| 4922 | SQL Injection in rog.asus.com |
SQL injection
Security code review |
Asus |
Corben Leo (@hacker_) |
Bug Bounty | 2017-11-30 | 2023-06-13 |
| 3668 | CVE-2019-18426 - WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE |
RCE
Stored XSS
CSP bypass
Arbitrary file read
Open redirect
Security code review |
Meta / Facebook (WhatsApp) |
Gal Weizman (@WeizmanGal) |
Bug Bounty | 2020-02-14 | 2023-06-13 |
| 3492 | Pentesting Cisco SD-WAN Part 2: Breaking Routers |
OS command injection
Security code review |
Cisco |
Julien Legras (@Julien_Legras) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3442 | Analysis and Discovery of CVE-2020-13693 |
Privilege escalation
Security code review |
BBPress |
Raphael Karger (@pwnszn) |
Bug Bounty | 2020-05-29 | 2023-06-13 |
| 3362 | Bypassing file upload filter by source code review in Bolt CMS |
RCE
Unrestricted file upload
Path traversal
Security code review |
Bolt CMS |
Sivanesh Ashok (@sivaneshashok) |
Bug Bounty | 2020-06-27 | 2023-06-13 |
| 3217 | Open Sesame: Escalating Open Redirect to RCE with Electron Code Review |
Open redirect
RCE
Security code review |
NA |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2020-08-14 | 2023-06-13 |
| 3071 | Weblogic RCE by only one GET request — CVE-2020–14882 Analysis |
RCE
Authentication bypass
Security code review |
Oracle (WebLogic) |
Nguyễn Tiến Giang (@testanull) |
Bug Bounty | 2020-10-28 | 2023-06-13 |
| 3020 | OpenEMR 5.0.1.3 Arbitrary File Actions |
Arbitrary file write
Arbitrary file read
Security code review |
OpenEMR |
Josh Fam (@Pullerze) |
Bug Bounty | 2020-11-17 | 2023-06-13 |
| 2901 | GoCD Multiple Vulnerabilities |
RCE
Information disclosure
Insecure deserialization
Security code review |
GoCD |
Denis Andzakovic |
Bug Bounty | 2021-01-12 | 2023-06-13 |
| 2596 | PHP Supply Chain Attack on Composer |
Argument injection
RCE
Supply chain attack
Security code review |
Packagist |
Thomas Chauchefoin (@swapgs) |
Bug Bounty | 2021-04-29 | 2023-06-13 |
| 2537 | 13 Nagios Vulnerabilities, #7 will SHOCK you! |
RCE
Local Privilege Escalation
XSS
Security code review |
Nagios |
Samir Ghanem (@sam0x21r) |
Bug Bounty | 2021-05-20 | 2023-06-13 |
| 2495 | Joomla Password Reset Vulnerability And A Stored XSS For Full Compromise |
Password reset
Stored XSS
Privilege escalation
RCE
Security code review |
NA |
Adrian Tiron (@Adrian__T) |
Bug Bounty | 2021-06-07 | 2023-06-13 |
| 2171 | CVE-2021-43136 – FormaLMS – The evil default value that leads to Authentication Bypass |
Authentication bypass
Security code review |
Forma LMS |
Cristian Giustini |
Bug Bounty | 2021-10-05 | 2023-06-13 |
| 2142 | Independently Secure, Together Not So Much – A Story Of 2 WP Plugins |
RCE
Race condition
Unrestricted file upload
Security code review |
NA |
Adrian Tiron (@Adrian__T) |
Bug Bounty | 2021-10-17 | 2023-06-13 |
| 2106 | Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 |
RCE
Insecure deserialization
Security code review |
Sitecore |
Shubham Shah (@infosec_au) |
Bug Bounty | 2021-11-01 | 2023-06-13 |
| 1810 | CVE-2022-0478 - WooCommerce Event-Manager Plugin SQL Injection |
SQL injection
Security code review |
Automattic (WooCommerce) |
Castilho (@castilho101) |
Bug Bounty | 2022-02-16 | 2023-06-13 |
| 1596 | [EN] Privileged account creation via Mass Assignment towards a full compromise using a Stored XSS |
Stored XSS
Mass assignment
Security code review |
pass Culture |
Aethlios (@AethliosIK) |
Bug Bounty | 2022-04-26 | 2023-06-13 |
| 1517 | DNN CMS Server-Side Request Forgery (CVE-2021-40186) |
SSRF
Security code review |
DNN (DotNetNuke) |
Appcheck NG |
Bug Bounty | 2022-05-26 | 2023-06-13 |
| 1047 | Skype for Business Audit Part 1 - SKYPErsistence |
Local Privilege Escalation
Windows
Security code review |
Microsoft |
Florian Hauser (@frycos) |
Bug Bounty | 2022-09-22 | 2023-06-13 |
| 1030 | Skype for Business Audit Part 2 - SKYPErimeterleak |
SSRF
Security code review |
Microsoft |
Florian Hauser (@frycos) |
Bug Bounty | 2022-09-26 | 2023-06-13 |
| 1002 | Securing Developer Tools: A New Supply Chain Attack on PHP |
Argument injection
RCE
Supply chain attack
Security code review |
Packagist |
Thomas Chauchefoin (@swapgs) |
Bug Bounty | 2022-10-04 | 2023-06-13 |
| 981 | VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability |
Insecure deserialization
Security code review |
VMware |
Marcin %27Icewall%27 Noga (@_Icewall) |
Bug Bounty | 2022-10-10 | 2023-06-13 |
| 959 | Weak private key generation in SSH.NET <= 2020.0.1 |
Weak crypto
Security code review |
SSH.NET |
Guillaume André (@yaumn_) |
Bug Bounty | 2022-10-14 | 2023-06-13 |
| 958 | Code Injection and SQLi in WP ALL Export Pro |
SQL injection
Security code review |
NA |
p3n7a90n (@p3n7a90n) |
Bug Bounty | 2022-10-14 | 2023-06-13 |
| 941 | Remote Code Execution in Melis Platform |
RCE
Path traversal
Insecure deserialization
Security code review |
Melis Platform |
Karim El Ouerghemmi |
Bug Bounty | 2022-10-18 | 2023-06-13 |
