| 2672 | XSS in Large Messenger and Payment App - a Shout Out to Parameter Guessing |
XSS
HTML injection |
NA |
Lauritz Holtmann (@_lauritz_) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
| 2671 | Bragging Rights: Let’s head back to bug bucket |
XSS
IDOR
MFA bypass |
NA |
Manas Harsh (@ManasH4rsh) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
| 2670 | This Man Thought Opening A TXT File Is Fine, He Thought Wrong. MacOS CVE-2019-8761 |
MacOS
HTML injection |
Apple |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
| 2669 | Automate Cache Poisoning Vulnerability - Nuclei |
Web cache poisoning
Stored XSS |
NA |
Mohamed Elbadry (@_melbadry9) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
| 2668 | Gain write permission of repositories with a bug in GitHub Actions |
Broken Access Control
Logic flaw |
GitHub |
tyage (@tyage) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
| 2667 | Code execution as root via AT commands on the Quectel EG25-G modem |
OS command injection
RCE |
Quectel |
nns |
Bug Bounty | 2021-04-03 | 2023-06-13 |
| 2666 | RCE on Starbucks Singapore and more for $5600 |
RCE
Unrestricted file upload |
Starbucks |
Kamil Onur Özkaleli (@ko2sec) |
Bug Bounty | 2021-04-04 | 2023-06-13 |
| 2665 | Journeys in Quoteless and Multi Reflection XSS |
XSS |
NA |
Bend Theory (@bendtheory) |
Bug Bounty | 2021-04-04 | 2023-06-13 |
| 2664 | Remote code execution through unsafe unserialize in PHP |
Insecure deserialization
RCE |
NA |
Sjoerd Langkemper |
Bug Bounty | 2021-04-04 | 2023-06-13 |
| 2663 | Breaking GitHub Private Pages for $35k |
XSS
CRLF injection
Web cache poisoning |
GitHub |
Robert Chen (@NotDeGhost) |
Bug Bounty | 2021-04-04 | 2023-06-13 |
| 2662 | CSRF in YouTube Leanback API |
CSRF |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-04-05 | 2023-06-13 |
| 2661 | Intro to Open-source Bug Bounty |
Path traversal |
Mailtrain |
Arjun Shibu (@0xsegf) |
Bug Bounty | 2021-04-05 | 2023-06-13 |
| 2660 | Weird and very easy authentication bypass found with Google dorking |
Authentication bypass |
NA |
GrumpinouT (@RVerwilghen) |
Bug Bounty | 2021-04-05 | 2023-06-13 |
| 2659 | Cloud Based Storage Misconfigurations -> Critical Bounties |
Cloud storage misconfiguration |
NA |
Mikey (@mikey96_bh) |
Bug Bounty | 2021-04-05 | 2023-06-13 |
| 2658 | Apple TV for Fire OS code execution |
RCE
Insecure storage
Man-in-the-Disk attack |
Apple |
Razvan Sima (@0xraaz) |
Bug Bounty | 2021-04-05 | 2023-06-13 |
| 2657 | I Built a TV That Plays All of Your Private YouTube Videos |
CSRF |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-04-05 | 2023-06-13 |
| 2656 | Chaining an Blind SSRF bug to Get an RCE |
Blind SSRF
RCE |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-04-07 | 2023-06-13 |
| 2655 | What if you could deposit money into your Betting account for free? Oh wait where has this 25k came from… |
Logic flaw |
NA |
Mikey (@mikey96_bh) |
Bug Bounty | 2021-04-07 | 2023-06-13 |
| 2654 | (CRITICAL) Blind Storage XSS — My first Bug Bounty 💰 |
Blind XSS |
CS Money |
Benjamin Walter |
Bug Bounty | 2021-04-08 | 2023-06-13 |
| 2653 | Auth Issues |
Authentication flaw
Logic flaw |
Google |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2021-04-09 | 2023-06-13 |
| 2652 | Cookie poisoning leads to DoS and Privacy Violation |
DoS
SSRF |
CS Money |
Benjamin Walter |
Bug Bounty | 2021-04-09 | 2023-06-13 |
| 2650 | Unauthenticated Account Takeover Through Forget Password |
Password reset
Account takeover
Information disclosure |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-04-12 | 2023-06-13 |
| 2649 | ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3 |
RCE
Browser hacking |
Tesla
Google |
Chris Williams (@HawaiiFive0day) |
Bug Bounty | 2021-04-12 | 2023-06-13 |
| 2648 | You Talking To Me? |
RCE
Browser hacking |
Google |
Li JianTao (@cursered) |
Bug Bounty | 2021-04-12 | 2023-06-13 |
| 2647 | Exploiting Struts RCE on 2.5.26 |
RCE
Double OGNL evaluation |
Apache Struts |
Chris (@mc_0wn) |
Bug Bounty | 2021-04-12 | 2023-06-13 |
