REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
WordPress
disclosed a bug submitted by
wshadow
Unauthenticated WordPress Database Repair DoS
18 Oct 2024
Mozilla
disclosed a bug submitted by
ghaazy
sentry Auth Token exposed publicly in docker hub image
18 Oct 2024
Mozilla
disclosed a bug submitted by
ghaazy
paypal cleient_id And stripe api key indexed on web arcive
18 Oct 2024
Mozilla
disclosed a bug submitted by
sushantd19
Race condition leads to add more than 5 email at Data breaches monitor system at https://stage.firefoxmonitor.nonprod.cloudops.mozgcp.net
18 Oct 2024
Mozilla
disclosed a bug submitted by
ghaazy
two aws access key and secret key and database username and password exposed
18 Oct 2024
Automattic
disclosed a bug submitted by
nightpool
Timeline API returns private post when target of a push notification
17 Oct 2024
GitHub
disclosed a bug submitted by
pinguluk
Information Leakage via Clicked Link in GitHub Repository (Fingerprinting)
17 Oct 2024
Sorare
disclosed a bug submitted by
thebeast99
Circular based introspetion Query leading to single request denial of service and cost consumption and query cost on api.sorare.com/graphql
17 Oct 2024
Internet Bug Bounty
disclosed a bug submitted by
4xpl0r3r
fs.fchown/fchmod bypasses permission model
16 Oct 2024
Enjin
disclosed a bug submitted by
ndizon_
Host header injection leads to account takeover
15 Oct 2024
Enjin
disclosed a bug submitted by
mo_salah12
Race Condition on Create API Function
15 Oct 2024
Rocket.Chat
disclosed a bug submitted by
yash24
IDOR vulnerability leads to Deleting message after leaving/getting banned from group using message ID
13 Oct 2024
GitHub
disclosed a bug submitted by
ahacker1
SAML Signature verification bypass allows logging into any user (with specific conditions)
10 Oct 2024
GitLab
disclosed a bug submitted by
a92847865
DOS: taking down a 1k users Gitlab EE instance or multiple Sidekiq instances by importing a malicious repo from a Github EE self-hosted server
09 Oct 2024
GitLab
disclosed a bug submitted by
fdeleite
Subdomain takeover in Gitlab pages
09 Oct 2024
MTN Group
disclosed a bug submitted by
m4lc0lmx
Remote code execution [CVE-2023-36845]
09 Oct 2024
inDrive
disclosed a bug submitted by
polem4rch
Change phone number OTP flaw leads to any phone number takeover
09 Oct 2024
Ruby on Rails
disclosed a bug submitted by
ooooooo_q
Path traversal in AcitveStorage, and lead RCE
08 Oct 2024
Ruby on Rails
disclosed a bug submitted by
trufflesecurity
Sauce Labs API key unencrypted in an old commit
08 Oct 2024
GitLab
disclosed a bug submitted by
cryptopone
HTML injection possible with soft email confirmations when Administrator manually confirms attacker email address
08 Oct 2024
1
...
57
58
59
60
61
...
831
BY DENIS WERNER - @NOBBD -
IMPRESSUM