSwigger Web Security Company HackerOne URL: https://hackerone.com/portswigger Submitted By:osama-hamadLink to Submitters Profile:https://hackerone.com/osama-hamad Report Title:A user with only permmision...

HackerOne Bug Bounty Disclosure: changing-the-administrator-password-via-admin-console-does-not-invalidate-other-sessions-osama-hamad

May 20, 2024

HackerOne Bug Bounty Disclosure: any-user-could-upload-attachments-to-pentest-scoping-form-they-don-t-have-access-to-hillybot

May 15, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:hillybot__Link to Submitters Profile:https://hackerone.com/hillybot__ Report Title:any user could upload attachments to pentest...

HackerOne Bug Bounty Disclosure: possible-pii-disclosure-via-advanced-vetting-process-darkc-d

May 13, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:darkc0d3Link to Submitters Profile:https://hackerone.com/darkc0d3 Report Title:Possible PII Disclosure via Advanced Vetting Process...

HackerOne Bug Bounty Disclosure: llm-invisible-prompt-injection-hacktus

May 13, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:hacktusLink to Submitters Profile:https://hackerone.com/hacktus Report Title:LLM01: Invisible Prompt InjectionReport Link:https://hackerone.com/reports/2372363Date Submitted:13 May...

HackerOne Bug Bounty Disclosure: member-role-which-doesn-t-have-permission-to-send-message-can-send-by-executing-channel-commands-ramsakal

May 8, 2024

Company Name: Mattermost Company HackerOne URL: https://hackerone.com/mattermost Submitted By:ramsakal7582Link to Submitters Profile:https://hackerone.com/ramsakal7582 Report Title:Member role which doesn't have permission to...

HackerOne Bug Bounty Disclosure: a-member-with-editor-permissions-can-create-an-access-list-that-cannot-be-modified-viewed-or-deleted-mr-asg

May 8, 2024

Company Name: Teleport Company HackerOne URL: https://hackerone.com/teleport Submitted By:mr_asgLink to Submitters Profile:https://hackerone.com/mr_asg Report Title:A member with editor permissions can create...

HackerOne Bug Bounty Disclosure: improper-access-control-financial-fraud-allows-attacker-to-disclose-add-arbitrary-products-to-another-s-user-s-order-doomerhunter

May 8, 2024

Company Name: Shipt Company HackerOne URL: https://hackerone.com/shipt Submitted By:doomerhunterLink to Submitters Profile:https://hackerone.com/doomerhunter Report Title:Improper Access Control + Financial fraud allows...

HackerOne Bug Bounty Disclosure: incorrect-type-conversion-in-interpreting-ipv-mapped-ipv-addresses-and-below-curl-results-in-indeterminate-ssrf-vulnerabilities-z-r-yu

May 8, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:z3r0yuLink to Submitters Profile:https://hackerone.com/z3r0yu Report Title:Incorrect Type Conversion in interpreting IPv4-mapped IPv6...

HackerOne Bug Bounty Disclosure: http-request-smuggling-via-content-length-obfuscation-bpingel

May 3, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:bpingelLink to Submitters Profile:https://hackerone.com/bpingel Report Title:HTTP Request Smuggling via Content Length ObfuscationReport...

HackerOne Bug Bounty Disclosure: mailgun-subdomain-takeover-zacian

May 2, 2024

Company Name: Deriv.com Company HackerOne URL: https://hackerone.com/deriv Submitted By:zacianLink to Submitters Profile:https://hackerone.com/zacian Report Title:Mailgun subdomain takeover Report Link:https://hackerone.com/reports/2270082Date Submitted:02 May...

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-protection-bypass-by-changing-http-method-in-ibm-your-learning-endpoint-suryahss

May 1, 2024

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:suryahssLink to Submitters Profile:https://hackerone.com/suryahss Report Title:Insecure Direct Object Reference Protection bypass by...