Race condition on https://judge.me/people

👉 https://hackerone.com/reports/1566017

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Judge.me
🔹 Reported By: #netboom
🔹 State: 🟢 Resolved
🔹 Disclosed: August 1, 2022, 5:28am (UTC)

Insecure use of shell.openExternal() in Rocket.Chat Desktop App leading to RCE

👉 https://hackerone.com/reports/924151

🔹 Severity: Critical
🔹 Reported To: Rocket.Chat
🔹 Reported By: #baltpeter
🔹 State: 🟢 Resolved
🔹 Disclosed: August 1, 2022, 10:17am (UTC)

delete the subaccount from the user id

👉 https://hackerone.com/reports/1646340

🔹 Severity: Medium | 💰 700 USD
🔹 Reported To: Showmax
🔹 Reported By: #qualwin38000
🔹 State: 🟢 Resolved
🔹 Disclosed: August 1, 2022, 1:05pm (UTC)

Insecure TLS Configuration #3530

👉 https://hackerone.com/reports/1639423

🔹 Severity: Low
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: 🔴 N/A
🔹 Disclosed: August 1, 2022, 2:04pm (UTC)

Found Origin IP's lead to access to gitlab

👉 https://hackerone.com/reports/1637577

🔹 Severity: Medium
🔹 Reported To: GitLab
🔹 Reported By: #m-narayanan
🔹 State: ⚪️ Informative
🔹 Disclosed: August 2, 2022, 4:51am (UTC)

One-click account hijack for anyone using Apple sign-in with Reddit, due to response-type switch + leaking href to XSS on www.redditmedia.com

👉 https://hackerone.com/reports/1567186

🔹 Severity: Critical | 💰 10,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #fransrosen
🔹 State: 🟢 Resolved
🔹 Disclosed: August 2, 2022, 3:13pm (UTC)

XSS in redditmedia.com can compromise data of reddit.com

👉 https://hackerone.com/reports/862882

🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #keer0k
🔹 State: 🔴 N/A
🔹 Disclosed: August 3, 2022, 3:40pm (UTC)

Unrestricted File Upload Blind Stored Xss in subdomain ads.tiktok.com

👉 https://hackerone.com/reports/1577370

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: TikTok
🔹 Reported By: #mrzheev
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 1:31am (UTC)

Sensei LMS IDOR to send message

👉 https://hackerone.com/reports/1592596

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #ghimire_veshraj
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 10:17am (UTC)

Unauthenticated Private Messages DIsclosure via wordpress Rest API

👉 https://hackerone.com/reports/1590237

🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Automattic
🔹 Reported By: #ghimire_veshraj
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 10:45am (UTC)

Getting access of mod logs from any public or restricted subreddit with IDOR vulnerability

👉 https://hackerone.com/reports/1658418

🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #high_ping_ninja
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 7:38pm (UTC)

Fix : (Security) Mitigate Path Traversal Bug

👉 https://hackerone.com/reports/1635321

🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: 🟢 Resolved
🔹 Disclosed: August 5, 2022, 9:41pm (UTC)

Ingress-nginx path allows retrieval of ingress-nginx serviceaccount token

👉 https://hackerone.com/reports/1382919

🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #gaffy
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 7:14am (UTC)

cross site noscripting in : mtn.bj

👉 https://hackerone.com/reports/1264834

🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #alimanshester
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 11:19am (UTC)

RCE vulnerability in Hyperledger Fabric SDK for Java

👉 https://hackerone.com/reports/801370

🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #freskimo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 5:37pm (UTC)

HTTP PUT method is enabled downloader.ratelimited.me

👉 https://hackerone.com/reports/545136

🔹 Severity: High
🔹 Reported To: RATELIMITED
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: August 7, 2022, 2:01am (UTC)

Brute Force of fabric-ca server admin account

👉 https://hackerone.com/reports/411364

🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #xiaoc
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 5:36pm (UTC)

Enrolling to a CA that returns an empty response crashes the node process

👉 https://hackerone.com/reports/506412

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #mttrbrts
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 5:37pm (UTC)

Anonymous access control - Payments Status

👉 https://hackerone.com/reports/1546726

🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Omise
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: August 7, 2022, 1:59am (UTC)

Lack of Rate limit while joining video call in talk section which is password protected

👉 https://hackerone.com/reports/1596673

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #error2001
🔹 State: 🟢 Resolved
🔹 Disclosed: August 8, 2022, 6:58am (UTC)

xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)

👉 https://hackerone.com/reports/1622867

🔹 Severity: Medium
🔹 Reported To: Top Echelon Software
🔹 Reported By: #anonymmert12
🔹 State: 🟢 Resolved
🔹 Disclosed: August 8, 2022, 1:35pm (UTC)