Company Name: Malwarebytes Company HackerOne URL: https://hackerone.com/malwarebytes Submitted By:mantu1738Link to Submitters Profile:https://hackerone.com/mantu1738 Report Title:Replayable Password Change Request Across SessionsReport Link:https://hackerone.com/reports/3269777Date...
Company Name: Malwarebytes Company HackerOne URL: https://hackerone.com/malwarebytes Submitted By:tarun_secLink to Submitters Profile:https://hackerone.com/tarun_sec Report Title:Rails Debug Mode Enabled On ( hXXps://44208145207/testrail/filesmd5...
Company Name: 8x8 Bounty Company HackerOne URL: https://hackerone.com/8x8-bounty Submitted By:abdallasamir12Link to Submitters Profile:https://hackerone.com/abdallasamir12 Report Title:8x8vc/indexjs: Exposed Google Maps API Key...
Company Name: Shopify Company HackerOne URL: https://hackerone.com/shopify Submitted By:saltymermaidLink to Submitters Profile:https://hackerone.com/saltymermaid Report Title:URL Path Manipulation Enables Cache Poisoning of...
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:ricardojoserfLink to Submitters Profile:https://hackerone.com/ricardojoserf Report Title:Remote Code Execution in Amazon MWAA...
Unauthenticated metadata disclosure of protected NASA flight reports and mission schedules via /ajax/activity Unauthenticated metadata disclosure of protected NASA flight...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:spectre-1Link to Submitters Profile:https://hackerone.com/spectre-1 Report Title:Exposure of Hard-coded Private Keys and Credentials...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:spectre-1Link to Submitters Profile:https://hackerone.com/spectre-1 Report Title:Unsafe Global IFS Modification in OS400 Shell...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:spectre-1Link to Submitters Profile:https://hackerone.com/spectre-1 Report Title:Insecure WebSocket Usage in curl Documentation and...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:ks_karem77Link to Submitters Profile:https://hackerone.com/ks_karem77 Report Title:Account/Repository Takeover via Abandoned GitHub Username in...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:geeknikLink to Submitters Profile:https://hackerone.com/geeknik Report Title:Heap Buffer Overflow in Curl_memdup0() via CURLOPT_COPYPOSTFIELDS/CURLOPT_POSTFIELDSIZE...
Critical Identity and Communication Data Exposed in Unprotected NASA Hangar Demolition Doc Vulnerability Critical Identity and Communication Data Exposed in...
Company Name: Nintendo Company HackerOne URL: https://hackerone.com/nintendo Submitted By:kinnayLink to Submitters Profile:https://hackerone.com/kinnay Report Title:Man-in-the-middle through broken SSL certificate verificationReport Link:https://hackerone.com/reports/3174987Date...
Authentication Bypass + exposure of PII + reflected XSS Authentication Bypass + exposure of PII + reflected XSS Researcher: snillx...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:letshack9707Link to Submitters Profile:https://hackerone.com/letshack9707 Report Title:Use After Free (that leads to arbitrary...
Company Name: WakaTime Company HackerOne URL: https://hackerone.com/wakatime Submitted By:ctrl_cipherLink to Submitters Profile:https://hackerone.com/ctrl_cipher Report Title:Unauthorized Disclosure of Private Emails via WakaTime...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:kakorrhaphiophobiaLink to Submitters Profile:https://hackerone.com/kakorrhaphiophobia Report Title:Integer Overflow in schannelc TLS Data TransmissionReport...
Cross Site Scripting Cross Site Scripting Researcher: ChrisRanaMagar Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
self cross site scripting self cross site scripting Researcher: bugcrowd_staff Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure...
Self Reflected XSS on target.nasa.gov via unescaped user input in field Self Reflected XSS on target.nasa.gov via unescaped user input...
Graphql API exposes all groups and goups users leaking internal stucture, full names and emails Graphql API exposes all groups...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:geeknikLink to Submitters Profile:https://hackerone.com/geeknik Report Title:Stack use-after-scope in HTTP/3 POST request processing...
Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:treinLink to Submitters Profile:https://hackerone.com/trein Report Title:Mozilla VPN Clients: RCE via file write...
Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:yoyomiskiLink to Submitters Profile:https://hackerone.com/yoyomiski Report Title:Bypass "No Links" Restriction in Biography via...
