| 2567 | Simple logical Bug turned into a bounty |
Logic flaw |
Meta / Facebook |
Sndp Giri |
Bug Bounty | 2021-05-10 | 2023-06-13 |
| 2566 | Stored XSS to Organisation Takeover |
Stored XSS |
NA |
Zaid Bhat (@zaidozaid) |
Bug Bounty | 2021-05-10 | 2023-06-13 |
| 2565 | 2FA Verification Bypass in Shapeshift [shapeshift.com] (Write Up) |
MFA bypass |
Shapeshift |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2021-05-10 | 2023-06-13 |
| 2564 | CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data |
Privilege escalation |
Microsoft |
Intezer |
Bug Bounty | 2021-05-11 | 2023-06-13 |
| 2563 | CVE-2020-35580 |
LFI |
NA |
hateshape (@hateshaped) |
Bug Bounty | 2021-05-11 | 2023-06-13 |
| 2562 | My story of hacking Dutch Government |
XSS |
Dutch Government |
Tuhin Bose (@tuhin1729_) |
Bug Bounty | 2021-05-12 | 2023-06-13 |
| 2561 | How I find my first Stored XSS |
Stored XSS |
NA |
Filipe Azevedo (@filipaze_) |
Bug Bounty | 2021-05-13 | 2023-06-13 |
| 2560 | Counter-Strike Global Offsets: reliable remote code execution |
RCE |
Valve |
brymko (@brymko) |
Bug Bounty | 2021-05-13 | 2023-06-13 |
| 2559 | Blind XSS on Google Internal System |
Blind XSS |
Google |
Kailash (@Corrupted_brain) |
Bug Bounty | 2021-05-13 | 2023-06-13 |
| 2557 | Mass Assignment exploitation in the wild - Escalating privileges in style |
Mass assignment
Privilege escalation |
NA |
Gal Nagli (@naglinagli) |
Bug Bounty | 2021-05-14 | 2023-06-13 |
| 2556 | 2FA Bypass via Forced Browsing |
MFA bypass |
NA |
Akhil |
Bug Bounty | 2021-05-15 | 2023-06-13 |
| 2555 | How to prevent more than 200 million users from using Google services |
Logic flaw |
Google |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2021-05-16 | 2023-06-13 |
| 2554 | Edmodo Bug Bounty Writeup |
XSS |
Edmodo |
Pethuraj (@Pethuraj) |
Bug Bounty | 2021-05-16 | 2023-06-13 |
| 2553 | MSSQL Injection In JSON Request |
SQL injection |
NA |
Kailash (@Corrupted_brain) |
Bug Bounty | 2021-05-16 | 2023-06-13 |
| 2552 | Auth Bypass in https://nearbydevices-pa.googleapis.com |
Broken Access Control |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-05-16 | 2023-06-13 |
| 2551 | How i hijacked 12 Subdomains in one Program |
Subdomain takeover |
NA |
Naveen kumawat (@nvk0x) |
Bug Bounty | 2021-05-17 | 2023-06-13 |
| 2550 | My Fourth Account takeover through password reset |
Account takeover
Password reset |
NA |
Omar Hamdy (@seaman00o) |
Bug Bounty | 2021-05-17 | 2023-06-13 |
| 2549 | Clickjacking in Nearby Devices Dashboard |
Clickjacking |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-05-17 | 2023-06-13 |
| 2548 | Just Gopher It: Escalating a Blind SSRF to RCE for $15k |
SSRF
RCE |
NA |
SirLeeroyJenkins (@SirLeeroyJenkin) |
Bug Bounty | 2021-05-17 | 2023-06-13 |
| 2547 | Drupal Insecure Default Leads To Password Reset Poisoning |
Password reset
Host header injection |
Drupal |
Bogdan Tiron (@Bogdan___T) |
Bug Bounty | 2021-05-29 | 2023-06-13 |
| 2546 | Path Traversal in MobileSafari |
Path traversal |
Apple |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-05-18 | 2023-06-13 |
| 2545 | Finding my First Critical Web Cache Poisoning |
Web cache poisoning |
NA |
Yasser Khan (@N3T_hunt3r) |
Bug Bounty | 2021-05-18 | 2023-06-13 |
| 2544 | DOS & Stored HTML Injection Bug Bounty Writeup |
DoS
HTML injection |
NA |
RiotSecurityTeam (@RiotSecTeam) |
Bug Bounty | 2021-05-19 | 2023-06-13 |
| 2543 | Time-Based SQL Injection to Dumping the Database |
SQL injection
Android |
NA |
Naveen J (@thevillagehackr) |
Bug Bounty | 2021-05-19 | 2023-06-13 |
| 2542 | SSRF in PDF Renderer using SVG |
SSRF |
NA |
pwn.vg / Tomi (@mastomii) |
Bug Bounty | 2021-05-19 | 2023-06-13 |
