BugCrowd Bug Bounty Disclosure: P1 – Authentication Bypass + exposure of PII + reflected XSS – snillx
Authentication Bypass + exposure of PII + reflected XSS Authentication Bypass + exposure of PII + reflected XSS Researcher: snillx...
BugCrowd
BugCrowd Bug Bounty Disclosure: P5 – Cross Site Scripting – ChrisRanaMagar
Cross Site Scripting Cross Site Scripting Researcher: ChrisRanaMagar Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
BugCrowd Bug Bounty Disclosure: P5 – self cross site scripting – bugcrowd_staff
self cross site scripting self cross site scripting Researcher: bugcrowd_staff Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure...
BugCrowd Bug Bounty Disclosure: P5 – Self Reflected XSS on target.nasa.gov via unescaped user input in field – cybersamir
Self Reflected XSS on target.nasa.gov via unescaped user input in field Self Reflected XSS on target.nasa.gov via unescaped user input...
BugCrowd Bug Bounty Disclosure: P2 – Graphql API exposes all groups and goups users leaking internal stucture, full names and emails – vinax
Graphql API exposes all groups and goups users leaking internal stucture, full names and emails Graphql API exposes all groups...
BugCrowd Bug Bounty Disclosure: P5 – Account Takeover via Password Reset Token and Insecure Email Change Handling – David007
Account Takeover via Password Reset Token and Insecure Email Change Handling Account Takeover via Password Reset Token and Insecure Email...
BugCrowd Bug Bounty Disclosure: P3 – CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. – Renatto
CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. Researcher: Renatto Engagement: National Aeronautics and Space Administration (NASA) -...
BugCrowd Bug Bounty Disclosure: P2 – HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory – Mon3m
HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory...
BugCrowd Bug Bounty Disclosure: P5 – Reflected XSS on oceandata.sci.gsfc.nasa.gov – FebriHp
Reflected XSS on oceandata.sci.gsfc.nasa.gov Reflected XSS on oceandata.sci.gsfc.nasa.gov Researcher: FebriHp Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure...
BugCrowd Bug Bounty Disclosure: P5 – Confidental Information of NASA found – arjanchaudharyy
Confidental Information of NASA found Confidental Information of NASA found Researcher: arjanchaudharyy Engagement: National Aeronautics and Space Administration (NASA) -...
BugCrowd Bug Bounty Disclosure: P3 – RXSS at `https://skyview.gsfc.nasa.gov/current/cgi/vo/sia.pl` – GxbNt
RXSS at `https://skyview.gsfc.nasa.gov/current/cgi/vo/sia.pl` RXSS at `https://skyview.gsfc.nasa.gov/current/cgi/vo/sia.pl` Researcher: GxbNt Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
BugCrowd Bug Bounty Disclosure: P5 – Sensitive NASA Equipment Inventory Disclosed via Public Endpoint on www3.nasa.gov – candykhaba
Sensitive NASA Equipment Inventory Disclosed via Public Endpoint on www3.nasa.gov Sensitive NASA Equipment Inventory Disclosed via Public Endpoint on www3.nasa.gov...
BugCrowd Bug Bounty Disclosure: P3 – NASA-User Owned PDF Publicly Exposed with Full Edit Rights — Risk of Deletion and PII Disclosure –
NASA-User Owned PDF Publicly Exposed with Full Edit Rights — Risk of Deletion and PII Disclosure NASA-User Owned PDF Publicly...
BugCrowd Bug Bounty Disclosure: P3 – Exposed NASA/JPL Credentials and Emails via Public Pastebin Leak – JustAKids
Exposed NASA/JPL Credentials and Emails via Public Pastebin Leak Exposed NASA/JPL Credentials and Emails via Public Pastebin Leak Researcher: JustAKids...
BugCrowd Bug Bounty Disclosure: P5 – RXSS On https://www1-2-pz.sewp.nasa.gov/ – asjadbutt
RXSS On https://www1-2-pz.sewp.nasa.gov/ RXSS On https://www1-2-pz.sewp.nasa.gov/ Researcher: asjadbutt Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
BugCrowd Bug Bounty Disclosure: P5 – Apollo 13 Onboard Voice Transcription for Potential Data Exposure – suyashksawant
Apollo 13 Onboard Voice Transcription for Potential Data Exposure Apollo 13 Onboard Voice Transcription for Potential Data Exposure Researcher: suyashksawant...
BugCrowd Bug Bounty Disclosure: P2 – Unauthenticated Remote Code Execution (CVE-2025-4428) – Ironsoul74
Unauthenticated Remote Code Execution (CVE-2025-4428) Unauthenticated Remote Code Execution (CVE-2025-4428) Researcher: Ironsoul74 Engagement: Unisys Vulnerability Disclosure Engagement Disclosed at: 2025-05-22T06:59:01Z...
BugCrowd Bug Bounty Disclosure: P5 – Host Header Injection on Password-Reset Functionality Causes Unauthorized Redirect to Attacker-Controlled Domain Where a Users Could be Tricked into Entering Account Credentials for Account Takeover or PII Leak – Imshadab18
Host Header Injection on Password-Reset Functionality Causes Unauthorized Redirect to Attacker-Controlled Domain Where a Users Could be Tricked into Entering...
BugCrowd Bug Bounty Disclosure: P3 – Exposed Python Script with Hardcoded SFTP Credentials, Internal IPs, and Sensitive Data Access – unknown_soldier
Exposed Python Script with Hardcoded SFTP Credentials, Internal IPs, and Sensitive Data Access Exposed Python Script with Hardcoded SFTP Credentials,...
BugCrowd Bug Bounty Disclosure: P5 – Stored XSS in NASA ASRS Maintenance Form – Payload Executes on Print Page – RootVaibhav
Stored XSS in NASA ASRS Maintenance Form – Payload Executes on Print Page Stored XSS in NASA ASRS Maintenance Form...
BugCrowd Bug Bounty Disclosure: P3 – Hardcoded API Key Found in Public NASA GitHub Repository – Uma_Maheshwar_Ayyala
Hardcoded API Key Found in Public NASA GitHub Repository Hardcoded API Key Found in Public NASA GitHub Repository Researcher: Uma_Maheshwar_Ayyala...
BugCrowd Bug Bounty Disclosure: P5 – Information Disclosure through configuration and various logs – yashjare
Information Disclosure through configuration and various logs Information Disclosure through configuration and various logs Researcher: yashjare Engagement: National Aeronautics and...
BugCrowd Bug Bounty Disclosure: P5 – an confidential pdf regarding technical memorandom – SahilGadhe
an confidential pdf regarding technical memorandom an confidential pdf regarding technical memorandom Researcher: SahilGadhe Engagement: National Aeronautics and Space Administration...
BugCrowd Bug Bounty Disclosure: P5 – Reflected XSS on esto.nasa.gov allows arbitrary JavaScript execution and redirection – Faxcel
Reflected XSS on esto.nasa.gov allows arbitrary JavaScript execution and redirection Reflected XSS on esto.nasa.gov allows arbitrary JavaScript execution and redirection...
