Email address disclosure via invite token validatiion

👉 https://hackerone.com/reports/1560072

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: TikTok
🔹 Reported By: #noob_but_cut3
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 12:28am (UTC)

disclosure the live_analytics information of any livestream.

👉 https://hackerone.com/reports/1561299

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #datph4m
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 12:33am (UTC)

CVE-2022-27779: cookie for trailing dot TLD

👉 https://hackerone.com/reports/1565615

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 6:58pm (UTC)

CVE-2022-27780: percent-encoded path separator in URL host

👉 https://hackerone.com/reports/1565619

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 6:58pm (UTC)

CVE-2022-30115: HSTS bypass via trailing dot

👉 https://hackerone.com/reports/1565622

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 6:58pm (UTC)

All user password hash can be seen from admin panel

👉 https://hackerone.com/reports/1489892

🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #dark_haxor
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 11:31pm (UTC)

lack of rate limit on athentification login page & forgot password page

👉 https://hackerone.com/reports/1591764

🔹 Severity: Medium
🔹 Reported To: Showmax
🔹 Reported By: #saidkira
🔹 State: ⚪️ Informative
🔹 Disclosed: June 13, 2022, 7:09am (UTC)

Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag

👉 https://hackerone.com/reports/1530898

🔹 Severity: Medium
🔹 Reported To: Ruby on Rails
🔹 Reported By: #windshock
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 3:49am (UTC)

Reflected Cross Site Scripting at http://www.grouplogic.com/files/glidownload/verify3.asp [Uppercase Filter Bypass]

👉 https://hackerone.com/reports/1167034

🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #ub3rsick
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:20am (UTC)

Reflected Cross Site Scripting at ColdFusion Debugging Panel http://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm

👉 https://hackerone.com/reports/1166918

🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #ub3rsick
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:20am (UTC)

HTML Injection in E-mail

👉 https://hackerone.com/reports/1536899

🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #mega7
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:21am (UTC)

Hyper Link Injection while signup

👉 https://hackerone.com/reports/1166073

🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #011alsanosi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 10:04am (UTC)

CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory

👉 https://hackerone.com/reports/1582697

🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:57pm (UTC)

Golang : Hardcoded secret used for signing JWT

👉 https://hackerone.com/reports/1595009

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:58pm (UTC)

Golang : Add Query To Detect PAM Authorization Bugs

👉 https://hackerone.com/reports/1597437

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:58pm (UTC)

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su

👉 https://hackerone.com/reports/1591504

🔹 Severity: Medium
🔹 Reported To: LinkedIn
🔹 Reported By: #suryasnn
🔹 State: 🔴 N/A
🔹 Disclosed: June 15, 2022, 6:18pm (UTC)

Remote 0click exfiltration of Safari user's IP address

👉 https://hackerone.com/reports/1392211

🔹 Severity: Medium | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #max2x
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 8:00pm (UTC)

Delete direct message history without access the proper conversation_id

👉 https://hackerone.com/reports/1487804

🔹 Severity: Medium | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #saiful6601
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 8:01pm (UTC)

Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact)

👉 https://hackerone.com/reports/1578121

🔹 Severity: No Rating
🔹 Reported To: LinkedIn
🔹 Reported By: #sachinrajput
🔹 State: 🔴 N/A
🔹 Disclosed: June 15, 2022, 9:10pm (UTC)

XSS STORED at https://webcast.tiktokv.com/ Via Create Live Event in `Denoscription` Form

👉 https://hackerone.com/reports/1542703

🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #aidilarf_2000
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2022, 1:58am (UTC)

CSRF (protection bypassed) to force a below 18 user into viewing an nsfw subreddit !

👉 https://hackerone.com/reports/1480569

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #marvelmaniac
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2022, 4:27am (UTC)