Publicly Accessible .env File Exposing Hardcoded Credentials on NASA’s Git Repository Publicly Accessible .env File Exposing Hardcoded Credentials on NASA’s...
Leak of usernames from a private website Leak of usernames from a private website Researcher: Engagement: National Aeronautics and Space...
Unauthorized Disclosure of PII via Internal NASA Doc Vulnerability Unauthorized Disclosure of PII via Internal NASA Doc Vulnerability Researcher: Black_charon...
Unauthenticated metadata disclosure of protected NASA flight reports and mission schedules via /ajax/activity Unauthenticated metadata disclosure of protected NASA flight...
Critical Identity and Communication Data Exposed in Unprotected NASA Hangar Demolition Doc Vulnerability Critical Identity and Communication Data Exposed in...
Authentication Bypass + exposure of PII + reflected XSS Authentication Bypass + exposure of PII + reflected XSS Researcher: snillx...
self cross site scripting self cross site scripting Researcher: bugcrowd_staff Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure...
Self Reflected XSS on target.nasa.gov via unescaped user input in field Self Reflected XSS on target.nasa.gov via unescaped user input...
Graphql API exposes all groups and goups users leaking internal stucture, full names and emails Graphql API exposes all groups...
Cross Site Scripting Cross Site Scripting Researcher: ChrisRanaMagar Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
Account Takeover via Password Reset Token and Insecure Email Change Handling Account Takeover via Password Reset Token and Insecure Email...
CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. Researcher: Renatto Engagement: National Aeronautics and Space Administration (NASA) -...
HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory...
Reflected XSS on oceandata.sci.gsfc.nasa.gov Reflected XSS on oceandata.sci.gsfc.nasa.gov Researcher: FebriHp Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure...
Confidental Information of NASA found Confidental Information of NASA found Researcher: arjanchaudharyy Engagement: National Aeronautics and Space Administration (NASA) -...
RXSS at `https://skyview.gsfc.nasa.gov/current/cgi/vo/sia.pl` RXSS at `https://skyview.gsfc.nasa.gov/current/cgi/vo/sia.pl` Researcher: GxbNt Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
Sensitive NASA Equipment Inventory Disclosed via Public Endpoint on www3.nasa.gov Sensitive NASA Equipment Inventory Disclosed via Public Endpoint on www3.nasa.gov...
NASA-User Owned PDF Publicly Exposed with Full Edit Rights — Risk of Deletion and PII Disclosure NASA-User Owned PDF Publicly...
Exposed NASA/JPL Credentials and Emails via Public Pastebin Leak Exposed NASA/JPL Credentials and Emails via Public Pastebin Leak Researcher: JustAKids...
RXSS On https://www1-2-pz.sewp.nasa.gov/ RXSS On https://www1-2-pz.sewp.nasa.gov/ Researcher: asjadbutt Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
Apollo 13 Onboard Voice Transcription for Potential Data Exposure Apollo 13 Onboard Voice Transcription for Potential Data Exposure Researcher: suyashksawant...
Unauthenticated Remote Code Execution (CVE-2025-4428) Unauthenticated Remote Code Execution (CVE-2025-4428) Researcher: Ironsoul74 Engagement: Unisys Vulnerability Disclosure Engagement Disclosed at: 2025-05-22T06:59:01Z...
Host Header Injection on Password-Reset Functionality Causes Unauthorized Redirect to Attacker-Controlled Domain Where a Users Could be Tricked into Entering...
an confidential pdf regarding technical memorandom an confidential pdf regarding technical memorandom Researcher: SahilGadhe Engagement: National Aeronautics and Space Administration...
