HackerOne Bug Bounty Disclosure: attacker-can-unpin-posts-from-companies-he’s-not-part-of-byspaceboy20
Programme HackerOne LinkedIn LinkedIn Submitted by spaceboy20 spaceboy20 Report Attacker can unpin posts from companies he's not part of. Full...
bug bounty
HackerOne Bug Bounty Disclosure: attackers-do-not-need-to-pay-for-a-subscription-to-get-the-`discussion-group-url`-in-`paid-learning`byfind_me_here
Programme HackerOne LinkedIn LinkedIn Submitted by find_me_here find_me_here Report Attackers do not need to Pay for a Subscription to get...
HackerOne Bug Bounty Disclosure: moodle-xss-on-s-immerscio-comprehend-ibm-comby0xpugazh
Programme HackerOne IBM IBM Submitted by 0xpugazh 0xpugazh Report Moodle XSS on s-immerscio.comprehend.ibm.com Full Report A considerable amount of...
BugCrowd Bug Bounty Disclosure: – Login Capctha Bypass – By mewtw0
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: reset-password-link-sent-over-unsecured-http-protocolbyuchihaluckycs
Programme HackerOne Mattermost Mattermost Submitted by uchihaluckycs uchihaluckycs Report Reset password link sent over unsecured http protocol Full Report ...
HackerOne Bug Bounty Disclosure: download-file-type-warning-on-windows-does-not-appear-if-“ask-where-to-save-file-before-downloading”-setting-is-enabledbyameenbasha
Programme HackerOne Brave Software Brave Software Submitted by ameenbasha ameenbasha Report download file type warning on Windows does not appear...
HackerOne Bug Bounty Disclosure: subdomain-takeover-affecting-at–vex-weather-combygdattacker
Programme HackerOne IBM IBM Submitted by gdattacker gdattacker Report Subdomain Takeover Affecting at vex.weather.com Full Report A considerable amount...
BugCrowd Bug Bounty Disclosure: – Bypass URL and IP Address Restrictions on analytics.starlink.com – By I4ENI
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: blind-server-side-request-forgery-(ssrf)–allows-scanning-internal-portsbylu3ky-13
Programme HackerOne Elastic Elastic Submitted by lu3ky-13 lu3ky-13 Report blind Server-Side Request Forgery (SSRF) allows scanning internal ports Full Report...
HackerOne Bug Bounty Disclosure: header-crlf-injection-in-ruby-net::httpbyleixiao
Programme HackerOne Ruby Ruby Submitted by leixiao leixiao Report Header CRLF Injection in Ruby Net::HTTP Full Report A considerable...
HackerOne Bug Bounty Disclosure: hide-download-previews-are-accessible-without-a-watermarkbyjuliushaertl
Programme HackerOne Nextcloud Nextcloud Submitted by juliushaertl juliushaertl Report Hide download previews are accessible without a watermark Full Report ...
HackerOne Bug Bounty Disclosure: app-pin-of-the-android-app-can-be-bypassed-via-3rdparty-apps-generating-deep-linksbymeinereiner
Programme HackerOne Nextcloud Nextcloud Submitted by meinereiner meinereiner Report App pin of the Android app can be bypassed via 3rdparty...
HackerOne Bug Bounty Disclosure: potential-directory-traversal-in-oc\files\node\folder::getfullpathbynickvergessen
Programme HackerOne Nextcloud Nextcloud Submitted by nickvergessen nickvergessen Report Potential directory traversal in OC\Files\Node\Folder::getFullPath Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: document-content-of-files-can-be-obtained-through-collabora-for-files-of-other-usersbyjuliushaertl
Programme HackerOne Nextcloud Nextcloud Submitted by juliushaertl juliushaertl Report Document content of files can be obtained through Collabora for files...
HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-(idor)—delete-campaignsbydatph4m
Programme HackerOne HackerOne HackerOne Submitted by datph4m datph4m Report Insecure Direct Object Reference (IDOR) - Delete Campaigns Full Report ...
HackerOne Bug Bounty Disclosure: reflected-xss-on-marketsandresearch-td-combydef1ant
Programme HackerOne TD Bank TD Bank Submitted by def1ant def1ant Report Reflected XSS on marketsandresearch.td.com Full Report A considerable...
HackerOne Bug Bounty Disclosure: unauthenticated-cache-purgingbyrubayet_hassan
Programme HackerOne Fastly VDP Fastly VDP Submitted by rubayet_hassan rubayet_hassan Report Unauthenticated cache purging Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: cache-purge-requests-are-not-authenticatedbyxerhakhd
Programme HackerOne Fastly VDP Fastly VDP Submitted by xerhakhd xerhakhd Report Cache purge requests are not authenticated Full Report ...
HackerOne Bug Bounty Disclosure: reference-fetch-can-saturate-the-server-bandwidth-for-10-secondsbybrthnc
Programme HackerOne Nextcloud Nextcloud Submitted by brthnc brthnc Report Reference fetch can saturate the server bandwidth for 10 seconds Full...
HackerOne Bug Bounty Disclosure: name-collision-of-shared-foldersbyaslfv
Programme HackerOne Nextcloud Nextcloud Submitted by aslfv aslfv Report Name collision of shared folders Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: credential-leak-on-github:-https://github-com///-(peoplesoft-crm)bypentestor
Programme HackerOne 8x8 8x8 Submitted by pentestor pentestor Report Credential leak on GitHub: https://github.com/// (Peoplesoft CRM) Full Report A...
HackerOne Bug Bounty Disclosure: [indy_node]pool_upgrade-command-injection,-trustee-node-can-execute-command-in-any-other-node`s-system-bykmhlyxj0
Programme HackerOne Hyperledger Hyperledger Submitted by kmhlyxj0 kmhlyxj0 Report POOL_UPGRADE command injection, Trustee Node can execute command in any other...
HackerOne Bug Bounty Disclosure: the-endpoint-‘/test/webhooks’-is-vulnerable-to-dns-rebindingbymuhammadilyas
Programme HackerOne Omise Omise Submitted by muhammadilyas muhammadilyas Report The endpoint '/test/webhooks' is vulnerable to DNS Rebinding Full Report ...
HackerOne Bug Bounty Disclosure: blind-ssrf-with-escalation-possibilities-in-matrix-preview_link-apibyrevolte
Programme HackerOne Reddit Reddit Submitted by revolte revolte Report Blind SSRF with Escalation possibilities in matrix preview_link API Full Report...
