Jolokia Reflected XSS
👉 https://hackerone.com/reports/1714563
🔹 Severity: Medium
🔹 Reported To: Mars
🔹 Reported By: #ramzanrl
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2022, 5:36pm (UTC)
👉 https://hackerone.com/reports/1714563
🔹 Severity: Medium
🔹 Reported To: Mars
🔹 Reported By: #ramzanrl
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2022, 5:36pm (UTC)
👍1
HTML INJECTION FOUND ON https://adobedocs.github.io/analytics-1.4-apis/swagger-docs.html DUE TO OUTDATED SWAGGER UI
👉 https://hackerone.com/reports/1736466
🔹 Severity: Low
🔹 Reported To: Adobe
🔹 Reported By: #dreamer_eh
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2022, 7:18am (UTC)
👉 https://hackerone.com/reports/1736466
🔹 Severity: Low
🔹 Reported To: Adobe
🔹 Reported By: #dreamer_eh
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2022, 7:18am (UTC)
👍1
Privilege Escalation to All-staff group
👉 https://hackerone.com/reports/1021460
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #snapsec
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2022, 11:55pm (UTC)
👉 https://hackerone.com/reports/1021460
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #snapsec
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2022, 11:55pm (UTC)
Accessing/Editing Folders of Other Users in the Orginisation.
👉 https://hackerone.com/reports/1025881
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #snapsec
🔹 State: 🟢 Resolved
🔹 Disclosed: October 29, 2022, 12:56am (UTC)
👉 https://hackerone.com/reports/1025881
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #snapsec
🔹 State: 🟢 Resolved
🔹 Disclosed: October 29, 2022, 12:56am (UTC)
Cross-site Scripting (XSS) - Reflected
👉 https://hackerone.com/reports/1183336
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 30, 2022, 9:54pm (UTC)
👉 https://hackerone.com/reports/1183336
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 30, 2022, 9:54pm (UTC)
Cross-Site Request Forgery (CSRF) to xss
👉 https://hackerone.com/reports/1183241
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 30, 2022, 9:54pm (UTC)
👉 https://hackerone.com/reports/1183241
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 30, 2022, 9:54pm (UTC)
XSS in SocialIcon Link
👉 https://hackerone.com/reports/1698652
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Linktree
🔹 Reported By: #sudi
🔹 State: 🟢 Resolved
🔹 Disclosed: October 31, 2022, 4:04am (UTC)
👉 https://hackerone.com/reports/1698652
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Linktree
🔹 Reported By: #sudi
🔹 State: 🟢 Resolved
🔹 Disclosed: October 31, 2022, 4:04am (UTC)
Authentication bypass for ███ leads to take over any users account.
👉 https://hackerone.com/reports/1608151
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Krisp
🔹 Reported By: #n0_m3rcy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 31, 2022, 5:56pm (UTC)
👉 https://hackerone.com/reports/1608151
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Krisp
🔹 Reported By: #n0_m3rcy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 31, 2022, 5:56pm (UTC)
IDOR in API applications (able to see any API token, leads to account takeover)
👉 https://hackerone.com/reports/1695454
🔹 Severity: Critical | 💰 500 USD
🔹 Reported To: Automattic
🔹 Reported By: #bugra
🔹 State: 🟢 Resolved
🔹 Disclosed: November 1, 2022, 10:46pm (UTC)
👉 https://hackerone.com/reports/1695454
🔹 Severity: Critical | 💰 500 USD
🔹 Reported To: Automattic
🔹 Reported By: #bugra
🔹 State: 🟢 Resolved
🔹 Disclosed: November 1, 2022, 10:46pm (UTC)
Stored XSS in intensedebate.com via the Comments RSS
👉 https://hackerone.com/reports/1664914
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Automattic
🔹 Reported By: #bugra
🔹 State: 🟢 Resolved
🔹 Disclosed: November 2, 2022, 9:20am (UTC)
👉 https://hackerone.com/reports/1664914
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Automattic
🔹 Reported By: #bugra
🔹 State: 🟢 Resolved
🔹 Disclosed: November 2, 2022, 9:20am (UTC)
CVE-2022-42916: HSTS bypass via IDN
👉 https://hackerone.com/reports/1753226
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #kurohiro
🔹 State: 🟢 Resolved
🔹 Disclosed: November 3, 2022, 12:19am (UTC)
👉 https://hackerone.com/reports/1753226
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #kurohiro
🔹 State: 🟢 Resolved
🔹 Disclosed: November 3, 2022, 12:19am (UTC)
Archived / Deleted / Private Poll Can Be Viewed by Another Users [Crowdsignal WordPress plugins]
👉 https://hackerone.com/reports/1711318
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #apapedulimu
🔹 State: 🟢 Resolved
🔹 Disclosed: November 3, 2022, 11:41am (UTC)
👉 https://hackerone.com/reports/1711318
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #apapedulimu
🔹 State: 🟢 Resolved
🔹 Disclosed: November 3, 2022, 11:41am (UTC)
Command injection in GitHub Actions ContainerStepHost
👉 https://hackerone.com/reports/1637621
🔹 Severity: No Rating | 💰 4,000 USD
🔹 Reported To: GitHub
🔹 Reported By: #jupenur
🔹 State: 🟢 Resolved
🔹 Disclosed: November 3, 2022, 3:33pm (UTC)
👉 https://hackerone.com/reports/1637621
🔹 Severity: No Rating | 💰 4,000 USD
🔹 Reported To: GitHub
🔹 Reported By: #jupenur
🔹 State: 🟢 Resolved
🔹 Disclosed: November 3, 2022, 3:33pm (UTC)
RepositoryPipeline allows importing of local git repos
👉 https://hackerone.com/reports/1685822
🔹 Severity: Medium | 💰 22,300 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2022, 3:43am (UTC)
👉 https://hackerone.com/reports/1685822
🔹 Severity: Medium | 💰 22,300 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2022, 3:43am (UTC)
DOS via move_issue
👉 https://hackerone.com/reports/1543584
🔹 Severity: Medium | 💰 2,300 USD
🔹 Reported To: GitLab
🔹 Reported By: #legit-security
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2022, 3:44am (UTC)
👉 https://hackerone.com/reports/1543584
🔹 Severity: Medium | 💰 2,300 USD
🔹 Reported To: GitLab
🔹 Reported By: #legit-security
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2022, 3:44am (UTC)
Path paths and file disclosure vulnerabilities at influxdb.quality.gitlab.net
👉 https://hackerone.com/reports/1643962
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: GitLab
🔹 Reported By: #otoyyy
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2022, 3:46am (UTC)
👉 https://hackerone.com/reports/1643962
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: GitLab
🔹 Reported By: #otoyyy
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2022, 3:46am (UTC)
DOS via issue preview
👉 https://hackerone.com/reports/1543718
🔹 Severity: High | 💰 7,640 USD
🔹 Reported To: GitLab
🔹 Reported By: #legit-security
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2022, 3:47am (UTC)
👉 https://hackerone.com/reports/1543718
🔹 Severity: High | 💰 7,640 USD
🔹 Reported To: GitLab
🔹 Reported By: #legit-security
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2022, 3:47am (UTC)
CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud
👉 https://hackerone.com/reports/1245165
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Acronis
🔹 Reported By: #mr-medi
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2022, 7:38pm (UTC)
👉 https://hackerone.com/reports/1245165
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Acronis
🔹 Reported By: #mr-medi
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2022, 7:38pm (UTC)
CVE-2022-35252: control code in cookie denial of service
👉 https://hackerone.com/reports/1686935
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2022, 2:50pm (UTC)
👉 https://hackerone.com/reports/1686935
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2022, 2:50pm (UTC)
Completely remove VPN profile from locked WARP iOS cient.
👉 https://hackerone.com/reports/1633231
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #joshatmotion
🔹 State: 🟢 Resolved
🔹 Disclosed: November 7, 2022, 10:59am (UTC)
👉 https://hackerone.com/reports/1633231
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #joshatmotion
🔹 State: 🟢 Resolved
🔹 Disclosed: November 7, 2022, 10:59am (UTC)
Bypass Cloudflare WARP lock on iOS.
👉 https://hackerone.com/reports/1542450
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #joshatmotion
🔹 State: 🟢 Resolved
🔹 Disclosed: November 7, 2022, 11:02am (UTC)
👉 https://hackerone.com/reports/1542450
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #joshatmotion
🔹 State: 🟢 Resolved
🔹 Disclosed: November 7, 2022, 11:02am (UTC)