Stored XSS in intensedebate.com via the Comments RSS
π https://hackerone.com/reports/1664914
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Automattic
πΉ Reported By: #bugra
πΉ State: π’ Resolved
πΉ Disclosed: November 2, 2022, 9:20am (UTC)
π https://hackerone.com/reports/1664914
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Automattic
πΉ Reported By: #bugra
πΉ State: π’ Resolved
πΉ Disclosed: November 2, 2022, 9:20am (UTC)
CVE-2022-42916: HSTS bypass via IDN
π https://hackerone.com/reports/1753226
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 12:19am (UTC)
π https://hackerone.com/reports/1753226
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 12:19am (UTC)
Archived / Deleted / Private Poll Can Be Viewed by Another Users [Crowdsignal WordPress plugins]
π https://hackerone.com/reports/1711318
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Automattic
πΉ Reported By: #apapedulimu
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 11:41am (UTC)
π https://hackerone.com/reports/1711318
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Automattic
πΉ Reported By: #apapedulimu
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 11:41am (UTC)
Command injection in GitHub Actions ContainerStepHost
π https://hackerone.com/reports/1637621
πΉ Severity: No Rating | π° 4,000 USD
πΉ Reported To: GitHub
πΉ Reported By: #jupenur
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 3:33pm (UTC)
π https://hackerone.com/reports/1637621
πΉ Severity: No Rating | π° 4,000 USD
πΉ Reported To: GitHub
πΉ Reported By: #jupenur
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 3:33pm (UTC)
RepositoryPipeline allows importing of local git repos
π https://hackerone.com/reports/1685822
πΉ Severity: Medium | π° 22,300 USD
πΉ Reported To: GitLab
πΉ Reported By: #vakzz
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:43am (UTC)
π https://hackerone.com/reports/1685822
πΉ Severity: Medium | π° 22,300 USD
πΉ Reported To: GitLab
πΉ Reported By: #vakzz
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:43am (UTC)
DOS via move_issue
π https://hackerone.com/reports/1543584
πΉ Severity: Medium | π° 2,300 USD
πΉ Reported To: GitLab
πΉ Reported By: #legit-security
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:44am (UTC)
π https://hackerone.com/reports/1543584
πΉ Severity: Medium | π° 2,300 USD
πΉ Reported To: GitLab
πΉ Reported By: #legit-security
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:44am (UTC)
Path paths and file disclosure vulnerabilities at influxdb.quality.gitlab.net
π https://hackerone.com/reports/1643962
πΉ Severity: Low | π° 100 USD
πΉ Reported To: GitLab
πΉ Reported By: #otoyyy
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:46am (UTC)
π https://hackerone.com/reports/1643962
πΉ Severity: Low | π° 100 USD
πΉ Reported To: GitLab
πΉ Reported By: #otoyyy
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:46am (UTC)
DOS via issue preview
π https://hackerone.com/reports/1543718
πΉ Severity: High | π° 7,640 USD
πΉ Reported To: GitLab
πΉ Reported By: #legit-security
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:47am (UTC)
π https://hackerone.com/reports/1543718
πΉ Severity: High | π° 7,640 USD
πΉ Reported To: GitLab
πΉ Reported By: #legit-security
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:47am (UTC)
CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud
π https://hackerone.com/reports/1245165
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Acronis
πΉ Reported By: #mr-medi
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 7:38pm (UTC)
π https://hackerone.com/reports/1245165
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Acronis
πΉ Reported By: #mr-medi
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 7:38pm (UTC)
CVE-2022-35252: control code in cookie denial of service
π https://hackerone.com/reports/1686935
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: November 5, 2022, 2:50pm (UTC)
π https://hackerone.com/reports/1686935
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: November 5, 2022, 2:50pm (UTC)
Completely remove VPN profile from locked WARP iOS cient.
π https://hackerone.com/reports/1633231
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 10:59am (UTC)
π https://hackerone.com/reports/1633231
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 10:59am (UTC)
Bypass Cloudflare WARP lock on iOS.
π https://hackerone.com/reports/1542450
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 11:02am (UTC)
π https://hackerone.com/reports/1542450
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 11:02am (UTC)
I found another way to bypass Cloudflare Warp lock!
π https://hackerone.com/reports/1605847
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 11:02am (UTC)
π https://hackerone.com/reports/1605847
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 11:02am (UTC)
Exceed photo dimensions, Flickr.com
π https://hackerone.com/reports/1755552
πΉ Severity: Low | π° 50 USD
πΉ Reported To: Flickr
πΉ Reported By: #0xcyborg
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 7, 2022, 5:53pm (UTC)
π https://hackerone.com/reports/1755552
πΉ Severity: Low | π° 50 USD
πΉ Reported To: Flickr
πΉ Reported By: #0xcyborg
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 7, 2022, 5:53pm (UTC)
Subdomain Takeover via Unclaimed Amazon S3 Bucket (Musical.ly)
π https://hackerone.com/reports/1102537
πΉ Severity: Low | π° 200 USD
πΉ Reported To: TikTok
πΉ Reported By: #daik0n
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 9:34pm (UTC)
π https://hackerone.com/reports/1102537
πΉ Severity: Low | π° 200 USD
πΉ Reported To: TikTok
πΉ Reported By: #daik0n
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 9:34pm (UTC)
Public Github Repo Leaking Internal Credentials
π https://hackerone.com/reports/1763266
πΉ Severity: Critical
πΉ Reported To: Yelp
πΉ Reported By: #xinfohuggerx
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 7, 2022, 11:45pm (UTC)
π https://hackerone.com/reports/1763266
πΉ Severity: Critical
πΉ Reported To: Yelp
πΉ Reported By: #xinfohuggerx
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 7, 2022, 11:45pm (UTC)
[Kafka Connect] [JdbcSinkConnector][HttpSinkConnector] RCE by leveraging file upload via SQLite JDBC driver and SSRF to internal Jolokia
π https://hackerone.com/reports/1547877
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:29am (UTC)
π https://hackerone.com/reports/1547877
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:29am (UTC)
Grafana RCE via SMTP server parameter injection
π https://hackerone.com/reports/1200647
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:29am (UTC)
π https://hackerone.com/reports/1200647
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:29am (UTC)
Kafka Connect RCE via connector SASL JAAS JndiLoginModule configuration
π https://hackerone.com/reports/1529790
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:30am (UTC)
π https://hackerone.com/reports/1529790
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:30am (UTC)
Apache Flink RCE via GET jar/plan API Endpoint
π https://hackerone.com/reports/1418891
πΉ Severity: Critical | π° 6,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:30am (UTC)
π https://hackerone.com/reports/1418891
πΉ Severity: Critical | π° 6,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:30am (UTC)
Self-XSS on Suggest Tag dialog box
π https://hackerone.com/reports/1761505
πΉ Severity: Low | π° 50 USD
πΉ Reported To: XVIDEOS
πΉ Reported By: #j3rry4unt
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 7:19pm (UTC)
π https://hackerone.com/reports/1761505
πΉ Severity: Low | π° 50 USD
πΉ Reported To: XVIDEOS
πΉ Reported By: #j3rry4unt
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 7:19pm (UTC)