Bugpoint

Reflected XSS | https://████████

👉 https://hackerone.com/reports/1736433

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:33pm (UTC)

140 views18:42

Bugpoint

Reflected XSS | https://████

👉 https://hackerone.com/reports/1736432

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:34pm (UTC)

151 views18:42

Bugpoint

IDOR on ███████ [HtUS]

👉 https://hackerone.com/reports/1627974

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nightm4re
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:36pm (UTC)

164 views18:42

Bugpoint

Open Redirect at █████

👉 https://hackerone.com/reports/1634105

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #angeltsvetkov
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:37pm (UTC)

179 views18:42

Bugpoint

Reflected XSS in chatbot

👉 https://hackerone.com/reports/1735622

🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #roland_hack
🔹 State: 🟢 Resolved
🔹 Disclosed: November 19, 2022, 3:56pm (UTC)

189 views18:42

Bugpoint

No rate limiting for Remove Account lead to huge Mass mailings

👉 https://hackerone.com/reports/1723445

🔹 Severity: No Rating
🔹 Reported To: Weblate
🔹 Reported By: #tanvir_0x
🔹 State: 🟢 Resolved
🔹 Disclosed: November 20, 2022, 9:08am (UTC)

218 views18:42

Bugpoint

Dependecy Confusion via Lookup Request Forwarding to PyPi.org

👉 https://hackerone.com/reports/1681275

🔹 Severity: No Rating
🔹 Reported To: GitLab
🔹 Reported By: #usd-responsible-disclosure
🔹 State: ⚪️ Informative
🔹 Disclosed: November 21, 2022, 3:49am (UTC)

261 views18:42

Bugpoint

Open redirect that can lead to malicious websites

👉 https://hackerone.com/reports/1771749

🔹 Severity: No Rating
🔹 Reported To: AMBER AI
🔹 Reported By: #mrdot404
🔹 State: ⚪️ Informative
🔹 Disclosed: November 21, 2022, 7:24am (UTC)

306 views18:42

Bugpoint

Support Portal Takeover via Leaked API KEY

👉 https://hackerone.com/reports/1766228

🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: AMBER AI
🔹 Reported By: #khizer47
🔹 State: 🟢 Resolved
🔹 Disclosed: November 22, 2022, 9:55am (UTC)

295 views18:31

Bugpoint

DoS via Automatic Response Message

👉 https://hackerone.com/reports/1680241

🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mattermost
🔹 Reported By: #vultza
🔹 State: 🟢 Resolved
🔹 Disclosed: November 23, 2022, 2:55pm (UTC)

276 views19:25

Bugpoint

DoS via Playbook

👉 https://hackerone.com/reports/1685979

🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mattermost
🔹 Reported By: #vultza
🔹 State: 🟢 Resolved
🔹 Disclosed: November 23, 2022, 2:55pm (UTC)

259 views19:25

Bugpoint

RubyのCGIライブラリにHTTPレスポンス分割（HTTPヘッダインジェクション）があり、秘密情報が漏洩する

👉 https://hackerone.com/reports/1204695

🔹 Severity: High
🔹 Reported To: Ruby
🔹 Reported By: #htokumaru
🔹 State: 🟢 Resolved
🔹 Disclosed: November 24, 2022, 1:46am (UTC)

👍1

266 views04:58

Bugpoint

CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装

👉 https://hackerone.com/reports/1204977

🔹 Severity: Low
🔹 Reported To: Ruby
🔹 Reported By: #htokumaru
🔹 State: 🟢 Resolved
🔹 Disclosed: November 24, 2022, 1:47am (UTC)

282 views04:58

Bugpoint

XSS in Desktop Client in the notifications

👉 https://hackerone.com/reports/1668028

🔹 Severity: Low | 💰 750 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 11:29am (UTC)

263 views18:34

Bugpoint

XSS in Desktop Client via user status and information

👉 https://hackerone.com/reports/1707977

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 3:44pm (UTC)

264 views18:34

Bugpoint

XSS in Desktop Client in call notification popup

👉 https://hackerone.com/reports/1711847

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 3:45pm (UTC)

252 views18:34

Bugpoint

SSRF - pivoting in the private LAN

👉 https://hackerone.com/reports/1364797

🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #adrian_t
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 5:20pm (UTC)

262 views18:34

Bugpoint

open redirect to a remote website which can phish users

👉 https://hackerone.com/reports/1397804

🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #adrian_t
🔹 State: ⚪️ Informative
🔹 Disclosed: November 25, 2022, 6:08pm (UTC)

297 views18:34

Bugpoint

SSRF mitigation bypass using DNS Rebind attack

👉 https://hackerone.com/reports/1369312

🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #adrian_t
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 6:11pm (UTC)

👍1

327 views18:34

Bugpoint

Database resource exhaustion for logged-in users via sharee recommendations with circles

👉 https://hackerone.com/reports/1688199

🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #michag86
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 6:52am (UTC)

279 views07:04

Bugpoint

Profile of disabled user stays accessible

👉 https://hackerone.com/reports/1675014

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #mikaelgundersen
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 6:53am (UTC)

295 views07:04

About

Blog

Apps

Platform