Server-side request forgery (ssrf)
👉 https://hackerone.com/reports/1712240
🔹 Severity: Medium
🔹 Reported To: Yelp
🔹 Reported By: #raja404
🔹 State: 🔴 N/A
🔹 Disclosed: September 28, 2022, 7:54am (UTC)
👉 https://hackerone.com/reports/1712240
🔹 Severity: Medium
🔹 Reported To: Yelp
🔹 Reported By: #raja404
🔹 State: 🔴 N/A
🔹 Disclosed: September 28, 2022, 7:54am (UTC)
DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)
👉 https://hackerone.com/reports/1632921
🔹 Severity: High
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2022, 8:38am (UTC)
👉 https://hackerone.com/reports/1632921
🔹 Severity: High
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2022, 8:38am (UTC)
Take over subdomains of r2.dev using R2 custom domains
👉 https://hackerone.com/reports/1700276
🔹 Severity: Medium | 💰 1,125 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #albertspedersen
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2022, 12:49pm (UTC)
👉 https://hackerone.com/reports/1700276
🔹 Severity: Medium | 💰 1,125 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #albertspedersen
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2022, 12:49pm (UTC)
CSV export/import functionality allows administrators to modify member and message content of a workspace
👉 https://hackerone.com/reports/1661310
🔹 Severity: No Rating | 💰 250 USD
🔹 Reported To: Slack
🔹 Reported By: #security_warrior
🔹 State: ⚪️ Informative
🔹 Disclosed: September 28, 2022, 8:30pm (UTC)
👉 https://hackerone.com/reports/1661310
🔹 Severity: No Rating | 💰 250 USD
🔹 Reported To: Slack
🔹 Reported By: #security_warrior
🔹 State: ⚪️ Informative
🔹 Disclosed: September 28, 2022, 8:30pm (UTC)
XSS in Widget Review Form Preview in settings
👉 https://hackerone.com/reports/1595905
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Judge.me
🔹 Reported By: #penguinshelp
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2022, 8:35am (UTC)
👉 https://hackerone.com/reports/1595905
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Judge.me
🔹 Reported By: #penguinshelp
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2022, 8:35am (UTC)
no rate limit in forgot password session
👉 https://hackerone.com/reports/1714970
🔹 Severity: Medium
🔹 Reported To: Yelp
🔹 Reported By: #irfadps
🔹 State: 🔴 N/A
🔹 Disclosed: September 29, 2022, 6:17pm (UTC)
👉 https://hackerone.com/reports/1714970
🔹 Severity: Medium
🔹 Reported To: Yelp
🔹 Reported By: #irfadps
🔹 State: 🔴 N/A
🔹 Disclosed: September 29, 2022, 6:17pm (UTC)
Open Redirect
👉 https://hackerone.com/reports/1581258
🔹 Severity: Low | 💰 258 USD
🔹 Reported To: Flickr
🔹 Reported By: #stevejubs
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2022, 10:51pm (UTC)
👉 https://hackerone.com/reports/1581258
🔹 Severity: Low | 💰 258 USD
🔹 Reported To: Flickr
🔹 Reported By: #stevejubs
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2022, 10:51pm (UTC)
Password Policy Restriction Bypass
👉 https://hackerone.com/reports/1675730
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #lohigowda
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 8:50am (UTC)
👉 https://hackerone.com/reports/1675730
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #lohigowda
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 8:50am (UTC)
Lack of Packet Sanitation in Goflow Results in Multiple DoS Attack Vectors and Bugs
👉 https://hackerone.com/reports/1636320
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #path_network
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 11:15am (UTC)
👉 https://hackerone.com/reports/1636320
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #path_network
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 11:15am (UTC)
Unrestricted File Upload on reddit.secure.force.com
👉 https://hackerone.com/reports/1606957
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #heckintosh
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 2:56pm (UTC)
👉 https://hackerone.com/reports/1606957
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #heckintosh
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 2:56pm (UTC)
IDOR allows an attacker to modify the links of any user
👉 https://hackerone.com/reports/1661113
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #criptex
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 3:09pm (UTC)
👉 https://hackerone.com/reports/1661113
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #criptex
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 3:09pm (UTC)
Open Redirect on www.redditinc.com via `failed` query param bypass after fixed bug #1257753
👉 https://hackerone.com/reports/1285081
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Reddit
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 3:11pm (UTC)
👉 https://hackerone.com/reports/1285081
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Reddit
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 3:11pm (UTC)
Bypassing authorization of linked Instagram account
👉 https://hackerone.com/reports/1199965
🔹 Severity: Low | 💰 170 USD
🔹 Reported To: TikTok
🔹 Reported By: #ckerha
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 9:30pm (UTC)
👉 https://hackerone.com/reports/1199965
🔹 Severity: Low | 💰 170 USD
🔹 Reported To: TikTok
🔹 Reported By: #ckerha
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 9:30pm (UTC)
👍1
Generated passwords are not fully validated by HIBPValidator
👉 https://hackerone.com/reports/1606961
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #bjoernv
🔹 State: 🟢 Resolved
🔹 Disclosed: October 1, 2022, 4:50am (UTC)
👉 https://hackerone.com/reports/1606961
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #bjoernv
🔹 State: 🟢 Resolved
🔹 Disclosed: October 1, 2022, 4:50am (UTC)
👍1
jira discloser information
👉 https://hackerone.com/reports/994612
🔹 Severity: Low
🔹 Reported To: Informatica
🔹 Reported By: #isumitpatel
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2022, 1:03pm (UTC)
👉 https://hackerone.com/reports/994612
🔹 Severity: Low
🔹 Reported To: Informatica
🔹 Reported By: #isumitpatel
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2022, 1:03pm (UTC)
Reddit talk promotion offers don't expire, allowing users to accept them after being demoted
👉 https://hackerone.com/reports/1656380
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #ahacker1
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2022, 3:25pm (UTC)
👉 https://hackerone.com/reports/1656380
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #ahacker1
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2022, 3:25pm (UTC)
Bypass two-factor authentication
👉 https://hackerone.com/reports/1664974
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #ydvanjali
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2022, 12:03pm (UTC)
👉 https://hackerone.com/reports/1664974
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #ydvanjali
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2022, 12:03pm (UTC)
[CPP]: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch
👉 https://hackerone.com/reports/1710575
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:50pm (UTC)
👉 https://hackerone.com/reports/1710575
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:50pm (UTC)
[Java]: CWE-625 - Query to detect regex dot bypass
👉 https://hackerone.com/reports/1690045
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:50pm (UTC)
👉 https://hackerone.com/reports/1690045
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:50pm (UTC)
[JAVA]: Partial Path Traversal
👉 https://hackerone.com/reports/1678405
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #smehta23
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:51pm (UTC)
👉 https://hackerone.com/reports/1678405
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #smehta23
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:51pm (UTC)
PYTHON: CWE-079 - Add query for email injection
👉 https://hackerone.com/reports/1602237
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:52pm (UTC)
👉 https://hackerone.com/reports/1602237
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:52pm (UTC)