[Java]: CWE-321 - Query to detect hardcoded JWT secret keys
π https://hackerone.com/reports/1567588
πΉ Severity: Medium
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #not_specified
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:30am (UTC)
π https://hackerone.com/reports/1567588
πΉ Severity: Medium
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #not_specified
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:30am (UTC)
[CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
π https://hackerone.com/reports/1564100
πΉ Severity: Low | π° 500 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
π https://hackerone.com/reports/1564100
πΉ Severity: Low | π° 500 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
[Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications
π https://hackerone.com/reports/1564099
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
π https://hackerone.com/reports/1564099
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
[CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf
π https://hackerone.com/reports/1549073
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
π https://hackerone.com/reports/1549073
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
[Java] CWE-016: Query to detect insecure configuration of Spring Boot Actuator
π https://hackerone.com/reports/1137966
πΉ Severity: Low | π° 500 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:32am (UTC)
π https://hackerone.com/reports/1137966
πΉ Severity: Low | π° 500 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:32am (UTC)
Cookie injection from non-secure context
π https://hackerone.com/reports/1560324
πΉ Severity: High
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π΄ N/A
πΉ Disclosed: May 13, 2022, 6:44am (UTC)
π https://hackerone.com/reports/1560324
πΉ Severity: High
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π΄ N/A
πΉ Disclosed: May 13, 2022, 6:44am (UTC)
Memory leak in CURLOPT_XOAUTH2_BEARER
π https://hackerone.com/reports/1567257
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #pappacoda
πΉ State: βͺοΈ Informative
πΉ Disclosed: May 13, 2022, 7:51am (UTC)
π https://hackerone.com/reports/1567257
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #pappacoda
πΉ State: βͺοΈ Informative
πΉ Disclosed: May 13, 2022, 7:51am (UTC)
error parse uri path in curl
π https://hackerone.com/reports/1566462
πΉ Severity: High
πΉ Reported To: curl
πΉ Reported By: #iylz
πΉ State: π΄ N/A
πΉ Disclosed: May 13, 2022, 8:34pm (UTC)
π https://hackerone.com/reports/1566462
πΉ Severity: High
πΉ Reported To: curl
πΉ Reported By: #iylz
πΉ State: π΄ N/A
πΉ Disclosed: May 13, 2022, 8:34pm (UTC)
Download full backup [Mtn.co.rw]
π https://hackerone.com/reports/1516520
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #ibrahimatix0x01
πΉ State: π’ Resolved
πΉ Disclosed: May 14, 2022, 9:54am (UTC)
π https://hackerone.com/reports/1516520
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #ibrahimatix0x01
πΉ State: π’ Resolved
πΉ Disclosed: May 14, 2022, 9:54am (UTC)
Public Postman Api Collection Leaks Internal access to https://assets-paris-dev.codefi.network/
π https://hackerone.com/reports/1523651
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Consensys
πΉ Reported By: #polem4rch
πΉ State: π’ Resolved
πΉ Disclosed: May 14, 2022, 1:44pm (UTC)
π https://hackerone.com/reports/1523651
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Consensys
πΉ Reported By: #polem4rch
πΉ State: π’ Resolved
πΉ Disclosed: May 14, 2022, 1:44pm (UTC)
Disclose customer orders details by shopify chat application.
π https://hackerone.com/reports/968165
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: Shopify
πΉ Reported By: #zambo
πΉ State: π’ Resolved
πΉ Disclosed: May 14, 2022, 2:33pm (UTC)
π https://hackerone.com/reports/968165
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: Shopify
πΉ Reported By: #zambo
πΉ State: π’ Resolved
πΉ Disclosed: May 14, 2022, 2:33pm (UTC)
Disclose STUFF member name and make actions.
π https://hackerone.com/reports/968174
πΉ Severity: No Rating | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #zambo
πΉ State: π’ Resolved
πΉ Disclosed: May 14, 2022, 2:34pm (UTC)
π https://hackerone.com/reports/968174
πΉ Severity: No Rating | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #zambo
πΉ State: π’ Resolved
πΉ Disclosed: May 14, 2022, 2:34pm (UTC)
Credential leak on redirect
π https://hackerone.com/reports/1568175
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #iylz
πΉ State: π΄ N/A
πΉ Disclosed: May 14, 2022, 4:06pm (UTC)
π https://hackerone.com/reports/1568175
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #iylz
πΉ State: π΄ N/A
πΉ Disclosed: May 14, 2022, 4:06pm (UTC)
Origin IP found, WAF Cloudflare Bypass
π https://hackerone.com/reports/1536299
πΉ Severity: Low | π° 100 USD
πΉ Reported To: SMTP2GO BBP
πΉ Reported By: #mrrobot2050
πΉ State: π’ Resolved
πΉ Disclosed: May 15, 2022, 10:20am (UTC)
π https://hackerone.com/reports/1536299
πΉ Severity: Low | π° 100 USD
πΉ Reported To: SMTP2GO BBP
πΉ Reported By: #mrrobot2050
πΉ State: π’ Resolved
πΉ Disclosed: May 15, 2022, 10:20am (UTC)
HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function
π https://hackerone.com/reports/1478633
πΉ Severity: Critical | π° 6,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #albertspedersen
πΉ State: π’ Resolved
πΉ Disclosed: May 16, 2022, 8:57am (UTC)
π https://hackerone.com/reports/1478633
πΉ Severity: Critical | π° 6,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #albertspedersen
πΉ State: π’ Resolved
πΉ Disclosed: May 16, 2022, 8:57am (UTC)
CVE-2022-27781: CERTINFO never-ending busy-loop
π https://hackerone.com/reports/1555441
πΉ Severity: Low
πΉ Reported To: curl
πΉ Reported By: #sybr
πΉ State: π’ Resolved
πΉ Disclosed: May 16, 2022, 9:01am (UTC)
π https://hackerone.com/reports/1555441
πΉ Severity: Low
πΉ Reported To: curl
πΉ Reported By: #sybr
πΉ State: π’ Resolved
πΉ Disclosed: May 16, 2022, 9:01am (UTC)
Security misconfiguration
π https://hackerone.com/reports/1486327
πΉ Severity: High
πΉ Reported To: lemlist
πΉ Reported By: #mr23r0
πΉ State: π’ Resolved
πΉ Disclosed: May 16, 2022, 9:41am (UTC)
π https://hackerone.com/reports/1486327
πΉ Severity: High
πΉ Reported To: lemlist
πΉ Reported By: #mr23r0
πΉ State: π’ Resolved
πΉ Disclosed: May 16, 2022, 9:41am (UTC)
Site information's Display Name section vulnerable for XSS attacks and HTML Injections.
π https://hackerone.com/reports/1554888
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Automattic
πΉ Reported By: #sawrav-chowdhury
πΉ State: π’ Resolved
πΉ Disclosed: May 16, 2022, 1:59pm (UTC)
π https://hackerone.com/reports/1554888
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Automattic
πΉ Reported By: #sawrav-chowdhury
πΉ State: π’ Resolved
πΉ Disclosed: May 16, 2022, 1:59pm (UTC)
Privilege Escalation on TikTok for Business
π https://hackerone.com/reports/1505567
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #naaash
πΉ State: π’ Resolved
πΉ Disclosed: May 16, 2022, 8:06pm (UTC)
π https://hackerone.com/reports/1505567
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #naaash
πΉ State: π’ Resolved
πΉ Disclosed: May 16, 2022, 8:06pm (UTC)
π1
[app.lemlist.com] Improper handling of payment lead to bypass payment
π https://hackerone.com/reports/1420697
πΉ Severity: High
πΉ Reported To: lemlist
πΉ Reported By: #omarelfarsaoui
πΉ State: π’ Resolved
πΉ Disclosed: May 17, 2022, 8:54am (UTC)
π https://hackerone.com/reports/1420697
πΉ Severity: High
πΉ Reported To: lemlist
πΉ Reported By: #omarelfarsaoui
πΉ State: π’ Resolved
πΉ Disclosed: May 17, 2022, 8:54am (UTC)
Integer overflow vulnerability
π https://hackerone.com/reports/1562515
πΉ Severity: Critical
πΉ Reported To: Glovo
πΉ Reported By: #0f1c3r
πΉ State: π’ Resolved
πΉ Disclosed: May 17, 2022, 1:46pm (UTC)
π https://hackerone.com/reports/1562515
πΉ Severity: Critical
πΉ Reported To: Glovo
πΉ Reported By: #0f1c3r
πΉ State: π’ Resolved
πΉ Disclosed: May 17, 2022, 1:46pm (UTC)