Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:darkroomdragonLink to Submitters Profile:https://hackerone.com/darkroomdragon Report Title:Memory Leak in libcurl via Location Header...
Unauthenticated Remote Code Execution (CVE-2025-4428) Unauthenticated Remote Code Execution (CVE-2025-4428) Researcher: Ironsoul74 Engagement: Unisys Vulnerability Disclosure Engagement Disclosed at: 2025-05-22T06:59:01Z...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:jmanojlovichLink to Submitters Profile:https://hackerone.com/jmanojlovich Report Title:`Curl_socketpair()` fallback vulnerable to man-in-the-middle attackReport Link:https://hackerone.com/reports/3148937Date...
Host Header Injection on Password-Reset Functionality Causes Unauthorized Redirect to Attacker-Controlled Domain Where a Users Could be Tricked into Entering...
Company Name: Nintendo Company HackerOne URL: https://hackerone.com/nintendo Submitted By:roccodevLink to Submitters Profile:https://hackerone.com/roccodev Report Title: Improper validation of names allows injecting...
Company Name: Nintendo Company HackerOne URL: https://hackerone.com/nintendo Submitted By:roccodevLink to Submitters Profile:https://hackerone.com/roccodev Report Title: Unrestricted RPCs allow DoS and writing...
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nkirk-nrlabsLink to Submitters Profile:https://hackerone.com/nkirk-nrlabs Report Title:Bedrock Guardrails Evasion with Prompt FormattingReport...
Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:justinnietzelLink to Submitters Profile:https://hackerone.com/justinnietzel Report Title:Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo& args) when...
Company Name: Lichess Company HackerOne URL: https://hackerone.com/lichess Submitted By:hajjaj-Link to Submitters Profile:https://hackerone.com/hajjaj- Report Title:Weak Rate Limiting Controls in the (LOGIN)...
Company Name: Lichess Company HackerOne URL: https://hackerone.com/lichess Submitted By:delsec_Link to Submitters Profile:https://hackerone.com/delsec_ Report Title:Open Redirect Vulnerability in OAuth Flow Leading...
Information Disclosure through configuration and various logs Information Disclosure through configuration and various logs Researcher: yashjare Engagement: National Aeronautics and...
an confidential pdf regarding technical memorandom an confidential pdf regarding technical memorandom Researcher: SahilGadhe Engagement: National Aeronautics and Space Administration...
Reflected XSS on esto.nasa.gov allows arbitrary JavaScript execution and redirection Reflected XSS on esto.nasa.gov allows arbitrary JavaScript execution and redirection...
EXIF Geolocation Data Not Stripped in NASA CDSCC Image - Exposure of Sensitive Location (Canberra Deep Space Communication Complex) EXIF...
Reflected XSS Vulnerability in SEWP Provider Lookup Tool - www.sewp.nasa.gov Reflected XSS Vulnerability in SEWP Provider Lookup Tool - www.sewp.nasa.gov...
Improper Access Control: Authenticated Resource Exposed via Wayback Machine Archive- Nasa sheets& docs Improper Access Control: Authenticated Resource Exposed via...
Possible Public Exposure of CONFIDENTIAL Document on NASA NTRS Possible Public Exposure of CONFIDENTIAL Document on NASA NTRS Researcher: b1t3x0p...
Exposed Python Script with Hardcoded SFTP Credentials, Internal IPs, and Sensitive Data Access Exposed Python Script with Hardcoded SFTP Credentials,...
Stored XSS in NASA ASRS Maintenance Form – Payload Executes on Print Page Stored XSS in NASA ASRS Maintenance Form...
Hardcoded API Key Found in Public NASA GitHub Repository Hardcoded API Key Found in Public NASA GitHub Repository Researcher: Uma_Maheshwar_Ayyala...
Public Exposure of Internal Calibration Planning File on heasarc.gsfc.nasa.gov (XMM-Newton) Public Exposure of Internal Calibration Planning File on heasarc.gsfc.nasa.gov (XMM-Newton)...
Public Exposure of Internal Calibration Planning File on heasarc.gsfc.nasa.gov (XMM-Newton) Public Exposure of Internal Calibration Planning File on heasarc.gsfc.nasa.gov (XMM-Newton)...
Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:samirsec0x01Link to Submitters Profile:https://hackerone.com/samirsec0x01 Report Title:Netlify Authentication Token Exposed in Public Mozilla...
Company Name: WakaTime Company HackerOne URL: https://hackerone.com/wakatime Submitted By:atasecLink to Submitters Profile:https://hackerone.com/atasec Report Title:user api key leakedReport Link:https://hackerone.com/reports/3098717Date Submitted:13 May...
