bug bounty

HackerOne Bug Bounty Disclosure: information-disclouser-from-url-parameter-access-lead-to-account-takeover-eneri

April 7, 2025

Company Name: KHealth Company HackerOne URL: https://hackerone.com/khealth Submitted By:eneriLink to Submitters Profile:https://hackerone.com/eneri Report Title:Information disclouser from URL parameter "access" lead...

HackerOne Bug Bounty Disclosure: no-rate-limiting-on-form-register-growler

March 28, 2025

Company Name: Informatica Company HackerOne URL: https://hackerone.com/informatica Submitted By:growler09Link to Submitters Profile:https://hackerone.com/growler09 Report Title:No rate limiting on formReport Link:https://hackerone.com/reports/2583500Date Submitted:28...

HackerOne Bug Bounty Disclosure: http-response-header-injection-in-shopify-pitchfork-rack-ooooooo-q

March 27, 2025

Company Name: Shopify Company HackerOne URL: https://hackerone.com/shopify Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:HTTP Response Header Injection in shopify/pitchfork +...

HackerOne Bug Bounty Disclosure: cloudflare-waf-bypass-origin-ip-exposure-aaravhex

March 27, 2025

Company Name: Hemi VDP Company HackerOne URL: https://hackerone.com/hemi_labs_vdp Submitted By:aaravhexLink to Submitters Profile:https://hackerone.com/aaravhex Report Title:Cloudflare WAF Bypass - Origin IP...

HackerOne Bug Bounty Disclosure: null-pointer-dereference-by-crafted-response-from-ai-model-canalun

March 26, 2025

Company Name: Brave Software Company HackerOne URL: https://hackerone.com/brave Submitted By:canalunLink to Submitters Profile:https://hackerone.com/canalun Report Title:Null Pointer Dereference by Crafted Response...

HackerOne Bug Bounty Disclosure: twitter-broken-link-hijacking-in-thewild-com-yunxohang

March 24, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:yunxohangLink to Submitters Profile:https://hackerone.com/yunxohang Report Title:Twitter broken link hijacking in thewildcomReport Link:https://hackerone.com/reports/3035275Date...

HackerOne Bug Bounty Disclosure: cache-poisoning-allows-zero-interaction-store-xss-samark

March 22, 2025

Company Name: Trendyol Company HackerOne URL: https://hackerone.com/trendyol Submitted By:samark19Link to Submitters Profile:https://hackerone.com/samark19 Report Title:Cache Poisoning Allows Zero Interaction Store XSSReport...

HackerOne Bug Bounty Disclosure: django-debug-mode-enabled-information-disclosure-on-api-wwm-dev-autodesk-com-khoof

March 18, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:khoofLink to Submitters Profile:https://hackerone.com/khoof Report Title:Django Debug Mode Enabled - Information Disclosure...

HackerOne Bug Bounty Disclosure: ssrf-in-autodesk-rendering-leading-to-account-takeover-metereorpreter

March 18, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:metereorpreterLink to Submitters Profile:https://hackerone.com/metereorpreter Report Title:SSRF in Autodesk Rendering leading to account...

HackerOne Bug Bounty Disclosure: -fa-bypass-leads-to-impersonation-of-legimate-users-dedoxd

March 14, 2025

Company Name: Drugs.com Company HackerOne URL: https://hackerone.com/drugs_com Submitted By:dedoxd2Link to Submitters Profile:https://hackerone.com/dedoxd2 Report Title:2FA Bypass leads to impersonation of legimate...

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-found-in-custom-integration-app-on-hxxps-admin-b-autodesk-com-the-white-evil

March 14, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:the-white-evilLink to Submitters Profile:https://hackerone.com/the-white-evil Report Title:Stored Cross-Site Scripting found in custom integration...

HackerOne Bug Bounty Disclosure: cgi-scripts-wordlist-entry-for-windmail-exe-has-payload-that-sends-arbitrary-file-read-result-to-third-party-floyd

March 13, 2025

Company Name: PortSwigger Web Security Company HackerOne URL: https://hackerone.com/portswigger Submitted By:floydLink to Submitters Profile:https://hackerone.com/floyd Report Title:cgi scripts wordlist entry for...

HackerOne Bug Bounty Disclosure: domain-highlighting-on-external-link-warning-is-not-working-on-chrome-microsoft-edge-browsers-on-mobile-sarthakbhingare

March 13, 2025

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:sarthakbhingare015Link to Submitters Profile:https://hackerone.com/sarthakbhingare015 Report Title:Domain highlighting on External link warning is...

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-in-mercadopago-com-ar-elmago

March 13, 2025

Company Name: MercadoLibre Company HackerOne URL: https://hackerone.com/mercadolibre Submitted By:elmagoLink to Submitters Profile:https://hackerone.com/elmago Report Title:Stored Cross-Site Scripting in mercadopagocomarReport Link:https://hackerone.com/reports/1955485Date Submitted:13...

HackerOne Bug Bounty Disclosure: use-after-free-read-in-curl-multi-perform-with-doh-and-proxy-options-and-resolve-timeouts-catenacyber

March 6, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:catenacyberLink to Submitters Profile:https://hackerone.com/catenacyber Report Title:Use after free (read) in curl_multi_perform with...

HackerOne Bug Bounty Disclosure: sqli-in-url-paths-almuntadhar

March 6, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:almuntadharLink to Submitters Profile:https://hackerone.com/almuntadhar Report Title:SQLi | in URL pathsReport Link:https://hackerone.com/reports/2958619Date...

HackerOne Bug Bounty Disclosure: exposing-debug-log-file-leads-to-server-full-path-disclosure-kanon

March 6, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:kanon4Link to Submitters Profile:https://hackerone.com/kanon4 Report Title:Exposing debuglog file leads to server full...

HackerOne Bug Bounty Disclosure: cve-on-payapps-com-khoof

March 5, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:khoofLink to Submitters Profile:https://hackerone.com/khoof Report Title:CVE-2023-5561 on PayappscomReport Link:https://hackerone.com/reports/2997549Date Submitted:05 March 2025...

HackerOne Bug Bounty Disclosure: sensitive-api-key-leakage-hemant

March 4, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:hemant1Link to Submitters Profile:https://hackerone.com/hemant1 Report Title:Sensitive API Key LeakageReport Link:https://hackerone.com/reports/3017105Date Submitted:04...

HackerOne Bug Bounty Disclosure: ability-to-add-and-verify-uncontrolled-mobile-numbers-leading-to-account-takeover-ato-trev-ck

March 4, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:trev0ckLink to Submitters Profile:https://hackerone.com/trev0ck Report Title:Ability to Add and Verify Uncontrolled...

HackerOne Bug Bounty Disclosure: broken-access-control-leads-to-disclosure-of-transaction-history-via-v-rechargetransactionhistory-endpoint-hafiz-ng

March 2, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:hafiz-ngLink to Submitters Profile:https://hackerone.com/hafiz-ng Report Title:Broken Access Control leads to disclosure...

HackerOne Bug Bounty Disclosure: admin-dashboard-access-leads-to-updating-merchant-info-tinopreter

March 2, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:tinopreterLink to Submitters Profile:https://hackerone.com/tinopreter Report Title:Admin Dashboard Access Leads to Updating...

HackerOne Bug Bounty Disclosure: unsufficent-input-verification-leads-to-dos-and-resource-consumption-tinine

February 26, 2025

Company Name: Sorare Company HackerOne URL: https://hackerone.com/sorare Submitted By:tinineLink to Submitters Profile:https://hackerone.com/tinine Report Title:Unsufficent input verification leads to DoS and...

HackerOne Bug Bounty Disclosure: stored-xss-via-post-tittle-enabling-non-privileged-user-to-privileged-user-exploitation-on-hxxps-forums-autodesk-com-the-white-evil

February 26, 2025

bug bounty

HackerOne Bug Bounty Disclosure: information-disclouser-from-url-parameter-access-lead-to-account-takeover-eneri

HackerOne Bug Bounty Disclosure: no-rate-limiting-on-form-register-growler

HackerOne Bug Bounty Disclosure: http-response-header-injection-in-shopify-pitchfork-rack-ooooooo-q

HackerOne Bug Bounty Disclosure: cloudflare-waf-bypass-origin-ip-exposure-aaravhex

HackerOne Bug Bounty Disclosure: null-pointer-dereference-by-crafted-response-from-ai-model-canalun

HackerOne Bug Bounty Disclosure: twitter-broken-link-hijacking-in-thewild-com-yunxohang

HackerOne Bug Bounty Disclosure: cache-poisoning-allows-zero-interaction-store-xss-samark

HackerOne Bug Bounty Disclosure: django-debug-mode-enabled-information-disclosure-on-api-wwm-dev-autodesk-com-khoof

HackerOne Bug Bounty Disclosure: ssrf-in-autodesk-rendering-leading-to-account-takeover-metereorpreter

HackerOne Bug Bounty Disclosure: -fa-bypass-leads-to-impersonation-of-legimate-users-dedoxd

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-found-in-custom-integration-app-on-hxxps-admin-b-autodesk-com-the-white-evil

HackerOne Bug Bounty Disclosure: cgi-scripts-wordlist-entry-for-windmail-exe-has-payload-that-sends-arbitrary-file-read-result-to-third-party-floyd

HackerOne Bug Bounty Disclosure: domain-highlighting-on-external-link-warning-is-not-working-on-chrome-microsoft-edge-browsers-on-mobile-sarthakbhingare

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-in-mercadopago-com-ar-elmago

HackerOne Bug Bounty Disclosure: use-after-free-read-in-curl-multi-perform-with-doh-and-proxy-options-and-resolve-timeouts-catenacyber

HackerOne Bug Bounty Disclosure: sqli-in-url-paths-almuntadhar

HackerOne Bug Bounty Disclosure: exposing-debug-log-file-leads-to-server-full-path-disclosure-kanon

HackerOne Bug Bounty Disclosure: cve-on-payapps-com-khoof

HackerOne Bug Bounty Disclosure: sensitive-api-key-leakage-hemant

HackerOne Bug Bounty Disclosure: ability-to-add-and-verify-uncontrolled-mobile-numbers-leading-to-account-takeover-ato-trev-ck

HackerOne Bug Bounty Disclosure: broken-access-control-leads-to-disclosure-of-transaction-history-via-v-rechargetransactionhistory-endpoint-hafiz-ng

HackerOne Bug Bounty Disclosure: admin-dashboard-access-leads-to-updating-merchant-info-tinopreter

HackerOne Bug Bounty Disclosure: unsufficent-input-verification-leads-to-dos-and-resource-consumption-tinine

HackerOne Bug Bounty Disclosure: stored-xss-via-post-tittle-enabling-non-privileged-user-to-privileged-user-exploitation-on-hxxps-forums-autodesk-com-the-white-evil

[PLAY] – Ransomware Victim: Just Concrete & Masonry

[PLAY] – Ransomware Victim: Overhead Door of Nova Scotia

[PLAY] – Ransomware Victim: EIZO Rugged Solutions

[PLAY] – Ransomware Victim: Operative

Cobalt Strike Beacon Detected – 185[.]208[.]159[.]224:443

You may have missed