HackerOne Bug Bounty Disclosure: xss-in-socialicon-linkbysudi
Programme HackerOne Linktree Linktree Submitted by sudi sudi Report XSS in SocialIcon Link Full Report A considerable amount of time...
bug bounty
HackerOne Bug Bounty Disclosure: accessing/editing-folders-of-other-users-in-the-orginisation-bysnapsec
Programme HackerOne Lark Technologies Lark Technologies Submitted by snapsec snapsec Report Accessing/Editing Folders of Other Users in the Orginisation. Full...
HackerOne Bug Bounty Disclosure: html-injection-found-on-https://adobedocs-github-io/analytics-1-4-apis/swagger-docs-html-due-to-outdated-swagger-uibydreamer_eh
Programme HackerOne Adobe Adobe Submitted by dreamer_eh dreamer_eh Report HTML INJECTION FOUND ON https://adobedocs.github.io/analytics-1.4-apis/swagger-docs.html DUE TO OUTDATED SWAGGER UI Full...
HackerOne Bug Bounty Disclosure: cve-2022-42916:-hsts-bypass-via-idnbykurohiro
Programme HackerOne curl curl Submitted by kurohiro kurohiro Report CVE-2022-42916: HSTS bypass via IDN Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: cve-2022-35260:–netrc-parser-out-of-bounds-accessbykurohiro
Programme HackerOne curl curl Submitted by kurohiro kurohiro Report CVE-2022-35260: .netrc parser out-of-bounds access Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: subdomain-takeover-on-‘de-headless-staging-gymshark-com’bya-p0c
Programme HackerOne Gymshark Gymshark Submitted by a-p0c a-p0c Report Subdomain takeover on 'de-headless.staging.gymshark.com' Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: weak-randomness-in-webcrypto-keygenbybnoordhuis
Programme HackerOne Node.js Node.js Submitted by bnoordhuis bnoordhuis Report Weak randomness in WebCrypto keygen Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: http-request-smuggling-due-to-incorrect-parsing-of-header-fieldsbyvvx7
Programme HackerOne Node.js Node.js Submitted by vvx7 vvx7 Report HTTP Request Smuggling Due to Incorrect Parsing of Header Fields Full...
HackerOne Bug Bounty Disclosure: cve-2022-32213-bypass-via-obs-fold-mechanicbyhaxatron1
Programme HackerOne Node.js Node.js Submitted by haxatron1 haxatron1 Report CVE-2022-32213 bypass via obs-fold mechanic Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: business-logic,-currency-arbitrage—possibility-to-pay-less-than-the-price-in-usdbyxctzn
Programme HackerOne PortSwigger Web Security PortSwigger Web Security Submitted by xctzn xctzn Report Business Logic, currency arbitrage - Possibility to...
HackerOne Bug Bounty Disclosure: node-18-reads-openssl-cnf-from-/home/iojs/build/—-upon-startup-on-macosbymhdawson
Programme HackerOne Node.js Node.js Submitted by mhdawson mhdawson Report Node 18 reads openssl.cnf from /home/iojs/build/... upon startup on MacOS Full...
HackerOne Bug Bounty Disclosure: http-request-smuggling-due-to-incorrect-parsing-of-multi-line-transfer-encoding-(improper-fix-for-cve-2022-32215)byshacharm
Programme HackerOne Node.js Node.js Submitted by shacharm shacharm Report HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding (improper...
HackerOne Bug Bounty Disclosure: reflected-cross-site-scripting-via-swagger-uibywebcipher101
Programme HackerOne Adobe Adobe Submitted by webcipher101 webcipher101 Report Reflected Cross site scripting via Swagger UI Full Report A considerable...
HackerOne Bug Bounty Disclosure: a-malicious-admin-can-be-able-to-permanently-disable-a-owner(admin)-to-access-his-accountbydewcode91
Programme HackerOne Linktree Linktree Submitted by dewcode91 dewcode91 Report A malicious admin can be able to permanently disable a Owner(Admin)...
HackerOne Bug Bounty Disclosure: full-payment-bypass-to-use-premium-subscription-byn0_m3rcy
Programme HackerOne Krisp Krisp Submitted by n0_m3rcy n0_m3rcy Report Full payment bypass to use premium subscription. Full Report A considerable...
HackerOne Bug Bounty Disclosure: ability-to-view-non-permitted-admin-logbyimran_nisar
Programme HackerOne Lark Technologies Lark Technologies Submitted by imran_nisar imran_nisar Report Ability to View Non-Permitted Admin Log Full Report A...
HackerOne Bug Bounty Disclosure: removed-user-can-still-view-comments-on-the-file/documents-byimran_nisar
Programme HackerOne Lark Technologies Lark Technologies Submitted by imran_nisar imran_nisar Report Removed user can still view comments on the file/documents....
HackerOne Bug Bounty Disclosure: [csrf]-no-csrf-protection-against-sending-invitation-to-join-the-team-byimran_nisar
Programme HackerOne Lark Technologies Lark Technologies Submitted by imran_nisar imran_nisar Report No Csrf protection against sending invitation to join the...
HackerOne Bug Bounty Disclosure: dom-xss-at-`https://adobedocs-github-io/oae_partnerapi/?configurl={site}`-due-to-outdated-swagger-uibydreamer_eh
Programme HackerOne Adobe Adobe Submitted by dreamer_eh dreamer_eh Report DOM XSS at `https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site}` due to outdated Swagger UI Full Report...
HackerOne Bug Bounty Disclosure: idor-able-to-buy-a-plan-with-lesser-feebyug0x01
Programme HackerOne Automattic Automattic Submitted by ug0x01 ug0x01 Report IDOR able to buy a plan with lesser fee Full Report...
HackerOne Bug Bounty Disclosure: cve-2017-5929:-hyperledger—arbitrary-deserialization-of-untrusted-databymik-patient
Programme HackerOne Hyperledger Hyperledger Submitted by mik-patient mik-patient Report CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data Full Report A...
HackerOne Bug Bounty Disclosure: xss-in-www-shopify-com/markets?utm_source=bynoblesix
Programme HackerOne Shopify Shopify Submitted by noblesix noblesix Report XSS in www.shopify.com/markets?utm_source= Full Report A considerable amount of time and...
HackerOne Bug Bounty Disclosure: found-origin-ip’s-lead-to-accessbyibrahim0936356
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by ibrahim0936356 ibrahim0936356 Report Found Origin IP's Lead To...
HackerOne Bug Bounty Disclosure: broken-access-discloses-users-and-pii-at-https://-[htus]byg4mb4
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by g4mb4 g4mb4 Report Broken access discloses users and...
