| 1964 | Remote Code Execution in Google Cloud Dataflow |
RCE |
Google |
Mike Brancato (@meatballninja) |
Bug Bounty | 2021-12-28 | 2023-06-13 |
| 1963 | Story of a weird CSRF bug |
CSRF |
NA |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2021-12-29 | 2023-06-13 |
| 1961 | Google Cloud Shell XSS |
XSS |
Google |
NDevTK (@ndevtk) |
Bug Bounty | 2021-12-30 | 2023-06-13 |
| 1960 | How I Am Able To Crash Anyone’s Mozilla Firefox Browser By Sending An Email |
DoS |
Mozilla |
Sam |
Bug Bounty | 2021-12-30 | 2023-06-13 |
| 1959 | WhatsApp for Android Retains Deleted Contacts Locally |
Privacy issue |
Meta / Facebook |
Nightwatch Cybersecurity (@nightwatchcyber) |
Bug Bounty | 2021-12-30 | 2023-06-13 |
| 1958 | Bypassing Identity-Aware Proxy - Google Cloud Vulnerability |
Authorization flaw
Token leak
OAuth |
Google |
SebLu |
Bug Bounty | 2021-12-30 | 2023-06-13 |
| 1957 | Here’s How I Could Read Anyone’s Apple ID Metrics Remotely. |
Information disclosure |
Apple |
Faizan Ahmad Wani |
Bug Bounty | 2021-12-30 | 2023-06-13 |
| 1956 | My first Google HOF |
Broken Access Control |
Google |
RV Sharma |
Bug Bounty | 2021-12-31 | 2023-06-13 |
| 1955 | Bug Hunting Journey of 2021 |
Stored XSS
Open redirect
Token leak
CSRF
Logic flaw
Information disclosure
IDOR
Account takeover |
NA |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2021-12-31 | 2023-06-13 |
| 1954 | Fixing the Unfixable: Story of a Google Cloud SSRF |
SSRF |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-12-31 | 2023-06-13 |
| 1953 | One Click To Account Takeover |
Mass assignment |
NA |
M7.Arman (@ArmanSecurity) |
Bug Bounty | 2022-01-01 | 2023-06-13 |
| 1952 | Abusing Business Logic of an Application to create backdoor in a form APP |
Logic flaw |
NA |
Snap Sec (@snap_sec) |
Bug Bounty | 2022-01-01 | 2023-06-13 |
| 1951 | A tale of zero click account takeover |
Account takeover
IDOR |
NA |
Veshraj Ghimire (@GhimireVeshraj) |
Bug Bounty | 2022-01-01 | 2023-06-13 |
| 1950 | doorLock: Apple HomeKit Denial of Service |
DoS |
Apple |
Trevor Spiniolas |
Bug Bounty | 2022-01-01 | 2023-06-13 |
| 1949 | The Story Of How I Bypass SSO Login |
Authentication bypass |
NA |
zer0d |
Bug Bounty | 2022-01-02 | 2023-06-13 |
| 1948 | Story of YouTube’s Unfixable Ads Bypass |
Logic flaw |
Google |
MrMax4o4 |
Bug Bounty | 2022-01-03 | 2023-06-13 |
| 1947 | How i was able to bypass a Pin code Protection |
Authorization flaw |
NA |
Kerolos sameh (@xko2xx) |
Bug Bounty | 2022-01-03 | 2023-06-13 |
| 1946 | IDOR leads to leak Private Details |
IDOR |
NA |
annonymous |
Bug Bounty | 2022-01-03 | 2023-06-13 |
| 1945 | P5 to P1: Interesting Account Takeover |
Account takeover
Session expiration issue
Password reset |
NA |
Tushar Sharma (@tusharSharma_0) |
Bug Bounty | 2022-01-03 | 2023-06-13 |
| 1944 | NPM might be executing malicious code in your CI without your knowledge |
RCE |
GitHub |
Rotem Bar (@rotembar) |
Bug Bounty | 2022-01-03 | 2023-06-13 |
| 1942 | SQL Injection - The File Upload Playground |
Unrestricted file upload
SQL injection |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-01-04 | 2023-06-13 |
| 1941 | thisclosed_#1 - Full Account Takeover of ANY user via Insecure Direct Object Reference (IDOR) on reset password functionality |
IDOR
Password reset
Account takeover |
NA |
Samuele Gugliotta (@indevi0us) |
Bug Bounty | 2022-01-04 | 2023-06-13 |
| 1940 | Breaking Parser Logic: Gain Access To NGINX Plus API — Read/Write Upstreams. |
Path traversal |
NA |
zoid (@z0idsec) |
Bug Bounty | 2022-01-05 | 2023-06-13 |
| 1939 | Accessing GoDaddy internal instance through an email logic bug. |
Logic flaw
Privilege escalation
Account takeover |
GoDaddy |
Mostafa Mamdoh |
Bug Bounty | 2022-01-05 | 2023-06-13 |
| 1938 | Authorization bypass — Gmail |
Spoofing |
Google |
7𝖍3𝖍4𝖈kv157 (@7h3h4ckv157) |
Bug Bounty | 2022-01-06 | 2023-06-13 |
