Account takeover via Google OneTap
👉 https://hackerone.com/reports/671406
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Priceline
🔹 Reported By: #badca7
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 9:37am (UTC)
👉 https://hackerone.com/reports/671406
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Priceline
🔹 Reported By: #badca7
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 9:37am (UTC)
CVE-2022-27782: TLS and SSH connection too eager reuse
👉 https://hackerone.com/reports/1555796
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 12:40pm (UTC)
👉 https://hackerone.com/reports/1555796
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 12:40pm (UTC)
SQL injextion via vulnerable doctrine/dbal version
👉 https://hackerone.com/reports/1390331
🔹 Severity: High
🔹 Reported To: Nextcloud
🔹 Reported By: #nickvergessen
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 2:08pm (UTC)
👉 https://hackerone.com/reports/1390331
🔹 Severity: High
🔹 Reported To: Nextcloud
🔹 Reported By: #nickvergessen
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 2:08pm (UTC)
CVE-2022-27780: percent-encoded path separator in URL host
👉 https://hackerone.com/reports/1553841
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 3:33pm (UTC)
👉 https://hackerone.com/reports/1553841
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 3:33pm (UTC)
👍1
CVE-2022-30115: HSTS bypass via trailing dot
👉 https://hackerone.com/reports/1557449
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 3:33pm (UTC)
👉 https://hackerone.com/reports/1557449
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 3:33pm (UTC)
Remote kernel heap overflow
👉 https://hackerone.com/reports/1350653
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #m00nbsd
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 6:09pm (UTC)
👉 https://hackerone.com/reports/1350653
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #m00nbsd
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 6:09pm (UTC)
👍2🔥2👏2❤1
Storage of old passwords in plain text format
👉 https://hackerone.com/reports/1549217
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Recorded Future
🔹 Reported By: #subuganz
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 1:06pm (UTC)
👉 https://hackerone.com/reports/1549217
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Recorded Future
🔹 Reported By: #subuganz
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 1:06pm (UTC)
SQL Injection on █████
👉 https://hackerone.com/reports/277380
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cdl
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 7:57pm (UTC)
👉 https://hackerone.com/reports/277380
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cdl
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 7:57pm (UTC)
SQL Injection on https://████████/
👉 https://hackerone.com/reports/232378
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cdl
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 7:59pm (UTC)
👉 https://hackerone.com/reports/232378
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cdl
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 7:59pm (UTC)
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
👉 https://hackerone.com/reports/1555025
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:00pm (UTC)
👉 https://hackerone.com/reports/1555025
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:00pm (UTC)
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
👉 https://hackerone.com/reports/1555027
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:01pm (UTC)
👉 https://hackerone.com/reports/1555027
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:01pm (UTC)
[CVE-2020-3452] Unauthenticated file read in Cisco ASA
👉 https://hackerone.com/reports/1555021
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:02pm (UTC)
👉 https://hackerone.com/reports/1555021
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:02pm (UTC)
[CVE-2020-3452] Unauthenticated file read in Cisco ASA
👉 https://hackerone.com/reports/1555015
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:03pm (UTC)
👉 https://hackerone.com/reports/1555015
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:03pm (UTC)
CVE-2022-27782: TLS and SSH connection too eager reuse
👉 https://hackerone.com/reports/1565624
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:31pm (UTC)
👉 https://hackerone.com/reports/1565624
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:31pm (UTC)
CVE-2022-27778: curl removes wrong file on error
👉 https://hackerone.com/reports/1565623
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:32pm (UTC)
👉 https://hackerone.com/reports/1565623
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:32pm (UTC)
[Java]: CWE-321 - Query to detect hardcoded JWT secret keys
👉 https://hackerone.com/reports/1567588
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:30am (UTC)
👉 https://hackerone.com/reports/1567588
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:30am (UTC)
[CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
👉 https://hackerone.com/reports/1564100
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
👉 https://hackerone.com/reports/1564100
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
[Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications
👉 https://hackerone.com/reports/1564099
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
👉 https://hackerone.com/reports/1564099
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
[CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf
👉 https://hackerone.com/reports/1549073
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
👉 https://hackerone.com/reports/1549073
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
[Java] CWE-016: Query to detect insecure configuration of Spring Boot Actuator
👉 https://hackerone.com/reports/1137966
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:32am (UTC)
👉 https://hackerone.com/reports/1137966
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:32am (UTC)
Cookie injection from non-secure context
👉 https://hackerone.com/reports/1560324
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🔴 N/A
🔹 Disclosed: May 13, 2022, 6:44am (UTC)
👉 https://hackerone.com/reports/1560324
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🔴 N/A
🔹 Disclosed: May 13, 2022, 6:44am (UTC)