Card requirement bypass for business trial

👉 https://hackerone.com/reports/1670304

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Krisp
🔹 Reported By: #n0_m3rcy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2022, 4:23pm (UTC)

access nagios dashboard using default credentials in ** omon1.fpki.gov, 3.220.248.203**

👉 https://hackerone.com/reports/1700896

🔹 Severity: Critical
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #ahmed0x0mahmoud
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2022, 11:33pm (UTC)

installed.json sensitive file was publicly accessible on your web application which discloses information about authors and admins

👉 https://hackerone.com/reports/1586524

🔹 Severity: Low
🔹 Reported To: Yelp
🔹 Reported By: #whitehacker18
🔹 State: ⚪️ Informative
🔹 Disclosed: October 22, 2022, 6:39pm (UTC)

Viewer is able to leak the previous versions of the file

👉 https://hackerone.com/reports/1080700

🔹 Severity: Medium | 💰 550 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #snapsec
🔹 State: 🟢 Resolved
🔹 Disclosed: October 24, 2022, 9:56pm (UTC)

IDOR Allows Viewer to Delete Bin's Files

👉 https://hackerone.com/reports/1074420

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #snapsec
🔹 State: 🟢 Resolved
🔹 Disclosed: October 24, 2022, 9:59pm (UTC)

Remotely Accessible Container Advisor exposed performance metrics and resource usage

👉 https://hackerone.com/reports/1697599

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: TikTok
🔹 Reported By: #tw4v3sx
🔹 State: 🟢 Resolved
🔹 Disclosed: October 24, 2022, 10:07pm (UTC)

A malicious admin can be able to permanently disable a Owner(Admin) to access his account

👉 https://hackerone.com/reports/1718574

🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: Linktree
🔹 Reported By: #dewcode91
🔹 State: 🟢 Resolved
🔹 Disclosed: October 25, 2022, 12:49am (UTC)

Reflected Cross site noscripting via Swagger UI

👉 https://hackerone.com/reports/1656650

🔹 Severity: Medium
🔹 Reported To: Adobe
🔹 Reported By: #webcipher101
🔹 State: 🟢 Resolved
🔹 Disclosed: October 25, 2022, 7:14am (UTC)

Business Logic, currency arbitrage - Possibility to pay less than the price in USD

👉 https://hackerone.com/reports/1677155

🔹 Severity: Medium
🔹 Reported To: PortSwigger Web Security
🔹 Reported By: #xctzn
🔹 State: ⚪️ Informative
🔹 Disclosed: October 26, 2022, 6:57am (UTC)

HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding (improper fix for CVE-2022-32215)

👉 https://hackerone.com/reports/1665156

🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #shacharm
🔹 State: 🟢 Resolved
🔹 Disclosed: October 26, 2022, 8:17am (UTC)

Node 18 reads openssl.cnf from /home/iojs/build/... upon startup on MacOS

👉 https://hackerone.com/reports/1695596

🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #mhdawson
🔹 State: 🟢 Resolved
🔹 Disclosed: October 26, 2022, 8:17am (UTC)

CVE-2022-32213 bypass via obs-fold mechanic

👉 https://hackerone.com/reports/1630336

🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: October 26, 2022, 8:17am (UTC)

HTTP Request Smuggling Due to Incorrect Parsing of Header Fields

👉 https://hackerone.com/reports/1675191

🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #vvx7
🔹 State: 🟢 Resolved
🔹 Disclosed: October 26, 2022, 8:17am (UTC)

Weak randomness in WebCrypto keygen

👉 https://hackerone.com/reports/1690000

🔹 Severity: High
🔹 Reported To: Node.js
🔹 Reported By: #bnoordhuis
🔹 State: 🟢 Resolved
🔹 Disclosed: October 26, 2022, 8:18am (UTC)

Subdomain takeover on 'de-headless.staging.gymshark.com'

👉 https://hackerone.com/reports/1711890

🔹 Severity: High
🔹 Reported To: Gymshark
🔹 Reported By: #a-p0c
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2022, 11:14am (UTC)

CVE-2022-35260: .netrc parser out-of-bounds access

👉 https://hackerone.com/reports/1721098

🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #kurohiro
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2022, 2:55pm (UTC)

CVE-2022-42916: HSTS bypass via IDN

👉 https://hackerone.com/reports/1730660

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #kurohiro
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2022, 2:55pm (UTC)

Jolokia Reflected XSS

👉 https://hackerone.com/reports/1714563

🔹 Severity: Medium
🔹 Reported To: Mars
🔹 Reported By: #ramzanrl
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2022, 5:36pm (UTC)

HTML INJECTION FOUND ON https://adobedocs.github.io/analytics-1.4-apis/swagger-docs.html DUE TO OUTDATED SWAGGER UI

👉 https://hackerone.com/reports/1736466

🔹 Severity: Low
🔹 Reported To: Adobe
🔹 Reported By: #dreamer_eh
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2022, 7:18am (UTC)

Privilege Escalation to All-staff group

👉 https://hackerone.com/reports/1021460

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #snapsec
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2022, 11:55pm (UTC)

Accessing/Editing Folders of Other Users in the Orginisation.

👉 https://hackerone.com/reports/1025881

🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #snapsec
🔹 State: 🟢 Resolved
🔹 Disclosed: October 29, 2022, 12:56am (UTC)