bug bounty

hackerone

HackerOne Bug Bounty Disclosure: b-unprotected-atlantis-server-at-https-b-imranhudaa

September 15, 2023

Company Name: b'8x8' Company HackerOne URL: https://hackerone.com/8x8 Submitted By:b'imranhudaa'Link to Submitters Profile:https://hackerone.com/b'imranhudaa' Report Title:b'Unprotected Atlantis Server at https://132.226..'Report Link:https://hackerone.com/reports/1895783Date Submitted:15...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-unprotected-atlantis-server-at-https-b-imranhudaa
hackerone

HackerOne Bug Bounty Disclosure: b-able-to-see-bonus-amount-given-to-a-report-even-if-the-bounty-and-bonus-is-not-visible-to-public-or-mentioned-in-report-id-json-b-callmed

September 14, 2023

Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'callmed0_4'Link to Submitters Profile:https://hackerone.com/b'callmed0_4' Report Title:b'Able to see Bonus amount given to...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-able-to-see-bonus-amount-given-to-a-report-even-if-the-bounty-and-bonus-is-not-visible-to-public-or-mentioned-in-report-id-json-b-callmed
hackerone

HackerOne Bug Bounty Disclosure: b-idor-authorization-bypass-in-lockreport-mutation-for-public-reports-b-verw-tch

September 13, 2023

Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'0verw4tch'Link to Submitters Profile:https://hackerone.com/b'0verw4tch' Report Title:b'IDOR: Authorization Bypass in LockReport Mutation for...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-idor-authorization-bypass-in-lockreport-mutation-for-public-reports-b-verw-tch
hackerone

HackerOne Bug Bounty Disclosure: b-information-disclosure-pvt-gitlab-issue-disclosing-through-gitlab-unfiltered-youtube-channel-b-mrrajputhacker

September 13, 2023

Company Name: b'GitLab' Company HackerOne URL: https://hackerone.com/gitlab Submitted By:b'mrrajputhacker2'Link to Submitters Profile:https://hackerone.com/b'mrrajputhacker2' Report Title:b'Information Disclosure - Pvt Gitlab Issue Disclosing...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-information-disclosure-pvt-gitlab-issue-disclosing-through-gitlab-unfiltered-youtube-channel-b-mrrajputhacker
hackerone

HackerOne Bug Bounty Disclosure: b-request-english-versions-of-web-pages-for-enhanced-privacy-keeps-previous-grayed-out-settings-b-andreien

September 13, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'andreien'Link to Submitters Profile:https://hackerone.com/b'andreien' Report Title:b"'Request English versions of web pages for...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-request-english-versions-of-web-pages-for-enhanced-privacy-keeps-previous-grayed-out-settings-b-andreien
hackerone

HackerOne Bug Bounty Disclosure: b-multiple-cross-site-scripting-xss-vulnerabilities-in-revive-adserver-b-l-stb-t

September 13, 2023

Company Name: b'Revive Adserver' Company HackerOne URL: https://hackerone.com/revive_adserver Submitted By:b'l4stb1t'Link to Submitters Profile:https://hackerone.com/b'l4stb1t' Report Title:b'Multiple cross-site scripting (XSS) vulnerabilities in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-multiple-cross-site-scripting-xss-vulnerabilities-in-revive-adserver-b-l-stb-t
hackerone

HackerOne Bug Bounty Disclosure: b-admin-account-panel-takeover-and-doing-actions-in-admin-panel-via-dom-based-xss-b-mouhannadlrx

September 12, 2023

Company Name: b'Radancy' Company HackerOne URL: https://hackerone.com/radancy Submitted By:b'mouhannadlrx'Link to Submitters Profile:https://hackerone.com/b'mouhannadlrx' Report Title:b'Admin account/panel takeOver and Doing actions in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-admin-account-panel-takeover-and-doing-actions-in-admin-panel-via-dom-based-xss-b-mouhannadlrx
hackerone

HackerOne Bug Bounty Disclosure: b-mozilla-mastodon-staging-instance-admin-api-key-disclosure-through-slack-b-griffinf

September 11, 2023

Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'griffinf'Link to Submitters Profile:https://hackerone.com/b'griffinf' Report Title:b'Mozilla Mastodon Staging Instance Admin...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-mozilla-mastodon-staging-instance-admin-api-key-disclosure-through-slack-b-griffinf
hackerone

HackerOne Bug Bounty Disclosure: b-response-manipulation-to-enable-account-recovery-key-with-out-current-password-b-saiteja

September 11, 2023

Company Name: b'Mozilla Critical Services' Company HackerOne URL: https://hackerone.com/mozilla_critical_services Submitted By:b'saiteja1231323'Link to Submitters Profile:https://hackerone.com/b'saiteja1231323' Report Title:b'Response Manipulation to enable Account...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-response-manipulation-to-enable-account-recovery-key-with-out-current-password-b-saiteja
hackerone

HackerOne Bug Bounty Disclosure: b-the-domain-is-truck-admin-eu-east-indriverapp-com-and-enter-the-management-system-of-the-blasting-mobile-phone-verification-code-b-trustworthy

September 11, 2023

Company Name: b'inDrive' Company HackerOne URL: https://hackerone.com/indrive Submitted By:b'trustworthy'Link to Submitters Profile:https://hackerone.com/b'trustworthy' Report Title:b'the domain is truck-admin.eu-east-1.indriverapp.com and Enter the...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-the-domain-is-truck-admin-eu-east-indriverapp-com-and-enter-the-management-system-of-the-blasting-mobile-phone-verification-code-b-trustworthy
hackerone

HackerOne Bug Bounty Disclosure: b-process-binding-can-bypass-the-permission-model-through-path-traversal-b-rafaelgss

September 10, 2023

Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'rafaelgss'Link to Submitters Profile:https://hackerone.com/b'rafaelgss' Report Title:b'process.binding() can bypass the permission model through...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-process-binding-can-bypass-the-permission-model-through-path-traversal-b-rafaelgss
hackerone

HackerOne Bug Bounty Disclosure: b-fs-statfs-bypasses-permission-model-b-rafaelgss

September 10, 2023

Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'rafaelgss'Link to Submitters Profile:https://hackerone.com/b'rafaelgss' Report Title:b'fs.statfs bypasses Permission Model'Report Link:https://hackerone.com/reports/2051224Date Submitted:10 September...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-fs-statfs-bypasses-permission-model-b-rafaelgss
hackerone

HackerOne Bug Bounty Disclosure: b-permissions-not-respected-when-copying-entire-group-folders-b-carl-schwan

September 9, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'carl_schwan'Link to Submitters Profile:https://hackerone.com/b'carl_schwan' Report Title:b'Permissions not respected when copying entire group...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-permissions-not-respected-when-copying-entire-group-folders-b-carl-schwan
hackerone

HackerOne Bug Bounty Disclosure: b-support-tickets-can-be-created-on-behalf-of-other-users-using-spoofed-email-bypass-of-b-as-patro

September 8, 2023

Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'as_patro'Link to Submitters Profile:https://hackerone.com/b'as_patro' Report Title:b'Support Tickets can be created on behalf...

Read MoreRead more about HackerOne Bug Bounty Disclosure: b-support-tickets-can-be-created-on-behalf-of-other-users-using-spoofed-email-bypass-of-b-as-patro

You may have missed

image

CVE Alert: CVE-2025-9216 – kodezen – StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More

September 17, 2025
image

CVE Alert: CVE-2025-10058 – smackcoders – WP Import – Ultimate CSV XML Importer for WordPress

September 17, 2025
image

CVE Alert: CVE-2025-10057 – smackcoders – WP Import – Ultimate CSV XML Importer for WordPress

September 17, 2025
image

CVE Alert: CVE-2025-10143 – catchthemes – Catch Dark Mode

September 17, 2025
image

CVE Alert: CVE-2025-10589 – N-Partner – N-Reporter

September 17, 2025