DOS validator nodes of blockchain to block external connections

👉 https://hackerone.com/reports/1695472

🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #cre8
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 7:56am (UTC)

XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution

👉 https://hackerone.com/reports/1632119

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #nokline
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 1:03pm (UTC)

Web Cache Poisoning leads to XSS and DoS

👉 https://hackerone.com/reports/1621540

🔹 Severity: High | 💰 1,700 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #nokline
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 1:36pm (UTC)

CSRF in Changing User Verification Email

👉 https://hackerone.com/reports/1531235

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 8:30pm (UTC)

Reflected XSS [██████]

👉 https://hackerone.com/reports/1309386

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 1:58pm (UTC)

Abuse cookie-modification, toast HTML and expired domain in CSP-form-action replacing login-page at www.dropbox.com/login to submit creds externally

👉 https://hackerone.com/reports/1590794

🔹 Severity: High | 💰 6,909 USD
🔹 Reported To: Dropbox
🔹 Reported By: #fransrosen
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 3:15pm (UTC)

Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain

👉 https://hackerone.com/reports/1221942

🔹 Severity: High
🔹 Reported To: Meredith
🔹 Reported By: #error201
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 4:12pm (UTC)

Directory Traversal at █████

👉 https://hackerone.com/reports/1641148

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x45
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 8:27pm (UTC)

springboot actuator is leaking internals at ██████████

👉 https://hackerone.com/reports/1662474

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #thpless
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 8:29pm (UTC)

XSS DUE TO CVE-2022-38463 in https://████████

👉 https://hackerone.com/reports/1681208

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shuvam321
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 8:30pm (UTC)

IDOR Lead To VIEW & DELETE & Create api_key [HtUS]

👉 https://hackerone.com/reports/1628012

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #bate5a
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 8:32pm (UTC)

SSRF ACCESS AWS METADATA - █████

👉 https://hackerone.com/reports/1623685

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xr3dhunt
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 8:35pm (UTC)

Unprotected ██████ and Test site API Exposes Documents, Credentials, and Emails in ██████████ Proposal System

👉 https://hackerone.com/reports/745171

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #byteone
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 8:40pm (UTC)

Full read SSRF at █████████ [HtUS]

👉 https://hackerone.com/reports/1628102

🔹 Severity: High | 💰 500 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sudi
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 8:52pm (UTC)

an internel important paths disclosure [HtUS]

👉 https://hackerone.com/reports/1631471

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmed0x0mahmoud
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 8:54pm (UTC)

SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS]

👉 https://hackerone.com/reports/1628209

🔹 Severity: Critical | 💰 4,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #codeprivate
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 9:00pm (UTC)

SQL injection at [https://█████████] [HtUS]

👉 https://hackerone.com/reports/1627995

🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #malcolmx
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 9:04pm (UTC)

SQL injection at [█████████] [HtUS]

👉 https://hackerone.com/reports/1626198

🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #malcolmx
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 9:06pm (UTC)

time based SQL injection at [https://███] [HtUS]

👉 https://hackerone.com/reports/1627970

🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #malcolmx
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 9:10pm (UTC)

STORED XSS in █████████/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS]

👉 https://hackerone.com/reports/1631447

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shreky
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 9:13pm (UTC)

No validation to Image upload user can upload ( php APK zip files and can be used as storage purpose)

👉 https://hackerone.com/reports/1644062

🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Linktree
🔹 Reported By: #bug_vs_me
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2022, 5:38am (UTC)