| 2306 | Story Of Unexpected Bugs |
IDOR
XSS |
NA |
Neh Patel (@thecyberneh) |
Bug Bounty | 2021-08-22 | 2023-06-13 |
| 2305 | Server Side Request Forgery with huge impact in production application |
SSRF |
NA |
Gökhan Güzelkokar (@gkhck_) |
Bug Bounty | 2021-08-23 | 2023-06-13 |
| 2304 | Zoom RCE from Pwn2Own 2021 |
RCE
Memory corruption |
Zoom |
Thijs Alkemade (@xnyhps) |
Bug Bounty | 2021-08-23 | 2023-06-13 |
| 2303 | Hey Google ! - Delete my Data Properly — #GoogleVRP |
Logic flaw |
Google |
Sriram Kesavan (@sriramoffcl) |
Bug Bounty | 2021-08-23 | 2023-06-13 |
| 2302 | By Design: How Default Permissions on Microsoft Power Apps Exposed Millions |
Information disclosure |
Microsoft |
UpGuard Team (@upguard) |
Bug Bounty | 2021-08-23 | 2023-06-13 |
| 2301 | How i was able to steal private files of any user on Larksuite |
IDOR |
NA |
Imran Nissar (@Imrannissar3) |
Bug Bounty | 2021-08-24 | 2023-06-13 |
| 2300 | [$5K] Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO) |
Account takeover
Password reset
Information disclosure |
NA |
Aditya Sharma (@Assass1nmarcos) |
Bug Bounty | 2021-08-24 | 2023-06-13 |
| 2299 | One Endpoint, Two Account Takeovers |
Account takeover |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2021-08-24 | 2023-06-13 |
| 2298 | “How Companies Need to Widen There Scopes” |
RCE
Components with known vulnerabilities |
NA |
amnotacat |
Bug Bounty | 2021-08-25 | 2023-06-13 |
| 2297 | The Nomulus rift |
Insecure deserialization |
Google |
Imre Rad (@ImreRad) |
Bug Bounty | 2021-08-25 | 2023-06-13 |
| 2296 | Vulnerability in Bumble dating app reveals any user%27s exact location |
Information disclosure
Logic flaw |
Bumble |
Robert Heaton (@RobJHeaton) |
Bug Bounty | 2021-08-25 | 2023-06-13 |
| 2295 | Retrieve Archived Stories Of Any Public Instagram Account. |
IDOR
GraphQL |
Meta / Facebook |
Naveen |
Bug Bounty | 2021-08-25 | 2023-06-13 |
| 2294 | Business Logic Ratings Bug |
Logic flaw |
NA |
Maxwell Dulin (@Dooflin5) |
Bug Bounty | 2021-08-25 | 2023-06-13 |
| 2293 | Pwn2Own Vancouver 2021 :: Microsoft Exchange Server Remote Code Execution |
RCE
MiTM |
Microsoft |
Steven Seeley (@steventseeley) |
Bug Bounty | 2021-08-25 | 2023-06-13 |
| 2292 | Websocket Hijacking’ to steal Session_ID of victim users |
Cross-Site WebSocket Hijacking (CSWH) |
NA |
Sunil Yedla (@sunilyedla2) |
Bug Bounty | 2021-08-25 | 2023-06-13 |
| 2291 | Reflective XSS via search box [Bypassing Cloudflare WAF]. |
Reflected XSS |
NA |
Friendly (@SkeletorKeys) |
Bug Bounty | 2021-08-26 | 2023-06-13 |
| 2290 | Oauth client secret leak and possible IDOR leading to PII Disclosure |
IDOR
OAuth
Information disclosure |
NA |
Monke (@pmofcats) |
Bug Bounty | 2021-08-26 | 2023-06-13 |
| 2289 | ChaosDB: Critical Vulnerability in Microsoft Azure Cosmos DB |
Account takeover
Local Privilege Escalation |
Microsoft |
Nir Ohfeld (@nirohfeld) |
Bug Bounty | 2021-08-26 | 2023-06-13 |
| 2288 | How did I earned 6000$ from tokens and scopes in one day |
Authorization flaw
Privilege escalation |
NA |
Corraldev (@javier_corralg) |
Bug Bounty | 2021-08-27 | 2023-06-13 |
| 2287 | How I Scored 2K Bounty via an IDOR |
IDOR |
Mail.ru |
Sicksec (@OriginalSicksec) |
Bug Bounty | 2021-08-27 | 2023-06-13 |
| 2286 | Exploiting Devops -Leak Source codes |
Information disclosure |
NA |
Shivbihari Pandey (@ninja_pandit_) |
Bug Bounty | 2021-08-28 | 2023-06-13 |
| 2285 | SSRF External Service Interaction for Find Real IP CloudFlare and Leads to SQL Injection |
WAF bypass
SSRF
SQL injection |
NA |
Caesar Evan Santoso |
Bug Bounty | 2021-08-28 | 2023-06-13 |
| 2284 | Cache Poisoning via SelfXSS + Path Parameter |
XSS
Web cache poisoning |
NA |
ElMahdi Mrhassel (@ElMrhassel) |
Bug Bounty | 2021-08-28 | 2023-06-13 |
| 2283 | Bug Bounty: “My Remote Code Execution” |
Default credentials
RCE |
NA |
0xJin (@0xJin) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
| 2282 | Information disclosure via api misconfiguration |
Information disclosure |
NA |
Rizwan_siddiqui (@Rizwan_SiDdiqu1) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
