Reflected Cross Site Scripting at ColdFusion Debugging Panel http://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm

👉 https://hackerone.com/reports/1166918

🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #ub3rsick
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:20am (UTC)

HTML Injection in E-mail

👉 https://hackerone.com/reports/1536899

🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #mega7
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:21am (UTC)

Hyper Link Injection while signup

👉 https://hackerone.com/reports/1166073

🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #011alsanosi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 10:04am (UTC)

CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory

👉 https://hackerone.com/reports/1582697

🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:57pm (UTC)

Golang : Hardcoded secret used for signing JWT

👉 https://hackerone.com/reports/1595009

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:58pm (UTC)

Golang : Add Query To Detect PAM Authorization Bugs

👉 https://hackerone.com/reports/1597437

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:58pm (UTC)

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su

👉 https://hackerone.com/reports/1591504

🔹 Severity: Medium
🔹 Reported To: LinkedIn
🔹 Reported By: #suryasnn
🔹 State: 🔴 N/A
🔹 Disclosed: June 15, 2022, 6:18pm (UTC)

Remote 0click exfiltration of Safari user's IP address

👉 https://hackerone.com/reports/1392211

🔹 Severity: Medium | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #max2x
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 8:00pm (UTC)

Delete direct message history without access the proper conversation_id

👉 https://hackerone.com/reports/1487804

🔹 Severity: Medium | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #saiful6601
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 8:01pm (UTC)

Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact)

👉 https://hackerone.com/reports/1578121

🔹 Severity: No Rating
🔹 Reported To: LinkedIn
🔹 Reported By: #sachinrajput
🔹 State: 🔴 N/A
🔹 Disclosed: June 15, 2022, 9:10pm (UTC)

XSS STORED at https://webcast.tiktokv.com/ Via Create Live Event in `Denoscription` Form

👉 https://hackerone.com/reports/1542703

🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #aidilarf_2000
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2022, 1:58am (UTC)

CSRF (protection bypassed) to force a below 18 user into viewing an nsfw subreddit !

👉 https://hackerone.com/reports/1480569

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #marvelmaniac
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2022, 4:27am (UTC)

curl "globbing" can lead to denial of service attacks

👉 https://hackerone.com/reports/1572120

🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #iylz
🔹 State: 🔴 N/A
🔹 Disclosed: June 16, 2022, 3:14pm (UTC)

xmlrpc file enabled

👉 https://hackerone.com/reports/1575401

🔹 Severity: Low
🔹 Reported To: Yelp
🔹 Reported By: #happykira0x1
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 16, 2022, 7:02pm (UTC)

Race condition via project team member invitation system.

👉 https://hackerone.com/reports/1108291

🔹 Severity: Low | 💰 60 USD
🔹 Reported To: Enjin
🔹 Reported By: #akashhamal0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2022, 8:44am (UTC)

CSRF Bypassed on Logout Endpoint

👉 https://hackerone.com/reports/1091403

🔹 Severity: Low
🔹 Reported To: Enjin
🔹 Reported By: #er_salil
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2022, 8:50am (UTC)

sql injection via https://setup.p2p.ihost.com/

👉 https://hackerone.com/reports/1567516

🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #exploitmsf
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2022, 5:47pm (UTC)

Broken access control

👉 https://hackerone.com/reports/1539426

🔹 Severity: High
🔹 Reported To: UPS VDP
🔹 Reported By: #nayefhamouda
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2022, 4:40pm (UTC)

bypass forced password protection via circles app

👉 https://hackerone.com/reports/1406926

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #michag86
🔹 State: 🟢 Resolved
🔹 Disclosed: June 19, 2022, 8:10am (UTC)

Authentication token and CSRF token bypass

👉 https://hackerone.com/reports/998457

🔹 Severity: High | 💰 300 USD
🔹 Reported To: Enjin
🔹 Reported By: #whiteshadow201
🔹 State: 🟢 Resolved
🔹 Disclosed: June 19, 2022, 12:11pm (UTC)

Admin Authentication Bypass Lead to Admin Account Takeover

👉 https://hackerone.com/reports/1490470

🔹 Severity: Medium
🔹 Reported To: UPS VDP
🔹 Reported By: #7odamo
🔹 State: 🟢 Resolved
🔹 Disclosed: June 20, 2022, 12:18am (UTC)