Reddit talk promotion offers don't expire, allowing users to accept them after being demoted
π https://hackerone.com/reports/1656380
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Reddit
πΉ Reported By: #ahacker1
πΉ State: π’ Resolved
πΉ Disclosed: October 3, 2022, 3:25pm (UTC)
π https://hackerone.com/reports/1656380
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Reddit
πΉ Reported By: #ahacker1
πΉ State: π’ Resolved
πΉ Disclosed: October 3, 2022, 3:25pm (UTC)
Bypass two-factor authentication
π https://hackerone.com/reports/1664974
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #ydvanjali
πΉ State: π’ Resolved
πΉ Disclosed: October 4, 2022, 12:03pm (UTC)
π https://hackerone.com/reports/1664974
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #ydvanjali
πΉ State: π’ Resolved
πΉ Disclosed: October 4, 2022, 12:03pm (UTC)
[CPP]: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch
π https://hackerone.com/reports/1710575
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: October 5, 2022, 5:50pm (UTC)
π https://hackerone.com/reports/1710575
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: October 5, 2022, 5:50pm (UTC)
[Java]: CWE-625 - Query to detect regex dot bypass
π https://hackerone.com/reports/1690045
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: October 5, 2022, 5:50pm (UTC)
π https://hackerone.com/reports/1690045
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: October 5, 2022, 5:50pm (UTC)
[JAVA]: Partial Path Traversal
π https://hackerone.com/reports/1678405
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #smehta23
πΉ State: π’ Resolved
πΉ Disclosed: October 5, 2022, 5:51pm (UTC)
π https://hackerone.com/reports/1678405
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #smehta23
πΉ State: π’ Resolved
πΉ Disclosed: October 5, 2022, 5:51pm (UTC)
PYTHON: CWE-079 - Add query for email injection
π https://hackerone.com/reports/1602237
πΉ Severity: High | π° 4,500 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #jorgectf
πΉ State: π’ Resolved
πΉ Disclosed: October 5, 2022, 5:52pm (UTC)
π https://hackerone.com/reports/1602237
πΉ Severity: High | π° 4,500 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #jorgectf
πΉ State: π’ Resolved
πΉ Disclosed: October 5, 2022, 5:52pm (UTC)
IDOR - Delete technical skill assessment result & Gained Badges result of any user
π https://hackerone.com/reports/1592587
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: LinkedIn
πΉ Reported By: #sachin_kumar_
πΉ State: π’ Resolved
πΉ Disclosed: October 5, 2022, 7:29pm (UTC)
π https://hackerone.com/reports/1592587
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: LinkedIn
πΉ Reported By: #sachin_kumar_
πΉ State: π’ Resolved
πΉ Disclosed: October 5, 2022, 7:29pm (UTC)
No rate limit on subscribe form
π https://hackerone.com/reports/1708824
πΉ Severity: Medium
πΉ Reported To: Yelp
πΉ Reported By: #happykira0x1
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 5, 2022, 8:55pm (UTC)
π https://hackerone.com/reports/1708824
πΉ Severity: Medium
πΉ Reported To: Yelp
πΉ Reported By: #happykira0x1
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 5, 2022, 8:55pm (UTC)
Blind SSRF in social-plugins.line.me
π https://hackerone.com/reports/833758
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: LINE
πΉ Reported By: #sirleeroyjenkins
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 9:25am (UTC)
π https://hackerone.com/reports/833758
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: LINE
πΉ Reported By: #sirleeroyjenkins
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 9:25am (UTC)
SSRF on https://www.βββββββ/crossdomain.php via url parameter
π https://hackerone.com/reports/971590
πΉ Severity: Critical
πΉ Reported To: Sony
πΉ Reported By: #n0x496n
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 3:44pm (UTC)
π https://hackerone.com/reports/971590
πΉ Severity: Critical
πΉ Reported To: Sony
πΉ Reported By: #n0x496n
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 3:44pm (UTC)
Path Traversal issue at https://ββββ/blaze/
π https://hackerone.com/reports/1320084
πΉ Severity: High
πΉ Reported To: Sony
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 3:53pm (UTC)
π https://hackerone.com/reports/1320084
πΉ Severity: High
πΉ Reported To: Sony
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 3:53pm (UTC)
SQL Injection through /include/findusers.php
π https://hackerone.com/reports/1081145
πΉ Severity: Critical
πΉ Reported To: ImpressCMS
πΉ Reported By: #egix
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 6:51pm (UTC)
π https://hackerone.com/reports/1081145
πΉ Severity: Critical
πΉ Reported To: ImpressCMS
πΉ Reported By: #egix
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 6:51pm (UTC)
Remote Command Execution via Github import
π https://hackerone.com/reports/1679624
πΉ Severity: Critical | π° 33,510 USD
πΉ Reported To: GitLab
πΉ Reported By: #vakzz
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 8:19pm (UTC)
π https://hackerone.com/reports/1679624
πΉ Severity: Critical | π° 33,510 USD
πΉ Reported To: GitLab
πΉ Reported By: #vakzz
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 8:19pm (UTC)
Relative Path Traversal vulnerability in fabric-private-chaincode
π https://hackerone.com/reports/1690377
πΉ Severity: No Rating
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 9, 2022, 7:41am (UTC)
π https://hackerone.com/reports/1690377
πΉ Severity: No Rating
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 9, 2022, 7:41am (UTC)
Email Address Exposure via Gratipay Migration Tool
π https://hackerone.com/reports/1727044
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Liberapay
πΉ Reported By: #suprnova
πΉ State: π’ Resolved
πΉ Disclosed: October 9, 2022, 11:50am (UTC)
π https://hackerone.com/reports/1727044
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Liberapay
πΉ Reported By: #suprnova
πΉ State: π’ Resolved
πΉ Disclosed: October 9, 2022, 11:50am (UTC)
CORS Misconfiguration on trust.yelp.com
π https://hackerone.com/reports/1716286
πΉ Severity: Medium
πΉ Reported To: Yelp
πΉ Reported By: #ajayjachak
πΉ State: π΄ N/A
πΉ Disclosed: October 10, 2022, 4:59am (UTC)
π https://hackerone.com/reports/1716286
πΉ Severity: Medium
πΉ Reported To: Yelp
πΉ Reported By: #ajayjachak
πΉ State: π΄ N/A
πΉ Disclosed: October 10, 2022, 4:59am (UTC)
Deny of service via malicious Content-Type
π https://hackerone.com/reports/1715536
πΉ Severity: High
πΉ Reported To: Fastify
πΉ Reported By: #bitk
πΉ State: π’ Resolved
πΉ Disclosed: October 10, 2022, 8:43am (UTC)
π https://hackerone.com/reports/1715536
πΉ Severity: High
πΉ Reported To: Fastify
πΉ Reported By: #bitk
πΉ State: π’ Resolved
πΉ Disclosed: October 10, 2022, 8:43am (UTC)
Stored XSS in the ticketing system
π https://hackerone.com/reports/1694037
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: October 10, 2022, 10:35pm (UTC)
π https://hackerone.com/reports/1694037
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: October 10, 2022, 10:35pm (UTC)
Autofill/Autosave password on login
π https://hackerone.com/reports/1720621
πΉ Severity: Medium
πΉ Reported To: Yelp
πΉ Reported By: #zero_990
πΉ State: π΄ N/A
πΉ Disclosed: October 11, 2022, 5:15pm (UTC)
π https://hackerone.com/reports/1720621
πΉ Severity: Medium
πΉ Reported To: Yelp
πΉ Reported By: #zero_990
πΉ State: π΄ N/A
πΉ Disclosed: October 11, 2022, 5:15pm (UTC)
IDOR [mtnmobad.mtnbusiness.com.ng]
π https://hackerone.com/reports/1698006
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #insomnia_hax
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 7:18am (UTC)
π https://hackerone.com/reports/1698006
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #insomnia_hax
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 7:18am (UTC)
DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation
π https://hackerone.com/reports/1511628
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #shirshak
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 9:52am (UTC)
π https://hackerone.com/reports/1511628
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #shirshak
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 9:52am (UTC)