bug bounty

HackerOne Bug Bounty Disclosure: stored-xss-via-post-tittle-enabling-non-privileged-user-to-privileged-user-exploitation-on-hxxps-forums-autodesk-com-the-white-evil

February 26, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:the-white-evilLink to Submitters Profile:https://hackerone.com/the-white-evil Report Title:Stored XSS via Post Tittle Enabling Non-Privileged...

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-datazone-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

February 26, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the Datazone...

HackerOne Bug Bounty Disclosure: burp-suite-extensions-can-execute-arbitrary-code-iamunixtz

February 26, 2025

Company Name: PortSwigger Web Security Company HackerOne URL: https://hackerone.com/portswigger Submitted By:iamunixtzLink to Submitters Profile:https://hackerone.com/iamunixtz Report Title:Burp Suite extensions can execute...

HackerOne Bug Bounty Disclosure: account-takeover-via-password-reset-without-user-interactions-asterion

February 26, 2025

Company Name: GitLab Company HackerOne URL: https://hackerone.com/gitlab Submitted By:asterion04Link to Submitters Profile:https://hackerone.com/asterion04 Report Title:Account Takeover via Password Reset without user...

HackerOne Bug Bounty Disclosure: uncontrolled-resource-consumption-when-parsing-maliciously-crafted-xml-with-rexml-l-thaxor

February 20, 2025

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:l33thaxorLink to Submitters Profile:https://hackerone.com/l33thaxor Report Title:Uncontrolled Resource Consumption when parsing maliciously crafted...

HackerOne Bug Bounty Disclosure: unauthenticated-phpinfo-files-could-lead-to-ability-file-read-at-h-f-n-ips-mtn-co-ug-dashboard-offensiveops

February 20, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:offensiveopsLink to Submitters Profile:https://hackerone.com/offensiveops Report Title:Unauthenticated phpinfo()files could lead to ability...

HackerOne Bug Bounty Disclosure: format-string-vulnerability-curl-msnprintf-function-orcahack

February 20, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:orcahackLink to Submitters Profile:https://hackerone.com/orcahack Report Title:Format string vulnerability, curl_msnprintf() function Report Link:https://hackerone.com/reports/2990139Date...

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-idor-vulnerability-in-autodesk-user-profile-eyax

February 19, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:eyax0Link to Submitters Profile:https://hackerone.com/eyax0 Report Title:Insecure Direct Object Reference (IDOR) Vulnerability in...

HackerOne Bug Bounty Disclosure: idor-vulnerability-allowing-unauthorized-profile-picture-change-tasin-zucced

February 19, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:tasin_zucced___Link to Submitters Profile:https://hackerone.com/tasin_zucced___ Report Title:IDOR Vulnerability Allowing Unauthorized Profile Picture ChangeReport...

HackerOne Bug Bounty Disclosure: cisco-ios-xe-instance-at-vulnerable-to-cve-offensiveops

February 19, 2025

HackerOne Bug Bounty Disclosure: wordpress-users-disclosure-karimtantawy

February 12, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:karimtantawyLink to Submitters Profile:https://hackerone.com/karimtantawy Report Title:Wordpress users DisclosureReport Link:https://hackerone.com/reports/2981756Date Submitted:12 February 2025...

HackerOne Bug Bounty Disclosure: improper-cache-handling-allows-access-to-post-logout-pages-victim-of-life

February 10, 2025

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:victim_of_lifeLink to Submitters Profile:https://hackerone.com/victim_of_life Report Title:Improper Cache Handling Allows Access to Post-Logout...

HackerOne Bug Bounty Disclosure: clickjacking-in-main-domain-hxxps-topechelon-com-genz

February 10, 2025

Company Name: Top Echelon Software Company HackerOne URL: https://hackerone.com/top_echelon_software Submitted By:genz-1Link to Submitters Profile:https://hackerone.com/genz-1 Report Title:Clickjacking in main domain hXXps://topecheloncom/Report...

HackerOne Bug Bounty Disclosure: error-page-content-spoofing-or-text-injection-mcblockchamp

February 7, 2025

Company Name: XVIDEOS Company HackerOne URL: https://hackerone.com/xvideos Submitted By:mcblockchampLink to Submitters Profile:https://hackerone.com/mcblockchamp Report Title:Error Page Content Spoofing or Text InjectionReport...

HackerOne Bug Bounty Disclosure: cve-django-potential-sql-injection-in-haskey-lhs-rhs-on-oracle-scyoon

February 7, 2025

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:scyoonLink to Submitters Profile:https://hackerone.com/scyoon Report Title:CVE-2024-53908: Django Potential SQL injection...

HackerOne Bug Bounty Disclosure: cve-netrc-and-default-credential-leak-sherlock

February 7, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:sherlock2010Link to Submitters Profile:https://hackerone.com/sherlock2010 Report Title:CVE-2025-0167: netrc and default credential leakReport Link:https://hackerone.com/reports/2917232Date...

HackerOne Bug Bounty Disclosure: cve-eventfd-double-close-ankomcoper

February 7, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:ankomcoperLink to Submitters Profile:https://hackerone.com/ankomcoper Report Title:CVE-2025-0665: eventfd double closeReport Link:https://hackerone.com/reports/2954286Date Submitted:07 February...

bug bounty

HackerOne Bug Bounty Disclosure: stored-xss-via-post-tittle-enabling-non-privileged-user-to-privileged-user-exploitation-on-hxxps-forums-autodesk-com-the-white-evil

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-datazone-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

HackerOne Bug Bounty Disclosure: burp-suite-extensions-can-execute-arbitrary-code-iamunixtz

HackerOne Bug Bounty Disclosure: account-takeover-via-password-reset-without-user-interactions-asterion

HackerOne Bug Bounty Disclosure: uncontrolled-resource-consumption-when-parsing-maliciously-crafted-xml-with-rexml-l-thaxor

HackerOne Bug Bounty Disclosure: unauthenticated-phpinfo-files-could-lead-to-ability-file-read-at-h-f-n-ips-mtn-co-ug-dashboard-offensiveops

HackerOne Bug Bounty Disclosure: format-string-vulnerability-curl-msnprintf-function-orcahack

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-idor-vulnerability-in-autodesk-user-profile-eyax

HackerOne Bug Bounty Disclosure: idor-vulnerability-allowing-unauthorized-profile-picture-change-tasin-zucced

HackerOne Bug Bounty Disclosure: cisco-ios-xe-instance-at-vulnerable-to-cve-offensiveops

HackerOne Bug Bounty Disclosure: wordpress-users-disclosure-karimtantawy

HackerOne Bug Bounty Disclosure: improper-cache-handling-allows-access-to-post-logout-pages-victim-of-life

HackerOne Bug Bounty Disclosure: clickjacking-in-main-domain-hxxps-topechelon-com-genz

HackerOne Bug Bounty Disclosure: error-page-content-spoofing-or-text-injection-mcblockchamp

HackerOne Bug Bounty Disclosure: cve-django-potential-sql-injection-in-haskey-lhs-rhs-on-oracle-scyoon

HackerOne Bug Bounty Disclosure: cve-netrc-and-default-credential-leak-sherlock

HackerOne Bug Bounty Disclosure: cve-eventfd-double-close-ankomcoper

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-style-and-math-mokusou

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-noscript-taise

HackerOne Bug Bounty Disclosure: -actionview-sanitize-helper-bypass-with-math-related-tags-mokusou

HackerOne Bug Bounty Disclosure: goaway-http-frames-cause-memory-leak-outside-heap-newtmitch

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-mokusou

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-with-style-and-svg-tags-taise

HackerOne Bug Bounty Disclosure: xss-on-using-the-legacy-graphie-to-png-api-sikn

Brute Ratel C4 Detected – 52[.]197[.]160[.]186:80

[QILIN] – Ransomware Victim: knightknox

[IMNCREW] – Ransomware Victim: Apntelecom[.]com

CVE Alert: CVE-2025-53490

CVE Alert: CVE-2025-45938

You may have missed