bug bounty

hackerone

HackerOne Bug Bounty Disclosure: b-https-get-ooni-torproject-org-b-ba-fe-ca-d-f-a

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'ba4fe4ca95021d367f8a574'Link to Submitters Profile:https://hackerone.com/b'ba4fe4ca95021d367f8a574' Report Title:b'https://get.ooni.torproject.org/'Report Link:https://hackerone.com/reports/274285Date Submitted:28 November 2023 A considerable...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-https-get-ooni-torproject-org-b-ba-fe-ca-d-f-a
hackerone

HackerOne Bug Bounty Disclosure: b-report-regarding-security-vulnerability-b-srkfan

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'srkfan'Link to Submitters Profile:https://hackerone.com/b'srkfan' Report Title:b'Report Regarding Security Vulnerability'Report Link:https://hackerone.com/reports/269243Date Submitted:28 November...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-report-regarding-security-vulnerability-b-srkfan
hackerone

HackerOne Bug Bounty Disclosure: b-use-of-unitialized-value-in-crypto-pk-num-bits-src-common-crypto-c-b-geeknik

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'geeknik'Link to Submitters Profile:https://hackerone.com/b'geeknik' Report Title:b'Use of unitialized value in crypto_pk_num_bits (src/common/crypto.c:971)'Report...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-use-of-unitialized-value-in-crypto-pk-num-bits-src-common-crypto-c-b-geeknik
hackerone

HackerOne Bug Bounty Disclosure: b-potential-ip-revealing-using-unc-path-in-windows-file-picker-b-newfunction

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'newfunction'Link to Submitters Profile:https://hackerone.com/b'newfunction' Report Title:b'Potential IP revealing using UNC Path in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-potential-ip-revealing-using-unc-path-in-windows-file-picker-b-newfunction
hackerone

HackerOne Bug Bounty Disclosure: b-organization-members-can-delete-reports-in-teams-they-have-no-access-to-b-verw-tch

November 22, 2023

Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'0verw4tch'Link to Submitters Profile:https://hackerone.com/b'0verw4tch' Report Title:b'Organization members can delete reports in teams...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-organization-members-can-delete-reports-in-teams-they-have-no-access-to-b-verw-tch
hackerone

HackerOne Bug Bounty Disclosure: b-idor-vulnerability-on-profile-picture-changing-mechanism-which-discloses-other-user-s-profile-picture-b-triple-h

November 22, 2023

Company Name: b'Glassdoor' Company HackerOne URL: https://hackerone.com/glassdoor Submitted By:b'triple_h'Link to Submitters Profile:https://hackerone.com/b'triple_h' Report Title:b"IDOR vulnerability on profile picture changing mechanism...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-idor-vulnerability-on-profile-picture-changing-mechanism-which-discloses-other-user-s-profile-picture-b-triple-h
hackerone

HackerOne Bug Bounty Disclosure: b-html-injection-in-search-ui-when-selecting-a-circle-with-html-in-the-display-name-b-cx-fa

November 21, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'cx75fa'Link to Submitters Profile:https://hackerone.com/b'cx75fa' Report Title:b'HTML injection in search UI when selecting...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-html-injection-in-search-ui-when-selecting-a-circle-with-html-in-the-display-name-b-cx-fa
hackerone

HackerOne Bug Bounty Disclosure: b-full-account-takeover-of-any-user-through-reset-password-b-maskedpersian

November 17, 2023

Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'maskedpersian'Link to Submitters Profile:https://hackerone.com/b'maskedpersian' Report Title:b'Full account takeover of...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-full-account-takeover-of-any-user-through-reset-password-b-maskedpersian
hackerone

HackerOne Bug Bounty Disclosure: b-unauthorised-cocoapods-auth-via-token-leakage-http-header-injection-b-reefspek

November 16, 2023

Company Name: b'Snowplow' Company HackerOne URL: https://hackerone.com/snowplow Submitted By:b'reefspek'Link to Submitters Profile:https://hackerone.com/b'reefspek' Report Title:b'Unauthorised CocoaPods Auth via Token Leakage &...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-unauthorised-cocoapods-auth-via-token-leakage-http-header-injection-b-reefspek
hackerone

HackerOne Bug Bounty Disclosure: b-csrf-vulnerability-in-royal-canin-website-allows-attackers-to-change-user-profile-picture-at-my-royalcanin-pt-b-bx

November 15, 2023

Company Name: b'Mars' Company HackerOne URL: https://hackerone.com/mars Submitted By:b'bx00'Link to Submitters Profile:https://hackerone.com/b'bx00' Report Title:b'**"CSRF Vulnerability in Royal Canin Website Allows...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-csrf-vulnerability-in-royal-canin-website-allows-attackers-to-change-user-profile-picture-at-my-royalcanin-pt-b-bx
hackerone

HackerOne Bug Bounty Disclosure: b-reflected-xss-in-https-wordpress-com-start-account-user-b-secureighty

November 15, 2023

Company Name: b'Automattic' Company HackerOne URL: https://hackerone.com/automattic Submitted By:b'secureighty'Link to Submitters Profile:https://hackerone.com/b'secureighty' Report Title:b'reflected xss in https://wordpress.com/start/account/user'Report Link:https://hackerone.com/reports/2055132Date Submitted:15 November...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-reflected-xss-in-https-wordpress-com-start-account-user-b-secureighty
hackerone

HackerOne Bug Bounty Disclosure: b-buffer-overflow-and-affected-url-https-github-com-curl-curl-blob-master-docs-examples-hsts-preload-c-b-cyberguardianrd

November 15, 2023

Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'cyberguardianrd'Link to Submitters Profile:https://hackerone.com/b'cyberguardianrd' Report Title:b'Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c'Report Link:https://hackerone.com/reports/2252307Date Submitted:15...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-buffer-overflow-and-affected-url-https-github-com-curl-curl-blob-master-docs-examples-hsts-preload-c-b-cyberguardianrd
hackerone

HackerOne Bug Bounty Disclosure: b-cve-apache-airflow-bypass-permission-verification-to-view-task-instances-of-other-dags-b-balis-ng

November 13, 2023

Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'balis0ng'Link to Submitters Profile:https://hackerone.com/b'balis0ng' Report Title:b'CVE-2023-42663: Apache Airflow: Bypass permission...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-cve-apache-airflow-bypass-permission-verification-to-view-task-instances-of-other-dags-b-balis-ng

You may have missed

image

CVE Alert: CVE-2025-10058 – smackcoders – WP Import – Ultimate CSV XML Importer for WordPress

September 17, 2025
image

CVE Alert: CVE-2025-10057 – smackcoders – WP Import – Ultimate CSV XML Importer for WordPress

September 17, 2025
image

CVE Alert: CVE-2025-10143 – catchthemes – Catch Dark Mode

September 17, 2025
image

CVE Alert: CVE-2025-10589 – N-Partner – N-Reporter

September 17, 2025
Cobalt-Strike

Cobalt Strike Beacon Detected – 38[.]173[.]19[.]175:8731

September 17, 2025