Blocked user can send notification by liking the message due to Logical Bug
👉 https://hackerone.com/reports/1083421
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #sandipgyawali
🔹 State: 🟢 Resolved
🔹 Disclosed: July 10, 2021, 1:07am (UTC)
👉 https://hackerone.com/reports/1083421
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #sandipgyawali
🔹 State: 🟢 Resolved
🔹 Disclosed: July 10, 2021, 1:07am (UTC)
Exposed Prometheus instance at prometheus.qa.r3.com
👉 https://hackerone.com/reports/1200583
🔹 Severity: Medium
🔹 Reported To: R3
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: July 12, 2021, 8:40am (UTC)
👉 https://hackerone.com/reports/1200583
🔹 Severity: Medium
🔹 Reported To: R3
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: July 12, 2021, 8:40am (UTC)
Reflected XSS in https://www.topcoder.com/blog/category/community-stories/
👉 https://hackerone.com/reports/1194301
🔹 Severity: Low
🔹 Reported To: Topcoder
🔹 Reported By: #c0mbo
🔹 State: 🟢 Resolved
🔹 Disclosed: July 12, 2021, 12:54pm (UTC)
👉 https://hackerone.com/reports/1194301
🔹 Severity: Low
🔹 Reported To: Topcoder
🔹 Reported By: #c0mbo
🔹 State: 🟢 Resolved
🔹 Disclosed: July 12, 2021, 12:54pm (UTC)
your-store.myshopify.com preview link is leak on third party website lead to preview all action from store owner Without store Password.
👉 https://hackerone.com/reports/997350
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #danishalkatiri
🔹 State: 🟢 Resolved
🔹 Disclosed: July 12, 2021, 8:33pm (UTC)
👉 https://hackerone.com/reports/997350
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #danishalkatiri
🔹 State: 🟢 Resolved
🔹 Disclosed: July 12, 2021, 8:33pm (UTC)
Stored DOM XSS via Mermaid chart
👉 https://hackerone.com/reports/1103258
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #taraszelyk
🔹 State: 🟢 Resolved
🔹 Disclosed: July 12, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1103258
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #taraszelyk
🔹 State: 🟢 Resolved
🔹 Disclosed: July 12, 2021, 11:00pm (UTC)
Client-Side DOS via Mermaid Prototype Pollution vulnerability
👉 https://hackerone.com/reports/1106238
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #taraszelyk
🔹 State: 🟢 Resolved
🔹 Disclosed: July 12, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1106238
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #taraszelyk
🔹 State: 🟢 Resolved
🔹 Disclosed: July 12, 2021, 11:00pm (UTC)
OS Command Injection in 'rdoc' documentation generator
👉 https://hackerone.com/reports/1161691
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Ruby
🔹 Reported By: #chinarulezzz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 13, 2021, 7:38am (UTC)
👉 https://hackerone.com/reports/1161691
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Ruby
🔹 Reported By: #chinarulezzz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 13, 2021, 7:38am (UTC)
Stored-XSS on wiki pages
👉 https://hackerone.com/reports/1087061
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: GitLab
🔹 Reported By: #yvvdwf
🔹 State: 🟢 Resolved
🔹 Disclosed: July 13, 2021, 8:35am (UTC)
👉 https://hackerone.com/reports/1087061
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: GitLab
🔹 Reported By: #yvvdwf
🔹 State: 🟢 Resolved
🔹 Disclosed: July 13, 2021, 8:35am (UTC)
Stored-XSS in merge requests
👉 https://hackerone.com/reports/977697
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: GitLab
🔹 Reported By: #yvvdwf
🔹 State: 🟢 Resolved
🔹 Disclosed: July 13, 2021, 8:38am (UTC)
👉 https://hackerone.com/reports/977697
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: GitLab
🔹 Reported By: #yvvdwf
🔹 State: 🟢 Resolved
🔹 Disclosed: July 13, 2021, 8:38am (UTC)
FogBugz import attachment full SSRF requiring vulnerability in *.fogbugz.com
👉 https://hackerone.com/reports/1092230
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #ajxchapman
🔹 State: 🟢 Resolved
🔹 Disclosed: July 13, 2021, 1:15pm (UTC)
👉 https://hackerone.com/reports/1092230
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #ajxchapman
🔹 State: 🟢 Resolved
🔹 Disclosed: July 13, 2021, 1:15pm (UTC)
[Bypass fixed #664038 and #519059] Application settings change settings that have been set by the user
👉 https://hackerone.com/reports/712344
🔹 Severity: Medium | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #jaka_tingkir
🔹 State: 🟢 Resolved
🔹 Disclosed: July 13, 2021, 5:47pm (UTC)
👉 https://hackerone.com/reports/712344
🔹 Severity: Medium | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #jaka_tingkir
🔹 State: 🟢 Resolved
🔹 Disclosed: July 13, 2021, 5:47pm (UTC)
Error Page Content Spoofing or Text Injection
👉 https://hackerone.com/reports/1245051
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Basecamp
🔹 Reported By: #princej_76
🔹 State: 🟢 Resolved
🔹 Disclosed: July 14, 2021, 12:21pm (UTC)
👉 https://hackerone.com/reports/1245051
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Basecamp
🔹 Reported By: #princej_76
🔹 State: 🟢 Resolved
🔹 Disclosed: July 14, 2021, 12:21pm (UTC)
Scoped apptokens can be changed by that very apptoken
👉 https://hackerone.com/reports/1193321
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 7:10pm (UTC)
👉 https://hackerone.com/reports/1193321
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 7:10pm (UTC)
User deletion is not handled properly everywhere
👉 https://hackerone.com/reports/1200700
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 7:12pm (UTC)
👉 https://hackerone.com/reports/1200700
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 7:12pm (UTC)
Admin audit is not properly logging unsetting of expiration date
👉 https://hackerone.com/reports/1200810
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 7:13pm (UTC)
👉 https://hackerone.com/reports/1200810
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 7:13pm (UTC)
[Java]: CWE 295 - Insecure TrustManager - MiTM
👉 https://hackerone.com/reports/1264781
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 10:59pm (UTC)
👉 https://hackerone.com/reports/1264781
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 10:59pm (UTC)
[Java]: CWE-665 Insecure environment during RMI/JMX Server initialisation - All for one bounty
👉 https://hackerone.com/reports/1250320
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #timolesml
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1250320
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #timolesml
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 11:00pm (UTC)
[Java] JShell Injection
👉 https://hackerone.com/reports/1250307
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1250307
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 11:00pm (UTC)
[Java]: CWE 295 - Insecure TrustManager - MiTM
👉 https://hackerone.com/reports/1250306
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1250306
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 11:00pm (UTC)
[Java] CWE-918: Added URLClassLoader and WebClient SSRF sinks
👉 https://hackerone.com/reports/1250305
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #p0wn4j
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 11:01pm (UTC)
👉 https://hackerone.com/reports/1250305
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #p0wn4j
🔹 State: 🟢 Resolved
🔹 Disclosed: July 15, 2021, 11:01pm (UTC)
Ransomware protection is missing extentions take 2
👉 https://hackerone.com/reports/1200785
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: July 16, 2021, 8:42am (UTC)
👉 https://hackerone.com/reports/1200785
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: July 16, 2021, 8:42am (UTC)