1571 | Cloudflare Pages, part 1: The fellowship of the secret |
Command injection
Container escape
Bash Path injection
RCE
Local Privilege Escalation
Information disclosure |
Cloudflare |
Sean Yeoh (@seanyeoh) |
Bug Bounty | 2022-05-06 | 2023-06-13 |
1570 | The $16,000 Dev Mistake |
Information disclosure |
NA |
Daniel Marte (@Masonhck3571) |
Bug Bounty | 2022-05-07 | 2023-06-13 |
1569 | Its all about 2fa bypass, or Account Takeover |
Password reset
Account takeover
OTP bypass |
NA |
anjaneyulu kanakatla |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1568 | P1 Bug — PII information disclosure |
Information disclosure
IDOR |
NA |
Huntersherlock |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1567 | How I Paid For My Holiday With Bug Bounty |
XSS
Broken Access Control
IDOR
Unrestricted file upload |
NA |
Tobydavenn |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1566 | Can analyzing javascript files lead to remote code execution? |
Unrestricted file upload
RCE |
NA |
Asem Eleraky (@melotover) |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1565 | Account verification code bypass lead to a $4000 bounty |
OTP bypass |
NA |
Mohsin Khan (@tabaahi_) |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1564 | RCE via Dependency Confusion |
Dependency confusion |
NA |
Samrat Gupta (@Sm4rty_) |
Bug Bounty | 2022-05-10 | 2023-06-13 |
1563 | ResolveURI RXSS Imperva Waf Bypass |
XSS |
NA |
Ahsan Shahid (@hunter0x8) |
Bug Bounty | 2022-05-10 | 2023-06-13 |
1562 | The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… |
CSS injection
Clickjacking
Account takeover
XSS
Cookie bomb
Self-XSS
CSRF |
NA |
Renwa (@RenwaX23) |
Bug Bounty | 2022-05-10 | 2023-06-13 |
1561 | Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923) |
Active Directory Privilege Escalation |
Microsoft |
Oliver Lyak (@ly4k_) |
Bug Bounty | 2022-05-10 | 2023-06-13 |
1560 | Diving Into Pre-created Computer Accounts |
Active Directory
Local Privilege Escalation
Windows |
NA |
Oddvar Moe (@Oddvarmoe) |
Bug Bounty | 2022-05-10 | 2023-06-13 |
1559 | Spoofing SaaS Vanity URLs for Social Engineering Attacks |
URL spoofing |
Box
Zoom
Google |
Tal Peleg |
Bug Bounty | 2022-05-11 | 2023-06-13 |
1558 | Takeover seller accounts worth billions & millions |
IDOR
Account takeover |
NA |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2022-05-12 | 2023-06-13 |
1557 | New Wine in Old Bottle - Microsoft Sharepoint Post-Auth Deserialization RCE (CVE-2022-29108) |
Insecure deserialization
RCE |
Microsoft |
Nguyễn Tiến Giang (@testanull) |
Bug Bounty | 2022-05-12 | 2023-06-13 |
1556 | Forging OAuth tokens using discovered client id and client secret |
Information disclosure
Account takeover |
NA |
Basyouni (@AshrafBasyoni4) |
Bug Bounty | 2022-05-12 | 2023-06-13 |
1555 | From android app to access admin dashboard |
Exposed registration page
Account takeover |
NA |
Oday Alhalabi (@OdayAlhalabi) |
Bug Bounty | 2022-05-13 | 2023-06-13 |
1554 | My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information%27s & In Some cases Passwords At More Than 1000 Companies |
Exposed registration page |
NA |
Orwa Atyat (@GodfatherOrwa) |
Bug Bounty | 2022-05-14 | 2023-06-13 |
1552 | Impact of an Insecure DeepLink |
Insecure deeplink
Android |
CafeBazaar |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2022-05-16 | 2023-06-13 |
1551 | Hacking Swagger-UI - from XSS to account takeovers |
DOM XSS
Account takeover |
Shopify
Paypal
GitLab
Atlassian
Yahoo! / Verizon Media
Microsoft
Jamf |
Dawid Moczadło (@kannthu1) |
Bug Bounty | 2022-05-16 | 2023-06-13 |
1550 | Bypassing WAF to Weaponize a Stored XSS |
Stored XSS |
NA |
ne555 |
Bug Bounty | 2022-05-17 | 2023-06-13 |
1549 | Stealing Google Drive OAuth tokens from Dropbox |
CSRF
SSRF
Account takeover |
Dropbox |
Sivanesh Ashok (@sivaneshashok) |
Bug Bounty | 2022-05-17 | 2023-06-13 |
1548 | Kubernetes Privilege Escalation: Excessive Permissions in Popular Platforms |
Privilege escalation
Broken Access Control
Kubernetes |
Google
AWS
Microsoft
Red Hat |
Yuval Avrahami (@yuval_avrahami) |
Bug Bounty | 2022-05-17 | 2023-06-13 |
1547 | Vulnerability in Huawei%27s AppGallery can download paid apps for free |
Payment bypass
Logic flaw |
Huawei |
Dylan Roussel (@evowizz) |
Bug Bounty | 2022-05-18 | 2023-06-13 |
1546 | Variant Cloud Analysis |
Default credentials |
NA |
jspin (@jespinhara) |
Bug Bounty | 2022-05-18 | 2023-06-13 |