Disclose customer orders details by shopify chat application.

👉 https://hackerone.com/reports/968165

🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #zambo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 2:33pm (UTC)

Disclose STUFF member name and make actions.

👉 https://hackerone.com/reports/968174

🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #zambo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 2:34pm (UTC)

Credential leak on redirect

👉 https://hackerone.com/reports/1568175

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #iylz
🔹 State: 🔴 N/A
🔹 Disclosed: May 14, 2022, 4:06pm (UTC)

Origin IP found, WAF Cloudflare Bypass

👉 https://hackerone.com/reports/1536299

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: SMTP2GO BBP
🔹 Reported By: #mrrobot2050
🔹 State: 🟢 Resolved
🔹 Disclosed: May 15, 2022, 10:20am (UTC)

HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function

👉 https://hackerone.com/reports/1478633

🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #albertspedersen
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 8:57am (UTC)

CVE-2022-27781: CERTINFO never-ending busy-loop

👉 https://hackerone.com/reports/1555441

🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #sybr
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 9:01am (UTC)

Security misconfiguration

👉 https://hackerone.com/reports/1486327

🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #mr23r0
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 9:41am (UTC)

Site information's Display Name section vulnerable for XSS attacks and HTML Injections.

👉 https://hackerone.com/reports/1554888

🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Automattic
🔹 Reported By: #sawrav-chowdhury
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 1:59pm (UTC)

Privilege Escalation on TikTok for Business

👉 https://hackerone.com/reports/1505567

🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #naaash
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 8:06pm (UTC)

[app.lemlist.com] Improper handling of payment lead to bypass payment

👉 https://hackerone.com/reports/1420697

🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #omarelfarsaoui
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2022, 8:54am (UTC)

Integer overflow vulnerability

👉 https://hackerone.com/reports/1562515

🔹 Severity: Critical
🔹 Reported To: Glovo
🔹 Reported By: #0f1c3r
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2022, 1:46pm (UTC)

Conduit feed.publish API allows you to spoof other users or make it look like you have access to a restricted object

👉 https://hackerone.com/reports/1566325

🔹 Severity: No Rating | 💰 300 USD
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2022, 12:14pm (UTC)

Bypass global deny-lists by wrapping domains using "[]" in https://github.com/stripe/smokescreen

👉 https://hackerone.com/reports/1528242

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Stripe
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2022, 6:59pm (UTC)

XSS and iframe injection on tiktok ads portal using redirect params

👉 https://hackerone.com/reports/1514554

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #cancerz
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 2:49am (UTC)

Email html Injection

👉 https://hackerone.com/reports/1461194

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Slack
🔹 Reported By: #smitgharat0001
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 1:03pm (UTC)

Stored XSS in repository file viewer

👉 https://hackerone.com/reports/1072868

🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #kannthu
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 3:19pm (UTC)

8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory

👉 https://hackerone.com/reports/1400357

🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #huntinex
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 5:01pm (UTC)

Sensitive files/ data exists post deletion of user account

👉 https://hackerone.com/reports/1222873

🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #geekysherlock
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 9:25am (UTC)

Nextcloud Deck : Possibility for anyone to add a stack with existing tasks on anyone's board

👉 https://hackerone.com/reports/1450117

🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #supr4s
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 10:37am (UTC)

Error in Deleting Deck cards attachment reveals the full path of the website

👉 https://hackerone.com/reports/1354334

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #ctulhu
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 2:04pm (UTC)

Arbitrary POST request as victim user from HTML injection in Jupyter notebooks

👉 https://hackerone.com/reports/1409788

🔹 Severity: High | 💰 8,690 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 2:32pm (UTC)