HackerOne Bug Bounty Disclosure: [python]-tarslip-vulnerability-improvementsbysim4n6
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by sim4n6 sim4n6 Report TarSlip vulnerability improvements Full Report A...
bug bounty
HackerOne Bug Bounty Disclosure: stealing-users-oauth-authorization-code-via-redirect_uribyhackit_bharat
Programme HackerOne pixiv pixiv Submitted by hackit_bharat hackit_bharat Report Stealing Users OAuth authorization code via redirect_uri Full Report A...
HackerOne Bug Bounty Disclosure: [go]:-add-beego-input-requestbody-source-to-beego-frameworkbygregxsunday
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by gregxsunday gregxsunday Report : Add Beego.Input.RequestBody source to Beego framework...
HackerOne Bug Bounty Disclosure: cpp:-pam-authorization-bypassbykuzu7shiki
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by kuzu7shiki kuzu7shiki Report CPP: Pam Authorization Bypass Full Report ...
HackerOne Bug Bounty Disclosure: [cpp]add-query-to-detect-bugs-like-cve-2017-5123by4b5f5f4b
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by 4b5f5f4b 4b5f5f4b Report Add query to detect bugs like CVE-2017-5123...
HackerOne Bug Bounty Disclosure: cve-2023-27537:-hsts-double-freebykurohiro
Programme HackerOne curl curl Submitted by kurohiro kurohiro Report CVE-2023-27537: HSTS double-free Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: potential-dos-vulnerability-in-django-in-multipart-parserbydas7pad
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by das7pad das7pad Report Potential DoS vulnerability in Django in multipart...
HackerOne Bug Bounty Disclosure: regular-expression-denial-of-service-in-headersbysno2
Programme HackerOne Node.js Node.js Submitted by sno2 sno2 Report Regular Expression Denial of Service in Headers Full Report A...
HackerOne Bug Bounty Disclosure: insecure-loading-of-icu-data-through-icu_data-environment-variablebybnoordhuis
Programme HackerOne Node.js Node.js Submitted by bnoordhuis bnoordhuis Report Insecure loading of ICU data through ICU_DATA environment variable Full Report...
HackerOne Bug Bounty Disclosure: permissions-policies-can-be-bypassed-via-process-mainmodulebygoums
Programme HackerOne Node.js Node.js Submitted by goums goums Report Permissions policies can be bypassed via process.mainModule Full Report A...
HackerOne Bug Bounty Disclosure: rce-vulnerability-in-apache-airflow-providers-apache-sqoop-3-1-0byleixiao
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by leixiao leixiao Report RCE vulnerability in apache-airflow-providers-apache-sqoop 3.1.0 Full Report...
HackerOne Bug Bounty Disclosure: [cve-2022-44268]-arbitrary-remote-leak-via-imagemagickbymikkocarreon
Programme HackerOne HackerOne HackerOne Submitted by mikkocarreon mikkocarreon Report Arbitrary Remote Leak via ImageMagick Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: snowflake-server:-leak-of-tls-packets-from-other-clientsbyhazae41
Programme HackerOne Tor Tor Submitted by hazae41 hazae41 Report Snowflake server: Leak of TLS packets from other clients Full Report...
HackerOne Bug Bounty Disclosure: traffic-amplification-attack-via-discovery-protocolbyluk-matczak
Programme HackerOne IOVLabs IOVLabs Submitted by luk-matczak luk-matczak Report Traffic amplification attack via discovery protocol Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: information-disclosure-of-another-company-bug-on-video-bymanish_adz
Programme HackerOne HackerOne HackerOne Submitted by manish_adz manish_adz Report information disclosure of another company bug on video. Full Report A...
HackerOne Bug Bounty Disclosure: scope-information-is-leaked-when-visiting-policy-scopes-tab-of-any-external-programbyburaaqsec
Programme HackerOne HackerOne HackerOne Submitted by buraaqsec buraaqsec Report Scope information is leaked when visiting policy scopes tab of any...
HackerOne Bug Bounty Disclosure: stored-xss-on-www-hackerone-com-due-to-deleted-s3-bucket-from-old-page_widgetbyfransrosen
Programme HackerOne HackerOne HackerOne Submitted by fransrosen fransrosen Report Stored XSS on www.hackerone.com due to deleted S3-bucket from old page_widget...
HackerOne Bug Bounty Disclosure: improper-handling-of-null-bytes-in-github-actions-runner-allows-an-attacker-to-set-arbitrary-environment-variablesbyryotak
Programme HackerOne GitHub GitHub Submitted by ryotak ryotak Report Improper handling of null bytes in GitHub Actions Runner allows an...
HackerOne Bug Bounty Disclosure: mail-app-stores-cleartext-password-in-database-until-oauth2-setup-is-donebychristophwurst
Programme HackerOne Nextcloud Nextcloud Submitted by christophwurst christophwurst Report Mail app stores cleartext password in database until OAUTH2 setup is...
HackerOne Bug Bounty Disclosure: rxss-on-https://travel-state-gov/content/travel/en/search-htmlbytmz900
Programme HackerOne U.S. Department of State U.S. Department of State Submitted by tmz900 tmz900 Report RXSS on https://travel.state.gov/content/travel/en/search.html Full Report...
HackerOne Bug Bounty Disclosure: object-injection-in-`stripe-billing-typographic`-github-project-via-/auth/loginbyphor3nsic
Programme HackerOne Stripe Stripe Submitted by phor3nsic phor3nsic Report Object injection in `stripe-billing-typographic` GitHub project via /auth/login Full Report A...
HackerOne Bug Bounty Disclosure: extraction-of-pages-build-scripts,-config-values,-tokens,-etc–via-symlinksbymattipv4
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by mattipv4 mattipv4 Report Extraction of Pages build scripts,...
HackerOne Bug Bounty Disclosure: argo-cd-reconciles-apps-outside-configured-namespaces-when-sharding-is-enabledbyczchen
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by czchen czchen Report Argo CD reconciles apps outside configured namespaces...
HackerOne Bug Bounty Disclosure: targeted-phishing-attacks-in-login-flow-v2byrtod
Programme HackerOne Nextcloud Nextcloud Submitted by rtod rtod Report Targeted phishing attacks in Login flow v2 Full Report A considerable...
