| 5219 | Race conditions on Facebook, DigitalOcean and others (fixed) |
Race condition |
Meta / Facebook
DigitalOcean
LastPass |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2015-04-27 | 2023-06-13 |
| 5161 | Race conditions on the web |
Race condition |
Cobalt.io
Meta / Facebook
MEGA
Keybase |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2016-07-12 | 2023-06-13 |
| 5025 | Race Condition bypassing team limit |
Race condition |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-20 | 2023-06-13 |
| 4850 | The Fuzz…The Bug..The Action – A Race Condition bug in Facebook Chat Groups leads to spy on conversations! |
Race condition |
Meta / Facebook |
Seif Elsallamy (@seifelsallamy) |
Bug Bounty | 2018-02-23 | 2023-06-13 |
| 4111 | Chaining Improper Authorization To Race Condition To Harvest Credit Card Details : A Bug Bounty Story |
Authorization flaw
Race condition |
NA |
Mandeep Jadon (@1337tr0lls) |
Bug Bounty | 2019-06-13 | 2023-06-13 |
| 4043 | How I Could Have Hacked Any Instagram Account |
Race condition
Rate limiting bypass |
Meta / Facebook |
Laxman Muthiyah (@LaxmanMuthiyah) |
Bug Bounty | 2019-07-14 | 2023-06-13 |
| 3990 | BugBounty WriteUp — Creative thinking is our everything (Race Condition + Business Logic Error) |
Race condition
Logic flaw |
NA |
Oleksandr Opanasiuk (@Lekssik2) |
Bug Bounty | 2019-08-05 | 2023-06-13 |
| 3920 | Race Condition that could Result to RCE - (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3) |
Race condition
RCE
Unrestricted file upload |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-09-14 | 2023-06-13 |
| 3819 | Cracking reCAPTCHA, Turbo Intruder style |
Captcha bypass
Race condition |
Google |
James Kettle (@albinowax) |
Bug Bounty | 2019-11-20 | 2023-06-13 |
| 3622 | Breaking the Competition (Bug Bounty Write-up) |
Race condition
DoS
Logic flaw
Session management issue |
NA |
George O (@georgeomnet) |
Bug Bounty | 2020-03-08 | 2023-06-13 |
| 3547 | Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices |
Memory corruption
Race condition |
Qalcomm
Samsung |
Tamir Zahavi-Brunner (@tamir_zb) |
Bug Bounty | 2020-04-15 | 2023-06-13 |
| 3535 | Exploiting a Race Condition Vulnerability |
Race condition |
NA |
Vivek Kumar Singh (@v7nc3nz) |
Bug Bounty | 2020-04-22 | 2023-06-13 |
| 3533 | From P5 to P2, from nothing to 1000+$ |
Race condition
Self-XSS
Blind XSS |
NA |
Mohamed Daher (@DaherMohamed4) |
Bug Bounty | 2020-04-22 | 2023-06-13 |
| 3401 | Race Conditions - Exploring the Possibilities |
Race condition |
Reddit |
Milind Purswani (@MilindPurswani) |
Bug Bounty | 2020-06-11 | 2023-06-13 |
| 3397 | RACE Condition vulnerability found in bug-bounty program |
Race condition |
NA |
Pravinrp |
Bug Bounty | 2020-06-13 | 2023-06-13 |
| 3297 | Creative Android pin bypass with Race conditon |
Race condition
Authentication bypass |
NA |
Baluz (@t3chman) |
Bug Bounty | 2020-07-18 | 2023-06-13 |
| 3254 | Banning users Race condition |
Race condition |
NA |
Saddam Hussain (@wisdomfreak1) |
Bug Bounty | 2020-08-02 | 2023-06-13 |
| 2778 | Is Math.random() Safe? from missing rate limit to bypass 2fa and possible sqli |
Race condition
Lack of rate limiting
OTP bypass
SQL injection |
NA |
Yasser Mohammed (@boomneroli) |
Bug Bounty | 2021-02-20 | 2023-06-13 |
| 2696 | Finding and exploiting race condition vulnerability on facebook server |
Race condition |
Meta / Facebook |
Dewanand Vishal (@dewcode91) |
Bug Bounty | 2021-03-24 | 2023-06-13 |
| 2678 | GKE Autopilot Node Compromise via Race Condition |
Container escape |
Google |
Anthony Weems |
Bug Bounty | 2021-04-01 | 2023-06-13 |
| 2491 | Second Order Race Condition |
Race condition |
NA |
Prasoon Gupta (@0xdekster) |
Bug Bounty | 2021-06-10 | 2023-06-13 |
| 2461 | How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It |
Account takeover
MFA bypass
Rate limiting bypass
Race condition |
Apple |
Laxman Muthiyah (@laxmanmuthiyah) |
Bug Bounty | 2021-06-19 | 2023-06-13 |
| 2457 | Generate online votes using Race Condition Vulnerability in Woobox Web Application (Write Up) |
Race condition |
Woobox |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2021-06-23 | 2023-06-13 |
| 2142 | Independently Secure, Together Not So Much – A Story Of 2 WP Plugins |
RCE
Race condition
Unrestricted file upload
Security code review |
NA |
Adrian Tiron (@Adrian__T) |
Bug Bounty | 2021-10-17 | 2023-06-13 |
| 2102 | Multiple Concrete CMS Vulnerabilities ( Part1 – RCE ) |
RCE
Race condition |
Concrete CMS |
FORTBRIDGE (@FORTBRIDGE1) |
Bug Bounty | 2021-11-05 | 2023-06-13 |
