Memory leak in CURLOPT_XOAUTH2_BEARER
👉 https://hackerone.com/reports/1567257
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #pappacoda
🔹 State: ⚪️ Informative
🔹 Disclosed: May 13, 2022, 7:51am (UTC)
👉 https://hackerone.com/reports/1567257
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #pappacoda
🔹 State: ⚪️ Informative
🔹 Disclosed: May 13, 2022, 7:51am (UTC)
error parse uri path in curl
👉 https://hackerone.com/reports/1566462
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #iylz
🔹 State: 🔴 N/A
🔹 Disclosed: May 13, 2022, 8:34pm (UTC)
👉 https://hackerone.com/reports/1566462
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #iylz
🔹 State: 🔴 N/A
🔹 Disclosed: May 13, 2022, 8:34pm (UTC)
Download full backup [Mtn.co.rw]
👉 https://hackerone.com/reports/1516520
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimatix0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 9:54am (UTC)
👉 https://hackerone.com/reports/1516520
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimatix0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 9:54am (UTC)
Public Postman Api Collection Leaks Internal access to https://assets-paris-dev.codefi.network/
👉 https://hackerone.com/reports/1523651
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Consensys
🔹 Reported By: #polem4rch
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 1:44pm (UTC)
👉 https://hackerone.com/reports/1523651
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Consensys
🔹 Reported By: #polem4rch
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 1:44pm (UTC)
Disclose customer orders details by shopify chat application.
👉 https://hackerone.com/reports/968165
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #zambo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 2:33pm (UTC)
👉 https://hackerone.com/reports/968165
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #zambo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 2:33pm (UTC)
Disclose STUFF member name and make actions.
👉 https://hackerone.com/reports/968174
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #zambo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 2:34pm (UTC)
👉 https://hackerone.com/reports/968174
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #zambo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 2:34pm (UTC)
Credential leak on redirect
👉 https://hackerone.com/reports/1568175
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #iylz
🔹 State: 🔴 N/A
🔹 Disclosed: May 14, 2022, 4:06pm (UTC)
👉 https://hackerone.com/reports/1568175
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #iylz
🔹 State: 🔴 N/A
🔹 Disclosed: May 14, 2022, 4:06pm (UTC)
Origin IP found, WAF Cloudflare Bypass
👉 https://hackerone.com/reports/1536299
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: SMTP2GO BBP
🔹 Reported By: #mrrobot2050
🔹 State: 🟢 Resolved
🔹 Disclosed: May 15, 2022, 10:20am (UTC)
👉 https://hackerone.com/reports/1536299
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: SMTP2GO BBP
🔹 Reported By: #mrrobot2050
🔹 State: 🟢 Resolved
🔹 Disclosed: May 15, 2022, 10:20am (UTC)
HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function
👉 https://hackerone.com/reports/1478633
🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #albertspedersen
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 8:57am (UTC)
👉 https://hackerone.com/reports/1478633
🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #albertspedersen
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 8:57am (UTC)
CVE-2022-27781: CERTINFO never-ending busy-loop
👉 https://hackerone.com/reports/1555441
🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #sybr
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 9:01am (UTC)
👉 https://hackerone.com/reports/1555441
🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #sybr
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 9:01am (UTC)
Security misconfiguration
👉 https://hackerone.com/reports/1486327
🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #mr23r0
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 9:41am (UTC)
👉 https://hackerone.com/reports/1486327
🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #mr23r0
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 9:41am (UTC)
Site information's Display Name section vulnerable for XSS attacks and HTML Injections.
👉 https://hackerone.com/reports/1554888
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Automattic
🔹 Reported By: #sawrav-chowdhury
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 1:59pm (UTC)
👉 https://hackerone.com/reports/1554888
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Automattic
🔹 Reported By: #sawrav-chowdhury
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 1:59pm (UTC)
Privilege Escalation on TikTok for Business
👉 https://hackerone.com/reports/1505567
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #naaash
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 8:06pm (UTC)
👉 https://hackerone.com/reports/1505567
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #naaash
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 8:06pm (UTC)
👍1
[app.lemlist.com] Improper handling of payment lead to bypass payment
👉 https://hackerone.com/reports/1420697
🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #omarelfarsaoui
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2022, 8:54am (UTC)
👉 https://hackerone.com/reports/1420697
🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #omarelfarsaoui
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2022, 8:54am (UTC)
Integer overflow vulnerability
👉 https://hackerone.com/reports/1562515
🔹 Severity: Critical
🔹 Reported To: Glovo
🔹 Reported By: #0f1c3r
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2022, 1:46pm (UTC)
👉 https://hackerone.com/reports/1562515
🔹 Severity: Critical
🔹 Reported To: Glovo
🔹 Reported By: #0f1c3r
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2022, 1:46pm (UTC)
Conduit feed.publish API allows you to spoof other users or make it look like you have access to a restricted object
👉 https://hackerone.com/reports/1566325
🔹 Severity: No Rating | 💰 300 USD
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2022, 12:14pm (UTC)
👉 https://hackerone.com/reports/1566325
🔹 Severity: No Rating | 💰 300 USD
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2022, 12:14pm (UTC)
Bypass global deny-lists by wrapping domains using "[]" in https://github.com/stripe/smokescreen
👉 https://hackerone.com/reports/1528242
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Stripe
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2022, 6:59pm (UTC)
👉 https://hackerone.com/reports/1528242
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Stripe
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2022, 6:59pm (UTC)
XSS and iframe injection on tiktok ads portal using redirect params
👉 https://hackerone.com/reports/1514554
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #cancerz
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 2:49am (UTC)
👉 https://hackerone.com/reports/1514554
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #cancerz
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 2:49am (UTC)
Email html Injection
👉 https://hackerone.com/reports/1461194
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Slack
🔹 Reported By: #smitgharat0001
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 1:03pm (UTC)
👉 https://hackerone.com/reports/1461194
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Slack
🔹 Reported By: #smitgharat0001
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 1:03pm (UTC)
👍2
Stored XSS in repository file viewer
👉 https://hackerone.com/reports/1072868
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #kannthu
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 3:19pm (UTC)
👉 https://hackerone.com/reports/1072868
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #kannthu
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 3:19pm (UTC)
8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory
👉 https://hackerone.com/reports/1400357
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #huntinex
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 5:01pm (UTC)
👉 https://hackerone.com/reports/1400357
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #huntinex
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 5:01pm (UTC)