%0A (New line) and limitness URL leads to DoS at all system [Main adress (https://www.acronis.com/)]

👉 https://hackerone.com/reports/1382448

🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #plantos
🔹 State: 🟢 Resolved
🔹 Disclosed: January 4, 2022, 9:47am (UTC)

Buffer overflow in req_parsebody method in lua_request.c

👉 https://hackerone.com/reports/1434056

🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: January 4, 2022, 3:31pm (UTC)

OPEN REDIRECT

👉 https://hackerone.com/reports/1369806

🔹 Severity: Low
🔹 Reported To: Nutanix
🔹 Reported By: #kauenavarro
🔹 State: 🟢 Resolved
🔹 Disclosed: January 4, 2022, 4:14pm (UTC)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

👉 https://hackerone.com/reports/1440161

🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #n1had
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 2:44am (UTC)

ABLE TO TRICK THE VICTIM INTO USING A CRAFTED EMAIL ADDRESS FOR A PARTICULAR SESSION AND THEN LATER TAKE BACK THE ACCOUNT

👉 https://hackerone.com/reports/1357013

🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #at11zt00
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 5:15am (UTC)

Subdomain takeover of images.crossinstall.com

👉 https://hackerone.com/reports/1406335

🔹 Severity: High
🔹 Reported To: Twitter
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 7:58pm (UTC)

Grafana LFI on https://grafana.mariadb.org

👉 https://hackerone.com/reports/1419213

🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #realtess
🔹 State: 🟢 Resolved
🔹 Disclosed: January 6, 2022, 5:57pm (UTC)

blog/wp-json/wp/v2/users FILE is enable it will used for bruteforce attack the admin panel at blog/wp-login.php

👉 https://hackerone.com/reports/1403302

🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #kassem_s94
🔹 State: 🟢 Resolved
🔹 Disclosed: January 9, 2022, 6:28pm (UTC)

Prototype pollution via console.table properties

👉 https://hackerone.com/reports/1431042

🔹 Severity: Low
🔹 Reported To: Node.js
🔹 Reported By: #rugvip
🔹 State: 🟢 Resolved
🔹 Disclosed: January 11, 2022, 5:23pm (UTC)

Clickjacking to change email address

👉 https://hackerone.com/reports/783191

🔹 Severity: High
🔹 Reported To: Gener8
🔹 Reported By: #paramdham
🔹 State: 🟢 Resolved
🔹 Disclosed: January 12, 2022, 8:33am (UTC)

CSRF to change password

👉 https://hackerone.com/reports/204703

🔹 Severity: Critical | 💰 300 USD
🔹 Reported To: Nord Security
🔹 Reported By: #paramdham
🔹 State: 🟢 Resolved
🔹 Disclosed: January 12, 2022, 8:33am (UTC)

Account Takeover via SMS Authentication Flow

👉 https://hackerone.com/reports/1245762

🔹 Severity: High | 💰 1,750 USD
🔹 Reported To: Zenly
🔹 Reported By: #yetanotherhacker
🔹 State: 🟢 Resolved
🔹 Disclosed: January 12, 2022, 10:08am (UTC)

Friend Request Flow Exposes User Data

👉 https://hackerone.com/reports/1245741

🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Zenly
🔹 Reported By: #yetanotherhacker
🔹 State: 🟢 Resolved
🔹 Disclosed: January 12, 2022, 10:25am (UTC)

[IDOR] Modify other team's reminders via reminderId parameter

👉 https://hackerone.com/reports/946323

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 13, 2022, 12:21am (UTC)

Reflected xss and open redirect on larksuite.com using /?back_uri= parameter.

👉 https://hackerone.com/reports/955606

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 13, 2022, 12:24am (UTC)

Disclosure of github access token in config file via nignx off-by-slash

👉 https://hackerone.com/reports/1386547

🔹 Severity: Critical
🔹 Reported To: Adobe
🔹 Reported By: #letm3through
🔹 State: 🟢 Resolved
🔹 Disclosed: January 13, 2022, 6:16pm (UTC)

AEM forms XXE Vulnerability

👉 https://hackerone.com/reports/1321070

🔹 Severity: Critical
🔹 Reported To: Adobe
🔹 Reported By: #ismailmuh
🔹 State: 🟢 Resolved
🔹 Disclosed: January 13, 2022, 6:38pm (UTC)

Bug Report : [ No Valid SPF Records ]

👉 https://hackerone.com/reports/1301696

🔹 Severity: High
🔹 Reported To: Ruby
🔹 Reported By: #sohaib619
🔹 State: ⚪️ Informative
🔹 Disclosed: January 13, 2022, 10:39pm (UTC)

Deserialization of potentially malicious data to RCE

👉 https://hackerone.com/reports/1415436

🔹 Severity: High
🔹 Reported To: Django
🔹 Reported By: #scaramouche31
🔹 State: ⚪️ Informative
🔹 Disclosed: January 14, 2022, 4:34pm (UTC)

SQL Injection and plaintext passwords via User Search

👉 https://hackerone.com/reports/703819

🔹 Severity: High
🔹 Reported To: IBM
🔹 Reported By: #xyantix
🔹 State: 🟢 Resolved
🔹 Disclosed: January 14, 2022, 6:42pm (UTC)

Stored xss on helpdesk using user's city

👉 https://hackerone.com/reports/971857

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 14, 2022, 8:36pm (UTC)