bug bounty

hackerone

HackerOne Bug Bounty Disclosure: b-rogue-collaborators-and-ambiguous-branch-names-in-github-b-inspector-ambitious

December 5, 2023

Company Name: b'GitHub' Company HackerOne URL: https://hackerone.com/github Submitted By:b'inspector-ambitious'Link to Submitters Profile:https://hackerone.com/b'inspector-ambitious' Report Title:b'Rogue collaborators and ambiguous branch names in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-rogue-collaborators-and-ambiguous-branch-names-in-github-b-inspector-ambitious
hackerone

HackerOne Bug Bounty Disclosure: b-unauthenticated-remote-access-to-testing-endpoint-b-sajidraza

December 4, 2023

Company Name: b'IBM' Company HackerOne URL: https://hackerone.com/ibm Submitted By:b'sajidraza'Link to Submitters Profile:https://hackerone.com/b'sajidraza' Report Title:b'Unauthenticated Remote Access to Testing Endpoint'Report Link:https://hackerone.com/reports/2192984Date...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-unauthenticated-remote-access-to-testing-endpoint-b-sajidraza
hackerone

HackerOne Bug Bounty Disclosure: b-mozilla-fuzzmanager-api-token-exposed-in-git-commit-b-yakirka

November 29, 2023

Company Name: b'Mozilla Critical Services' Company HackerOne URL: https://hackerone.com/mozilla_critical_services Submitted By:b'yakirka'Link to Submitters Profile:https://hackerone.com/b'yakirka' Report Title:b'Mozilla FuzzManager API Token Exposed...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-mozilla-fuzzmanager-api-token-exposed-in-git-commit-b-yakirka
hackerone

HackerOne Bug Bounty Disclosure: b-multiple-path-transversal-vulnerabilites-b-myselfphoton

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'myselfphoton'Link to Submitters Profile:https://hackerone.com/b'myselfphoton' Report Title:b'Multiple Path Transversal Vulnerabilites'Report Link:https://hackerone.com/reports/273377Date Submitted:28 November...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-multiple-path-transversal-vulnerabilites-b-myselfphoton
hackerone

HackerOne Bug Bounty Disclosure: b-https-get-ooni-torproject-org-b-ba-fe-ca-d-f-a

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'ba4fe4ca95021d367f8a574'Link to Submitters Profile:https://hackerone.com/b'ba4fe4ca95021d367f8a574' Report Title:b'https://get.ooni.torproject.org/'Report Link:https://hackerone.com/reports/274285Date Submitted:28 November 2023 A considerable...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-https-get-ooni-torproject-org-b-ba-fe-ca-d-f-a
hackerone

HackerOne Bug Bounty Disclosure: b-report-regarding-security-vulnerability-b-srkfan

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'srkfan'Link to Submitters Profile:https://hackerone.com/b'srkfan' Report Title:b'Report Regarding Security Vulnerability'Report Link:https://hackerone.com/reports/269243Date Submitted:28 November...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-report-regarding-security-vulnerability-b-srkfan
hackerone

HackerOne Bug Bounty Disclosure: b-use-of-unitialized-value-in-crypto-pk-num-bits-src-common-crypto-c-b-geeknik

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'geeknik'Link to Submitters Profile:https://hackerone.com/b'geeknik' Report Title:b'Use of unitialized value in crypto_pk_num_bits (src/common/crypto.c:971)'Report...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-use-of-unitialized-value-in-crypto-pk-num-bits-src-common-crypto-c-b-geeknik
hackerone

HackerOne Bug Bounty Disclosure: b-potential-ip-revealing-using-unc-path-in-windows-file-picker-b-newfunction

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'newfunction'Link to Submitters Profile:https://hackerone.com/b'newfunction' Report Title:b'Potential IP revealing using UNC Path in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-potential-ip-revealing-using-unc-path-in-windows-file-picker-b-newfunction
hackerone

HackerOne Bug Bounty Disclosure: b-organization-members-can-delete-reports-in-teams-they-have-no-access-to-b-verw-tch

November 22, 2023

Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'0verw4tch'Link to Submitters Profile:https://hackerone.com/b'0verw4tch' Report Title:b'Organization members can delete reports in teams...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-organization-members-can-delete-reports-in-teams-they-have-no-access-to-b-verw-tch
hackerone

HackerOne Bug Bounty Disclosure: b-idor-vulnerability-on-profile-picture-changing-mechanism-which-discloses-other-user-s-profile-picture-b-triple-h

November 22, 2023

Company Name: b'Glassdoor' Company HackerOne URL: https://hackerone.com/glassdoor Submitted By:b'triple_h'Link to Submitters Profile:https://hackerone.com/b'triple_h' Report Title:b"IDOR vulnerability on profile picture changing mechanism...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-idor-vulnerability-on-profile-picture-changing-mechanism-which-discloses-other-user-s-profile-picture-b-triple-h
hackerone

HackerOne Bug Bounty Disclosure: b-html-injection-in-search-ui-when-selecting-a-circle-with-html-in-the-display-name-b-cx-fa

November 21, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'cx75fa'Link to Submitters Profile:https://hackerone.com/b'cx75fa' Report Title:b'HTML injection in search UI when selecting...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-html-injection-in-search-ui-when-selecting-a-circle-with-html-in-the-display-name-b-cx-fa
hackerone

HackerOne Bug Bounty Disclosure: b-full-account-takeover-of-any-user-through-reset-password-b-maskedpersian

November 17, 2023

Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'maskedpersian'Link to Submitters Profile:https://hackerone.com/b'maskedpersian' Report Title:b'Full account takeover of...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-full-account-takeover-of-any-user-through-reset-password-b-maskedpersian
hackerone

HackerOne Bug Bounty Disclosure: b-unauthorised-cocoapods-auth-via-token-leakage-http-header-injection-b-reefspek

November 16, 2023

Company Name: b'Snowplow' Company HackerOne URL: https://hackerone.com/snowplow Submitted By:b'reefspek'Link to Submitters Profile:https://hackerone.com/b'reefspek' Report Title:b'Unauthorised CocoaPods Auth via Token Leakage &...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-unauthorised-cocoapods-auth-via-token-leakage-http-header-injection-b-reefspek

You may have missed

image

[AKIRA] – Ransomware Victim: BAF Management Consulting

July 15, 2025
image

[QILIN] – Ransomware Victim: ProActive Solutions USA

July 15, 2025
image

[QILIN] – Ransomware Victim: The Paul Wilkinson Law Firm

July 15, 2025
image

[LYNX] – Ransomware Victim: Greta Group

July 15, 2025
image

[LYNX] – Ransomware Victim: Victoria Garden

July 15, 2025