[python]: Zip Slip Vulnerability
π https://hackerone.com/reports/1572496
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #farid_hunter
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 8:46pm (UTC)
π https://hackerone.com/reports/1572496
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #farid_hunter
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 8:46pm (UTC)
β€2
Stored XSS in photos_user_map.gne
π https://hackerone.com/reports/1534636
πΉ Severity: High | π° 3,263 USD
πΉ Reported To: Flickr
πΉ Reported By: #keer0k
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 11:21pm (UTC)
π https://hackerone.com/reports/1534636
πΉ Severity: High | π° 3,263 USD
πΉ Reported To: Flickr
πΉ Reported By: #keer0k
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 11:21pm (UTC)
Open redirect bypass
π https://hackerone.com/reports/1513031
πΉ Severity: Low | π° 300 USD
πΉ Reported To: Flickr
πΉ Reported By: #xlord91
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 11:23pm (UTC)
π https://hackerone.com/reports/1513031
πΉ Severity: Low | π° 300 USD
πΉ Reported To: Flickr
πΉ Reported By: #xlord91
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 11:23pm (UTC)
Cross-site scripting on dashboard2.omise.co
π https://hackerone.com/reports/1532858
πΉ Severity: Critical | π° 200 USD
πΉ Reported To: Omise
πΉ Reported By: #oblivionlight
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 11:54am (UTC)
π https://hackerone.com/reports/1532858
πΉ Severity: Critical | π° 200 USD
πΉ Reported To: Omise
πΉ Reported By: #oblivionlight
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 11:54am (UTC)
[com.exness.android.pa Android] Universal XSS in webview. Lead to steal user cookies
π https://hackerone.com/reports/532836
πΉ Severity: No Rating | π° 400 USD
πΉ Reported To: EXNESS
πΉ Reported By: #nearsecurity
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 3:24pm (UTC)
π https://hackerone.com/reports/532836
πΉ Severity: No Rating | π° 400 USD
πΉ Reported To: EXNESS
πΉ Reported By: #nearsecurity
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 3:24pm (UTC)
Critical broken cookie signing on dagobah.flickr.com
π https://hackerone.com/reports/1440290
πΉ Severity: Medium | π° 479 USD
πΉ Reported To: Flickr
πΉ Reported By: #ian
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 11:56pm (UTC)
π https://hackerone.com/reports/1440290
πΉ Severity: Medium | π° 479 USD
πΉ Reported To: Flickr
πΉ Reported By: #ian
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 11:56pm (UTC)
π€1
Email templates XSS by filterXSS bypass
π https://hackerone.com/reports/1404804
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Judge.me
πΉ Reported By: #caue
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 7:45am (UTC)
π https://hackerone.com/reports/1404804
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Judge.me
πΉ Reported By: #caue
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 7:45am (UTC)
Stored XSS in Notes (with CSP bypass for gitlab.com)
π https://hackerone.com/reports/1481207
πΉ Severity: High | π° 13,950 USD
πΉ Reported To: GitLab
πΉ Reported By: #joaxcar
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 12:09pm (UTC)
π https://hackerone.com/reports/1481207
πΉ Severity: High | π° 13,950 USD
πΉ Reported To: GitLab
πΉ Reported By: #joaxcar
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 12:09pm (UTC)
π₯2π1
Blind XSS in app.pullrequest.com/ββββββββ via /reviews/ratings/{uuid}
π https://hackerone.com/reports/1558010
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: HackerOne
πΉ Reported By: #bugra
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 4:28pm (UTC)
π https://hackerone.com/reports/1558010
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: HackerOne
πΉ Reported By: #bugra
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 4:28pm (UTC)
π1π₯1
Read Other Users Reports Through Cloning
π https://hackerone.com/reports/1505609
πΉ Severity: Medium
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #hollaatm3
πΉ State: π’ Resolved
πΉ Disclosed: May 26, 2022, 12:41pm (UTC)
π https://hackerone.com/reports/1505609
πΉ Severity: Medium
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #hollaatm3
πΉ State: π’ Resolved
πΉ Disclosed: May 26, 2022, 12:41pm (UTC)
[Urgent] Critical Vulnerability [RCE] on βββ vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635
π https://hackerone.com/reports/469730
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ashutosh7
πΉ State: π’ Resolved
πΉ Disclosed: May 26, 2022, 4:23pm (UTC)
π https://hackerone.com/reports/469730
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ashutosh7
πΉ State: π’ Resolved
πΉ Disclosed: May 26, 2022, 4:23pm (UTC)
Full read SSRF in flyte-poc-us-east4.uberinternal.com
π https://hackerone.com/reports/1540906
πΉ Severity: Medium | π° 2,000 USD
πΉ Reported To: Uber
πΉ Reported By: #ian
πΉ State: π’ Resolved
πΉ Disclosed: May 26, 2022, 10:18pm (UTC)
π https://hackerone.com/reports/1540906
πΉ Severity: Medium | π° 2,000 USD
πΉ Reported To: Uber
πΉ Reported By: #ian
πΉ State: π’ Resolved
πΉ Disclosed: May 26, 2022, 10:18pm (UTC)
π1
Notification implicit PendingIntent in com.nextcloud.client allows to access contacts
π https://hackerone.com/reports/1161401
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #qj_test
πΉ State: π’ Resolved
πΉ Disclosed: May 27, 2022, 7:23am (UTC)
π https://hackerone.com/reports/1161401
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #qj_test
πΉ State: π’ Resolved
πΉ Disclosed: May 27, 2022, 7:23am (UTC)
Control character filtering misses leading and trailing whitespace in file and folder names
π https://hackerone.com/reports/1402249
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #david_h1
πΉ State: π’ Resolved
πΉ Disclosed: May 27, 2022, 7:23am (UTC)
π https://hackerone.com/reports/1402249
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #david_h1
πΉ State: π’ Resolved
πΉ Disclosed: May 27, 2022, 7:23am (UTC)
CVE-2022-28738: Double free in Regexp compilation
π https://hackerone.com/reports/1549636
πΉ Severity: High | π° 4,000 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #piao
πΉ State: π’ Resolved
πΉ Disclosed: May 28, 2022, 6:18pm (UTC)
π https://hackerone.com/reports/1549636
πΉ Severity: High | π° 4,000 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #piao
πΉ State: π’ Resolved
πΉ Disclosed: May 28, 2022, 6:18pm (UTC)
Users who are restricted to use the application because of a "Waiting List" are able to get access to the Beta Application by bypassing the waitlist
π https://hackerone.com/reports/1494308
πΉ Severity: Low
πΉ Reported To: Alohi
πΉ Reported By: #darkknight4688
πΉ State: π’ Resolved
πΉ Disclosed: May 30, 2022, 9:21am (UTC)
π https://hackerone.com/reports/1494308
πΉ Severity: Low
πΉ Reported To: Alohi
πΉ Reported By: #darkknight4688
πΉ State: π’ Resolved
πΉ Disclosed: May 30, 2022, 9:21am (UTC)
Self XSS in attachments name
π https://hackerone.com/reports/1536901
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 9:10am (UTC)
π https://hackerone.com/reports/1536901
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 9:10am (UTC)
π€1
BlIND XSS on https://open.vanillaforums.com
π https://hackerone.com/reports/1189885
πΉ Severity: High | π° 300 USD
πΉ Reported To: Vanilla
πΉ Reported By: #mohit0786
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 10:15am (UTC)
π https://hackerone.com/reports/1189885
πΉ Severity: High | π° 300 USD
πΉ Reported To: Vanilla
πΉ Reported By: #mohit0786
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 10:15am (UTC)
Improper input-size validation on the user new session name can result in server-side DDoS.
π https://hackerone.com/reports/1153138
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #demonia
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 2:37pm (UTC)
π https://hackerone.com/reports/1153138
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #demonia
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 2:37pm (UTC)
CSRF token validation system is disabled on Stripe Dashboard
π https://hackerone.com/reports/1493437
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: Stripe
πΉ Reported By: #rodolfomarianocy
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 5:05pm (UTC)
π https://hackerone.com/reports/1493437
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: Stripe
πΉ Reported By: #rodolfomarianocy
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 5:05pm (UTC)
DOM XSS on www.adobe.com
π https://hackerone.com/reports/1260825
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #saajanbhujel
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 5:14pm (UTC)
π https://hackerone.com/reports/1260825
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #saajanbhujel
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 5:14pm (UTC)