Misuse of groups feature allows workspace members to join private channels without being invited
👉 https://hackerone.com/reports/1248852
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Slack
🔹 Reported By: #kmap
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 8:08pm (UTC)
👉 https://hackerone.com/reports/1248852
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Slack
🔹 Reported By: #kmap
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 8:08pm (UTC)
Reflected XSS in TikTok endpoints
👉 https://hackerone.com/reports/1350887
🔹 Severity: Medium | 💰 4,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #sh1yo
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 1:44am (UTC)
👉 https://hackerone.com/reports/1350887
🔹 Severity: Medium | 💰 4,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #sh1yo
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 1:44am (UTC)
Broken link profile in the website leads to identity theft.
👉 https://hackerone.com/reports/1343733
🔹 Severity: Medium
🔹 Reported To: Lacework
🔹 Reported By: #spyata
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 5:35pm (UTC)
👉 https://hackerone.com/reports/1343733
🔹 Severity: Medium
🔹 Reported To: Lacework
🔹 Reported By: #spyata
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 5:35pm (UTC)
[Java] CWE-502: Unsafe deserialization with three JSON frameworks
👉 https://hackerone.com/reports/1368720
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
👉 https://hackerone.com/reports/1368720
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
[Python]: CWE-117 Log Injection
👉 https://hackerone.com/reports/1368721
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
👉 https://hackerone.com/reports/1368721
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
[cpp] CWE-787: query to detect unsigned integer to signed integer conversions used in pointer arithmetics
👉 https://hackerone.com/reports/1378946
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
👉 https://hackerone.com/reports/1378946
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
[Java] CWE-552: Unsafe url forward
👉 https://hackerone.com/reports/1378947
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:22pm (UTC)
👉 https://hackerone.com/reports/1378947
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:22pm (UTC)
XSS on tiktok.com
👉 https://hackerone.com/reports/1322104
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #arifmkhls
🔹 State: 🟢 Resolved
🔹 Disclosed: October 23, 2021, 12:36am (UTC)
👉 https://hackerone.com/reports/1322104
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #arifmkhls
🔹 State: 🟢 Resolved
🔹 Disclosed: October 23, 2021, 12:36am (UTC)
Script breaking tag (Forces website to render blank) (Informative)
👉 https://hackerone.com/reports/1355537
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: XVIDEOS
🔹 Reported By: #ch1ck3n42
🔹 State: 🟢 Resolved
🔹 Disclosed: October 23, 2021, 2:50pm (UTC)
👉 https://hackerone.com/reports/1355537
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: XVIDEOS
🔹 Reported By: #ch1ck3n42
🔹 State: 🟢 Resolved
🔹 Disclosed: October 23, 2021, 2:50pm (UTC)
Image queue default key of 'None' and GraphQL unhandled type exception
👉 https://hackerone.com/reports/996041
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #moblig
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:04pm (UTC)
👉 https://hackerone.com/reports/996041
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #moblig
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:04pm (UTC)
Outsider can affect Upvote Percentage of private subreddit post by calling /api/vote API
👉 https://hackerone.com/reports/1298902
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #trieulieuf9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:05pm (UTC)
👉 https://hackerone.com/reports/1298902
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #trieulieuf9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:05pm (UTC)
Race condition leads to Inflation of coins when bought via Google Play Store at endpoint https://oauth.reddit.com/api/v2/gold/android/verify_purchase
👉 https://hackerone.com/reports/801743
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #yashrs
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:08pm (UTC)
👉 https://hackerone.com/reports/801743
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #yashrs
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:08pm (UTC)
Third party app could steal access token as well as protected files using inAppBrowser
👉 https://hackerone.com/reports/1122177
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #rahulkankrale
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:10pm (UTC)
👉 https://hackerone.com/reports/1122177
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #rahulkankrale
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:10pm (UTC)
Content Spoofing/Text Injection at https://gateway-production.dubsmash.com
👉 https://hackerone.com/reports/1166770
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #karthik86
🔹 State: 🔴 N/A
🔹 Disclosed: October 27, 2021, 2:11pm (UTC)
👉 https://hackerone.com/reports/1166770
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #karthik86
🔹 State: 🔴 N/A
🔹 Disclosed: October 27, 2021, 2:11pm (UTC)
Missing rate limit in current password change settings leads to Account takeover
👉 https://hackerone.com/reports/1170522
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #m0hacks
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 27, 2021, 2:12pm (UTC)
👉 https://hackerone.com/reports/1170522
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #m0hacks
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 27, 2021, 2:12pm (UTC)
Exposed PHP dependencies at ██.8x8.com
👉 https://hackerone.com/reports/1132457
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 4:12pm (UTC)
👉 https://hackerone.com/reports/1132457
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 4:12pm (UTC)
Dependency on private SSH keys in public github
👉 https://hackerone.com/reports/974176
🔹 Severity: High
🔹 Reported To: Agoric
🔹 Reported By: #pacmanx
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 4:18pm (UTC)
👉 https://hackerone.com/reports/974176
🔹 Severity: High
🔹 Reported To: Agoric
🔹 Reported By: #pacmanx
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 4:18pm (UTC)
Reflected XSS at ████ via ██████████= parameter
👉 https://hackerone.com/reports/1305472
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #zhenwarx
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2021, 8:17pm (UTC)
👉 https://hackerone.com/reports/1305472
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #zhenwarx
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2021, 8:17pm (UTC)
AWS subdomain takeover of www.███████
👉 https://hackerone.com/reports/1329792
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #al-madjus
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2021, 8:18pm (UTC)
👉 https://hackerone.com/reports/1329792
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #al-madjus
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2021, 8:18pm (UTC)
Bypassing the Grammarly plagiarism checker by simply replacing characters in the source text
👉 https://hackerone.com/reports/1282282
🔹 Severity: No Rating
🔹 Reported To: Grammarly
🔹 Reported By: #evilksandr
🔹 State: ⚪️ Informative
🔹 Disclosed: October 28, 2021, 9:24pm (UTC)
👉 https://hackerone.com/reports/1282282
🔹 Severity: No Rating
🔹 Reported To: Grammarly
🔹 Reported By: #evilksandr
🔹 State: ⚪️ Informative
🔹 Disclosed: October 28, 2021, 9:24pm (UTC)
HTML Injection on tiktoktutorials via firstName parameter
👉 https://hackerone.com/reports/1343492
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #siratsami
🔹 State: 🟢 Resolved
🔹 Disclosed: October 30, 2021, 2:08am (UTC)
👉 https://hackerone.com/reports/1343492
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #siratsami
🔹 State: 🟢 Resolved
🔹 Disclosed: October 30, 2021, 2:08am (UTC)