bug bounty

hackerone

HackerOne Bug Bounty Disclosure: cve-apache-airflow-command-injection-in-read-dataset-event-from-classic-dag-nhienit

December 7, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:nhienit2010Link to Submitters Profile:https://hackerone.com/nhienit2010 Report Title:CVE-2024-45498: Apache Airflow Command injection...

Read MoreRead more about HackerOne Bug Bounty Disclosure: cve-apache-airflow-command-injection-in-read-dataset-event-from-classic-dag-nhienit
hackerone

HackerOne Bug Bounty Disclosure: -addons-preview-cdn-mozilla-net-a-subdomain-takeover-is-available-via-unregistered-domain-in-fastly-haveaniceday

December 6, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:haveanicedayLink to Submitters Profile:https://hackerone.com/haveaniceday Report Title:mozillanet ] A subdomain takeover is available...

Read MoreRead more about HackerOne Bug Bounty Disclosure: -addons-preview-cdn-mozilla-net-a-subdomain-takeover-is-available-via-unregistered-domain-in-fastly-haveaniceday
hackerone

HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-django-utils-html-urlize-mprogrammer

November 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:mprogrammerLink to Submitters Profile:https://hackerone.com/mprogrammer Report Title:CVE-2024-41990: Potential denial-of-service in djangoutilshtmlurlize()Report...

Read MoreRead more about HackerOne Bug Bounty Disclosure: cve-potential-denial-of-service-in-django-utils-html-urlize-mprogrammer
hackerone

HackerOne Bug Bounty Disclosure: rate-limit-bypass-on-passport-acronis-work-using-x-forwarded-for-request-header-analyz-r

November 28, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:analyz3rLink to Submitters Profile:https://hackerone.com/analyz3r Report Title:Rate limit bypass on passportacroniswork using X-Forwarded-For...

Read MoreRead more about HackerOne Bug Bounty Disclosure: rate-limit-bypass-on-passport-acronis-work-using-x-forwarded-for-request-header-analyz-r
hackerone

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

November 22, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:4xpl0r3rLink to Submitters Profile:https://hackerone.com/4xpl0r3r Report Title:`std::process::Command` batch files argument escaping...

Read MoreRead more about HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r
hackerone

HackerOne Bug Bounty Disclosure: external-storage-global-credentials-returned-to-the-client-side-in-plaintext-tuyenee

November 21, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:tuyeneeLink to Submitters Profile:https://hackerone.com/tuyenee Report Title:External storage - global credentials returned to...

Read MoreRead more about HackerOne Bug Bounty Disclosure: external-storage-global-credentials-returned-to-the-client-side-in-plaintext-tuyenee
hackerone

HackerOne Bug Bounty Disclosure: csrftoken-not-unique-to-session-or-specific-user-and-csrfmiddlewaretoken-can-be-altered-bashbdeer

November 20, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:bashbdeerLink to Submitters Profile:https://hackerone.com/bashbdeer Report Title:csrftoken not unique to session or specific...

Read MoreRead more about HackerOne Bug Bounty Disclosure: csrftoken-not-unique-to-session-or-specific-user-and-csrfmiddlewaretoken-can-be-altered-bashbdeer
hackerone

HackerOne Bug Bounty Disclosure: reflected-xss-in-hxxps-www-acronis-com-products-cyber-protect-trial-tomblorg

November 20, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:tomblorgLink to Submitters Profile:https://hackerone.com/tomblorg Report Title:Reflected XSS in hXXps://wwwacroniscom/products/cyber-protect/trial/Report Link:https://hackerone.com/reports/1891926Date Submitted:20 November...

Read MoreRead more about HackerOne Bug Bounty Disclosure: reflected-xss-in-hxxps-www-acronis-com-products-cyber-protect-trial-tomblorg
hackerone

HackerOne Bug Bounty Disclosure: a-potential-risk-in-the-cloudfrontextensionsconsole-which-can-be-used-to-privilege-escalation-zolaer

November 19, 2024

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:zolaer9527Link to Submitters Profile:https://hackerone.com/zolaer9527 Report Title:A potential risk in the cloudFrontExtensionsConsole...

Read MoreRead more about HackerOne Bug Bounty Disclosure: a-potential-risk-in-the-cloudfrontextensionsconsole-which-can-be-used-to-privilege-escalation-zolaer
hackerone

HackerOne Bug Bounty Disclosure: hackerone-supports-accounts-organitation-takeover-madara

November 19, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:madara_Link to Submitters Profile:https://hackerone.com/madara_ Report Title:Hackerone supports accounts organitation takeoverReport Link:https://hackerone.com/reports/2798380Date Submitted:19...

Read MoreRead more about HackerOne Bug Bounty Disclosure: hackerone-supports-accounts-organitation-takeover-madara
hackerone

HackerOne Bug Bounty Disclosure: heap-buffer-overread-in-contains-whitespace-when-calling-parser-validate-after-supplying-a-maliciously-crafted-buffer-to-parser-parse-l-thaxor

November 19, 2024

Company Name: Cosmos Company HackerOne URL: https://hackerone.com/cosmos Submitted By:l33thaxorLink to Submitters Profile:https://hackerone.com/l33thaxor Report Title:Heap-Buffer-Overread in contains_whitespace when calling parser_validate after...

Read MoreRead more about HackerOne Bug Bounty Disclosure: heap-buffer-overread-in-contains-whitespace-when-calling-parser-validate-after-supplying-a-maliciously-crafted-buffer-to-parser-parse-l-thaxor

You may have missed

image

[INCRANSOM] – Ransomware Victim: cityofgardendale[.]com

July 4, 2025
image

CVE Alert: CVE-2025-27452

July 4, 2025
image

CVE Alert: CVE-2025-27453

July 4, 2025
image

CVE Alert: CVE-2025-27454

July 4, 2025
image

CVE Alert: CVE-2025-27455

July 4, 2025