| 4968 | Device Authorization Bypass! |
Authorization flaw |
NA |
Hassan Khan Yusufzai |
Bug Bounty | 2017-09-25 | 2023-06-13 |
| 4201 | Google Groups Authorization Bypass |
Authorization flaw |
Google |
Daniel Marad |
Bug Bounty | 2019-04-15 | 2023-06-13 |
| 3850 | Bypassing GitHub%27s OAuth flow |
OAuth
Authorization bypass |
GitHub |
Teddy Katz (@not_aardvark) |
Bug Bounty | 2019-11-05 | 2023-06-13 |
| 3639 | Account Hijack using Authorization bypass $$$$ |
Account takeover
Authorization flaw |
NA |
Bhavesh Thakur (@Bhavesh_Thakur_) |
Bug Bounty | 2020-02-28 | 2023-06-13 |
| 3271 | Authorization bypass in Google’s ticketing system (Google-GUTS) |
Authorization flaw |
Google |
Zohar Shachar |
Bug Bounty | 2020-07-28 | 2023-06-13 |
| 3109 | We Hacked Apple for 3 Months: Here’s What We Found |
RCE
Authentication bypass
Authorization bypass
SSRF
XXE
Blind XSS
IDOR
OS command injection
SQL injection |
Apple |
Sam Curry (@samwcyo) |
Bug Bounty | 2020-10-07 | 2023-06-13 |
| 3106 | Exploiting Admin Panel Like a Boss |
Authorization bypass
Weak credentials |
NA |
Shivam Kamboj Dattana (@sechunt3r) |
Bug Bounty | 2020-10-08 | 2023-06-13 |
| 3056 | From a 500 error to Django admin takeover |
Authorization bypass
Account takeover |
NA |
Shashank (@cyberboyIndia) |
Bug Bounty | 2020-11-03 | 2023-06-13 |
| 2694 | Multiple Authorization bypass issues in Google%27s Richmedia Studio |
Authorization flaw |
Google |
Zohar Shachar |
Bug Bounty | 2021-03-24 | 2023-06-13 |
| 1938 | Authorization bypass — Gmail |
Spoofing |
Google |
7𝖍3𝖍4𝖈kv157 (@7h3h4ckv157) |
Bug Bounty | 2022-01-06 | 2023-06-13 |
| 621 | Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More |
Account takeover
SSO
RCE
Authorization bypass
SQL injection
Mass assignment
Information disclosure |
Kia
Honda
Infiniti
Nissan
Acura
Mercedes-Benz
Hyundai
Genesis
BMW
Rolls Royce
Ferrari
Spireon
Ford
Reviver
Porsche
Toyota
Jaguar
Land Rover
SiriusXM |
Sam Curry (@samwcyo) |
Bug Bounty | 2023-01-03 | 2023-06-13 |
| 357 | GitHub Security Lab audited DataHub: Here’s what they found |
SSRF
Insecure deserialization
Cypher injection
Authentication bypass
Authorization bypass
XSS
Open redirect
JWT
JSON injection
Cryptographic issues
Session expiration issue
Security code review |
DataHub |
Alvaro Muñoz (@pwntester) |
Bug Bounty | 2023-03-03 | 2023-06-13 |
| 324 | Clipchamp ( Microsoft Office Product) - Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero Interaction Account takeover |
Authorization bypass
JWT
Account takeover |
Microsoft (ClipChamp) |
Vikas Anil Sharma (@vikzsharma) |
Bug Bounty | 2023-03-10 | 2023-06-13 |
| 274 | Improper Privilege Management in Grails Spring Security Core <= 5.1.0 (CVE-2022-41923) |
Privilege escalation
Authorization bypass |
Grails |
Benjamin Sepe (@Butanal_C4H8O) |
Bug Bounty | 2023-03-21 | 2023-06-13 |
| 231 | Pentah0wnage: Pre-Auth RCE in Pentaho Business Analytics Server |
RCE
SSTI
Authorization bypass
Groovy scripting |
Hitachi Vantara (Pentaho) |
Harry Withington |
Bug Bounty | 2023-04-04 | 2023-06-13 |
| 171 | GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts |
Cloud
OAuth
Authorization bypass |
Google (GCP) |
Astrix Security (@AstrixSecurity) |
Bug Bounty | 2023-04-20 | 2023-06-13 |
| 104 | Bypass IIS Authorisation with this One Weird Trick - Three RCEs and Two Auth Bypasses in Sitecore 9.3 |
RCE
Authorization bypass
Security code review |
Sitecore |
Dylan Pindur |
Bug Bounty | 2023-05-10 | 2023-06-13 |
