| 2735 | Finding Hidden Login Endpoint Exposing Secret `Client ID` |
Information disclosure |
NA |
Ahmad Halabi (@Ahmad_Halabi_) |
Bug Bounty | 2021-03-07 | 2023-06-13 |
| 2727 | Finding Basic Authtoken in JAVASCRIPT file BY Full Automation |
Information disclosure |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-03-10 | 2023-06-13 |
| 2718 | Facebook Group Members Disclosure. |
Information disclosure |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2021-03-15 | 2023-06-13 |
| 2717 | De-anonymize the members of a private Facebook Group as a non-member. |
GraphQL
Information disclosure |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2021-03-15 | 2023-06-13 |
| 2716 | API Misconfiguration which leads to unauthorized access to servicedesk tickets |
Information disclosure |
NA |
Gaurav Popalghat (@N008x) |
Bug Bounty | 2021-03-16 | 2023-06-13 |
| 2715 | Voice Confusion When Commenting On Watch Party |
Information disclosure |
Meta / Facebook |
Prakash Panta (@prakashpanta268) |
Bug Bounty | 2021-03-16 | 2023-06-13 |
| 2698 | Finding My First Critical Vulnerability |
Information disclosure |
NA |
Thexssrat (@theXSSrat) |
Bug Bounty | 2021-03-21 | 2023-06-13 |
| 2689 | Increasing impact of Information Disclosure — Full Account Takeover ! |
Information disclosure
Password reset |
NA |
Abhisek R (@abh1sek_r) |
Bug Bounty | 2021-03-26 | 2023-06-13 |
| 2677 | Zero click vulnerability in Apple’s macOS Mail |
Account takeover
Information disclosure
RCE |
Apple |
Mikko Kenttälä (@Turmio_) |
Bug Bounty | 2021-04-01 | 2023-06-13 |
| 2650 | Unauthenticated Account Takeover Through Forget Password |
Password reset
Account takeover
Information disclosure |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-04-12 | 2023-06-13 |
| 2646 | Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion |
LFI
Information disclosure |
NA |
Arben Shala (@arbennsh) |
Bug Bounty | 2021-04-13 | 2023-06-13 |
| 2624 | Auth Bypass in Google Workspace Real Time Collaboration |
Authentication bypass
Information disclosure |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-04-20 | 2023-06-13 |
| 2617 | PrivateDrop: Breaking and Fixing Apple AirDrop |
Privacy issue
Information disclosure |
Apple |
Alexander Heinrich |
Bug Bounty | 2021-04-21 | 2023-06-13 |
| 2600 | How did I earn €€€€ by breaking the back-end logic of the server |
Logic flaw
Information disclosure |
NA |
Dewanand Vishal (@dewcode91) |
Bug Bounty | 2021-04-28 | 2023-06-13 |
| 2598 | De-anonymising Anonymous Animals in Google Workspace |
Privacy issue
Information disclosure |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-04-29 | 2023-06-13 |
| 2594 | How I was able to Retrieve your Personal Documents using the Wayback Machine! |
Privacy issue
Information disclosure |
NA |
Savir Suda (@savxiety) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
| 2570 | Microsoft bug bounty writeup |
Information disclosure |
Microsoft |
th3.d1p4k (@DipakPanchal05) |
Bug Bounty | 2021-05-08 | 2023-06-13 |
| 2533 | Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device (500$) |
Information disclosure |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2021-05-21 | 2023-06-13 |
| 2532 | Finding and Exploiting Unintended Functionality in Main Web App APIs |
IDOR
Information disclosure
Privilege escalation |
NA |
Bend Theory (@bendtheory) |
Bug Bounty | 2021-05-21 | 2023-06-13 |
| 2521 | Github, The Goldmine for P1s and P2s - Sensitive Information Exposure via Github by a Company Employee |
Information disclosure |
NA |
Savir Suda (@savxiety) |
Bug Bounty | 2021-05-28 | 2023-06-13 |
| 2513 | Facebook Page Admin Disclosure |
Information disclosure |
Meta / Facebook |
Kunjan Nayak (@kunjannayak5) |
Bug Bounty | 2021-05-31 | 2023-06-13 |
| 2510 | Admin Panel? Pwned! |
Information disclosure
Hardcoded credentials |
NA |
Splintersec (@splint3rsec) |
Bug Bounty | 2021-06-02 | 2023-06-13 |
| 2488 | How I was able to bypass the admin panel without the credentials. |
Information disclosure |
NA |
Pratikkhalane (@KhalanePratik) |
Bug Bounty | 2021-06-12 | 2023-06-13 |
| 2458 | Cracking Encrypted Credit Card Numbers Exposed By API |
Information disclosure
Weak crypto |
NA |
Craig Hays (@craighays) |
Bug Bounty | 2021-06-22 | 2023-06-13 |
| 2456 | How i was able to get Appreciation from the organization of a website just by changing a sign..!!! |
Information disclosure
Source code disclosure |
NA |
Fardeen Ahmed (@fardeenahmed411) |
Bug Bounty | 2021-06-23 | 2023-06-13 |
