bug bounty

HackerOne Bug Bounty Disclosure: vulnerability-report-public-exposure-of-security-audit-file-cyph-r-nitro

July 27, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:cyph3r_nitroLink to Submitters Profile:https://hackerone.com/cyph3r_nitro Report Title:Vulnerability Report: Public Exposure of Security Audit...

Bug Bounty

BugCrowd Bug Bounty Disclosure: P5 – Account Takeover via Password Reset Token and Insecure Email Change Handling – David007

July 25, 2025

Account Takeover via Password Reset Token and Insecure Email Change Handling Account Takeover via Password Reset Token and Insecure Email...

HackerOne Bug Bounty Disclosure: security-check-up-ejejohn

July 24, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:ejejohnLink to Submitters Profile:https://hackerone.com/ejejohn Report Title:Security check upReport Link:https://hackerone.com/reports/3269761Date Submitted:24 July 2025...

HackerOne Bug Bounty Disclosure: use-after-free-or-assert-triggered-with-failed-allocations-in-openssl-catenacyber

July 24, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:catenacyberLink to Submitters Profile:https://hackerone.com/catenacyber Report Title:Use after free (or assert triggered) with...

HackerOne Bug Bounty Disclosure: mint-oauth-access-token-for-targeted-user-timothyleung

July 23, 2025

Company Name: GitLab Company HackerOne URL: https://hackerone.com/gitlab Submitted By:timothyleungLink to Submitters Profile:https://hackerone.com/timothyleung Report Title:Mint Oauth2 access token for targeted userReport...

HackerOne Bug Bounty Disclosure: gnutls-curlinfo-tls-session-curlinfo-tls-ssl-ptr-type-confusion-nyymi

July 23, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:nyymiLink to Submitters Profile:https://hackerone.com/nyymi Report Title:GnuTLS CURLINFO_TLS_SESSION / CURLINFO_TLS_SSL_PTR type confusionReport Link:https://hackerone.com/reports/3261248Date...

HackerOne Bug Bounty Disclosure: on-the-implications-of-permitting-procedural-culling-lyb-unaffiliated

July 22, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:lyb_unaffiliatedLink to Submitters Profile:https://hackerone.com/lyb_unaffiliated Report Title:on the implications of permitting procedural cullingReport...

HackerOne Bug Bounty Disclosure: xss-on-amazon-aquisition-elemental-muhammad-kasim

July 22, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:muhammad_kasimLink to Submitters Profile:https://hackerone.com/muhammad_kasim Report Title:XSS on Amazon Aquisition: elementalReport Link:https://hackerone.com/reports/3205667Date...

HackerOne Bug Bounty Disclosure: curl-asserts-when-accessing-an-ldap-url-cmeister

July 22, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:cmeister2Link to Submitters Profile:https://hackerone.com/cmeister2 Report Title:curl ASSERTs when accessing an LDAP URLReport...

Bug Bounty

BugCrowd Bug Bounty Disclosure: P3 – CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. – Renatto

July 22, 2025

CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. Researcher: Renatto Engagement: National Aeronautics and Space Administration (NASA) -...

Bug Bounty

BugCrowd Bug Bounty Disclosure: P2 – HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory – Mon3m

July 22, 2025

HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory...

HackerOne Bug Bounty Disclosure: api-key-exposed-in-javascript-file-on-password-developer-site-sudosu

July 18, 2025

Company Name: 1Password - Enterprise Password Manager Company HackerOne URL: https://hackerone.com/1password Submitted By:sudosu001Link to Submitters Profile:https://hackerone.com/sudosu001 Report Title:API Key Exposed...

HackerOne Bug Bounty Disclosure: reflected-xss-in-create-category-functionality-of-post-creation-module-rishail

July 17, 2025

Company Name: MainWP Company HackerOne URL: https://hackerone.com/mainwp Submitted By:rishail01Link to Submitters Profile:https://hackerone.com/rishail01 Report Title:Reflected XSS in "Create Category" Functionality of...

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-xss-in-add-contact-name-field-mainwp-plugin-rishail

July 17, 2025

Company Name: MainWP Company HackerOne URL: https://hackerone.com/mainwp Submitted By:rishail01Link to Submitters Profile:https://hackerone.com/rishail01 Report Title:Stored Cross-Site Scripting (XSS) in "Add Contact"...

HackerOne Bug Bounty Disclosure: reflected-xss-in-cost-tracker-notes-field-rishail

July 17, 2025

HackerOne Bug Bounty Disclosure: account-takeover-of-existing-hackerone-accounts-through-scim-provisioning-boy-child

July 17, 2025

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:boy_child_Link to Submitters Profile:https://hackerone.com/boy_child_ Report Title:Account takeover of existing HackerOne accounts through...

HackerOne Bug Bounty Disclosure: reflected-xss-in-manage-tags-notes-field-rishail

July 17, 2025

HackerOne Bug Bounty Disclosure: exposure-of-personal-ip-address-via-email-micael

July 16, 2025

Company Name: Weblate Company HackerOne URL: https://hackerone.com/weblate Submitted By:micael1Link to Submitters Profile:https://hackerone.com/micael1 Report Title:exposure of personal IP address via emailReport...

Bug Bounty

BugCrowd Bug Bounty Disclosure: P5 – Reflected XSS on oceandata.sci.gsfc.nasa.gov – FebriHp

July 12, 2025

Reflected XSS on oceandata.sci.gsfc.nasa.gov Reflected XSS on oceandata.sci.gsfc.nasa.gov Researcher: FebriHp Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure...

HackerOne Bug Bounty Disclosure: use-after-free-in-openssl-keylog-callback-via-ssl-get-ex-data-in-libcurl-brobagazzzx

July 9, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:brobagazzzxLink to Submitters Profile:https://hackerone.com/brobagazzzx Report Title:Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data()...

HackerOne Bug Bounty Disclosure: arbitrary-file-read-via-file-protocol-in-curl-mr-tufan

July 9, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:mr_tufanLink to Submitters Profile:https://hackerone.com/mr_tufan Report Title:Arbitrary File Read via file:// Protocol in...

HackerOne Bug Bounty Disclosure: csrf-at-network-feature-psfauzi

July 8, 2025

Company Name: Lichess Company HackerOne URL: https://hackerone.com/lichess Submitted By:psfauziLink to Submitters Profile:https://hackerone.com/psfauzi Report Title:CSRF at Network featureReport Link:https://hackerone.com/reports/3230359Date Submitted:08 July...

HackerOne Bug Bounty Disclosure: information-disclosure-identified-on-ibm-endpoint-devire

July 8, 2025

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:devireLink to Submitters Profile:https://hackerone.com/devire Report Title:Information disclosure identified on IBM endpoint Report...

HackerOne Bug Bounty Disclosure: authorization-header-leak-via-location-trusted-in-curl-voggerloops

July 3, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:voggerloopsLink to Submitters Profile:https://hackerone.com/voggerloops Report Title:Authorization Header Leak via --location-trusted in CurlReport...

bug bounty

HackerOne Bug Bounty Disclosure: vulnerability-report-public-exposure-of-security-audit-file-cyph-r-nitro

BugCrowd Bug Bounty Disclosure: P5 – Account Takeover via Password Reset Token and Insecure Email Change Handling – David007

HackerOne Bug Bounty Disclosure: security-check-up-ejejohn

HackerOne Bug Bounty Disclosure: use-after-free-or-assert-triggered-with-failed-allocations-in-openssl-catenacyber

HackerOne Bug Bounty Disclosure: mint-oauth-access-token-for-targeted-user-timothyleung

HackerOne Bug Bounty Disclosure: gnutls-curlinfo-tls-session-curlinfo-tls-ssl-ptr-type-confusion-nyymi

HackerOne Bug Bounty Disclosure: on-the-implications-of-permitting-procedural-culling-lyb-unaffiliated

HackerOne Bug Bounty Disclosure: xss-on-amazon-aquisition-elemental-muhammad-kasim

HackerOne Bug Bounty Disclosure: curl-asserts-when-accessing-an-ldap-url-cmeister

BugCrowd Bug Bounty Disclosure: P3 – CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. – Renatto

BugCrowd Bug Bounty Disclosure: P2 – HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory – Mon3m

HackerOne Bug Bounty Disclosure: api-key-exposed-in-javascript-file-on-password-developer-site-sudosu

HackerOne Bug Bounty Disclosure: reflected-xss-in-create-category-functionality-of-post-creation-module-rishail

HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-xss-in-add-contact-name-field-mainwp-plugin-rishail

HackerOne Bug Bounty Disclosure: reflected-xss-in-cost-tracker-notes-field-rishail

HackerOne Bug Bounty Disclosure: account-takeover-of-existing-hackerone-accounts-through-scim-provisioning-boy-child

HackerOne Bug Bounty Disclosure: reflected-xss-in-manage-tags-notes-field-rishail

HackerOne Bug Bounty Disclosure: exposure-of-personal-ip-address-via-email-micael

BugCrowd Bug Bounty Disclosure: P5 – Reflected XSS on oceandata.sci.gsfc.nasa.gov – FebriHp

HackerOne Bug Bounty Disclosure: use-after-free-in-openssl-keylog-callback-via-ssl-get-ex-data-in-libcurl-brobagazzzx

HackerOne Bug Bounty Disclosure: arbitrary-file-read-via-file-protocol-in-curl-mr-tufan

HackerOne Bug Bounty Disclosure: csrf-at-network-feature-psfauzi

HackerOne Bug Bounty Disclosure: information-disclosure-identified-on-ibm-endpoint-devire

HackerOne Bug Bounty Disclosure: authorization-header-leak-via-location-trusted-in-curl-voggerloops

BugCrowd Bug Bounty Disclosure: P3 – Publicly Editable Google Docs Linked from NASA SnowEx PPT –

BugCrowd Bug Bounty Disclosure: P3 – Details of the collaboration between NASA and Inmarsat Government and the type of contract –

Apple Products Multiple Vulnerabilities

Miljödata – 870,108 breached accounts

Cobalt Strike Beacon Detected – 119[.]91[.]203[.]199:88

You may have missed