URL Scheme misconfiguration on TikTok for IOS
π https://hackerone.com/reports/1437294
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #glassplant
πΉ State: π’ Resolved
πΉ Disclosed: May 4, 2022, 10:17pm (UTC)
π https://hackerone.com/reports/1437294
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #glassplant
πΉ State: π’ Resolved
πΉ Disclosed: May 4, 2022, 10:17pm (UTC)
One Click Account Hijacking via Unvalidated Deeplink
π https://hackerone.com/reports/1500614
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #fr4via
πΉ State: π’ Resolved
πΉ Disclosed: May 4, 2022, 10:23pm (UTC)
π https://hackerone.com/reports/1500614
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #fr4via
πΉ State: π’ Resolved
πΉ Disclosed: May 4, 2022, 10:23pm (UTC)
π4
Clickjacking Vulnerability Can Leads To Delete Developer APP
π https://hackerone.com/reports/1416612
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #rioncool22
πΉ State: π’ Resolved
πΉ Disclosed: May 4, 2022, 10:25pm (UTC)
π https://hackerone.com/reports/1416612
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #rioncool22
πΉ State: π’ Resolved
πΉ Disclosed: May 4, 2022, 10:25pm (UTC)
Github Account Takeover which is used as gradle vcs in "github.com/palantir/gradle-launch-config-plugin"
π https://hackerone.com/reports/1525578
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Palantir Public
πΉ Reported By: #codermak
πΉ State: π’ Resolved
πΉ Disclosed: May 5, 2022, 1:54pm (UTC)
π https://hackerone.com/reports/1525578
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Palantir Public
πΉ Reported By: #codermak
πΉ State: π’ Resolved
πΉ Disclosed: May 5, 2022, 1:54pm (UTC)
Able to bypass email verification and change email to any other user email
π https://hackerone.com/reports/1551176
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Reddit
πΉ Reported By: #bisesh
πΉ State: π’ Resolved
πΉ Disclosed: May 6, 2022, 4:50pm (UTC)
π https://hackerone.com/reports/1551176
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Reddit
πΉ Reported By: #bisesh
πΉ State: π’ Resolved
πΉ Disclosed: May 6, 2022, 4:50pm (UTC)
π3π2
SQL injection in URL path processing on www.ibm.com
π https://hackerone.com/reports/1527284
πΉ Severity: Critical
πΉ Reported To: IBM
πΉ Reported By: #asterite
πΉ State: π’ Resolved
πΉ Disclosed: May 6, 2022, 6:37pm (UTC)
π https://hackerone.com/reports/1527284
πΉ Severity: Critical
πΉ Reported To: IBM
πΉ Reported By: #asterite
πΉ State: π’ Resolved
πΉ Disclosed: May 6, 2022, 6:37pm (UTC)
π₯1
Multiple IDORs in family pairing api
π https://hackerone.com/reports/1286332
πΉ Severity: High | π° 7,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #s3c
πΉ State: π’ Resolved
πΉ Disclosed: May 6, 2022, 9:18pm (UTC)
π https://hackerone.com/reports/1286332
πΉ Severity: High | π° 7,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #s3c
πΉ State: π’ Resolved
πΉ Disclosed: May 6, 2022, 9:18pm (UTC)
π₯2π1
Reflected xss in https://sh.reddit.com
π https://hackerone.com/reports/1549206
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Reddit
πΉ Reported By: #abhiramsita
πΉ State: π’ Resolved
πΉ Disclosed: May 8, 2022, 7:36am (UTC)
π https://hackerone.com/reports/1549206
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Reddit
πΉ Reported By: #abhiramsita
πΉ State: π’ Resolved
πΉ Disclosed: May 8, 2022, 7:36am (UTC)
π₯5π2
Slowvote and Countdown can cause Denial of Service due to recursive inclusion
π https://hackerone.com/reports/1563142
πΉ Severity: No Rating
πΉ Reported To: Phabricator
πΉ Reported By: #dyls
πΉ State: π’ Resolved
πΉ Disclosed: May 9, 2022, 6:37pm (UTC)
π https://hackerone.com/reports/1563142
πΉ Severity: No Rating
πΉ Reported To: Phabricator
πΉ Reported By: #dyls
πΉ State: π’ Resolved
πΉ Disclosed: May 9, 2022, 6:37pm (UTC)
Global default settings page is accessible to non-administrators
π https://hackerone.com/reports/1563139
πΉ Severity: No Rating | π° 300 USD
πΉ Reported To: Phabricator
πΉ Reported By: #dyls
πΉ State: π’ Resolved
πΉ Disclosed: May 9, 2022, 10:25pm (UTC)
π https://hackerone.com/reports/1563139
πΉ Severity: No Rating | π° 300 USD
πΉ Reported To: Phabricator
πΉ Reported By: #dyls
πΉ State: π’ Resolved
πΉ Disclosed: May 9, 2022, 10:25pm (UTC)
Misconfigured Rate Limit in Sending Notifications to the Victims Phone Via the Endpoint " /faxes/inbox "
π https://hackerone.com/reports/1482919
πΉ Severity: Medium
πΉ Reported To: Alohi
πΉ Reported By: #shamim_12__
πΉ State: π’ Resolved
πΉ Disclosed: May 10, 2022, 9:14am (UTC)
π https://hackerone.com/reports/1482919
πΉ Severity: Medium
πΉ Reported To: Alohi
πΉ Reported By: #shamim_12__
πΉ State: π’ Resolved
πΉ Disclosed: May 10, 2022, 9:14am (UTC)
π1
Certificate authentication re-use on redirect
π https://hackerone.com/reports/1563061
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π΄ N/A
πΉ Disclosed: May 11, 2022, 6:48am (UTC)
π https://hackerone.com/reports/1563061
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π΄ N/A
πΉ Disclosed: May 11, 2022, 6:48am (UTC)
CVE-2022-27778: curl removes wrong file on error
π https://hackerone.com/reports/1553598
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 7:23am (UTC)
π https://hackerone.com/reports/1553598
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 7:23am (UTC)
CVE-2022-27779: cookie for trailing dot TLD
π https://hackerone.com/reports/1553301
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 7:59am (UTC)
π https://hackerone.com/reports/1553301
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 7:59am (UTC)
Account takeover via Google OneTap
π https://hackerone.com/reports/671406
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Priceline
πΉ Reported By: #badca7
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 9:37am (UTC)
π https://hackerone.com/reports/671406
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Priceline
πΉ Reported By: #badca7
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 9:37am (UTC)
CVE-2022-27782: TLS and SSH connection too eager reuse
π https://hackerone.com/reports/1555796
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 12:40pm (UTC)
π https://hackerone.com/reports/1555796
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 12:40pm (UTC)
SQL injextion via vulnerable doctrine/dbal version
π https://hackerone.com/reports/1390331
πΉ Severity: High
πΉ Reported To: Nextcloud
πΉ Reported By: #nickvergessen
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 2:08pm (UTC)
π https://hackerone.com/reports/1390331
πΉ Severity: High
πΉ Reported To: Nextcloud
πΉ Reported By: #nickvergessen
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 2:08pm (UTC)
CVE-2022-27780: percent-encoded path separator in URL host
π https://hackerone.com/reports/1553841
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 3:33pm (UTC)
π https://hackerone.com/reports/1553841
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 3:33pm (UTC)
π1
CVE-2022-30115: HSTS bypass via trailing dot
π https://hackerone.com/reports/1557449
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 3:33pm (UTC)
π https://hackerone.com/reports/1557449
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 3:33pm (UTC)
Remote kernel heap overflow
π https://hackerone.com/reports/1350653
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: PlayStation
πΉ Reported By: #m00nbsd
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 6:09pm (UTC)
π https://hackerone.com/reports/1350653
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: PlayStation
πΉ Reported By: #m00nbsd
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 6:09pm (UTC)
π2π₯2π2β€1
Storage of old passwords in plain text format
π https://hackerone.com/reports/1549217
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Recorded Future
πΉ Reported By: #subuganz
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 1:06pm (UTC)
π https://hackerone.com/reports/1549217
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Recorded Future
πΉ Reported By: #subuganz
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 1:06pm (UTC)