| 1519 | How an Open Redirection Leads to an Account Takeover? |
Open redirect
Account takeover |
NA |
Mahendra Purbia (@Mah3Sec_) |
Bug Bounty | 2022-05-26 | 2023-06-13 |
| 1518 | Social Media Take Over = Easy Money |
Broken link hijacking |
NA |
Jesse Clark (@Hogarth45_) |
Bug Bounty | 2022-05-26 | 2023-06-13 |
| 1517 | DNN CMS Server-Side Request Forgery (CVE-2021-40186) |
SSRF
Security code review |
DNN (DotNetNuke) |
Appcheck NG |
Bug Bounty | 2022-05-26 | 2023-06-13 |
| 1516 | Bygone Vulnerabilities - Remote Code Execution in IBM Lotus SameTime Clients (CVE-2013-0553) |
XSS
RCE |
IBM |
Brian (@hoyahaxa) |
Bug Bounty | 2022-05-27 | 2023-06-13 |
| 1515 | A Simple SQL Injection in an Air Force Website |
SQL injection |
U.S. Dept Of Defense |
Corben Leo (@hacker_) |
Bug Bounty | 2022-05-27 | 2023-06-13 |
| 1514 | Weird Email Verification Bypass |
Email verification bypass |
NA |
Vaibhav Atkale |
Bug Bounty | 2022-05-28 | 2023-06-13 |
| 1513 | Hall of Fame Vice Media ? hacking while sleepy… |
Subdomain takeover |
Vice Media |
Muhammad Syahrul Haniawan |
Bug Bounty | 2022-05-29 | 2023-06-13 |
| 1512 | Exploiting iOS app for fun and profit |
Account takeover
Information disclosure |
NA |
Bijan Murmu (@0xbijan) |
Bug Bounty | 2022-05-29 | 2023-06-13 |
| 1511 | External Authentication bypass in ingress-nginx |
Path traversal
Authentication bypass |
Kubernetes |
Niemiec Marcin (@xvnpw) |
Bug Bounty | 2022-05-29 | 2023-06-13 |
| 1510 | DOMAIN ADMIN Compromise in 3 HOURS |
Default credentials |
NA |
popalltheshells |
Bug Bounty | 2022-05-29 | 2023-06-13 |
| 1509 | Bypass CSP Using WordPress By Abusing Same Origin Method Execution |
CSP bypass
Same Origin Method Execution |
WordPress |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2022-05-29 | 2023-06-13 |
| 1508 | How to find & access Admin Panel by digging into JS files…🥰 |
Weak credentials
WAF bypass |
NA |
Ratnadip Gajbhiye (@scspcommunity) |
Bug Bounty | 2022-05-30 | 2023-06-13 |
| 1507 | Abusing Facebook’s feature for a permanent account confusion(logic vulnerability) |
MFA bypass
DoS
Logic flaw |
Meta / Facebook |
Liv |
Bug Bounty | 2022-05-31 | 2023-06-13 |
| 1506 | From open redirect to RCE in one week |
Open redirect
SSRF
Insecure deserialization
LFI
RCE |
Mail.ru |
byq (@ByQwert) |
Bug Bounty | 2022-05-31 | 2023-06-13 |
| 1505 | SQL injection to Remote Command Execution (RCE) |
SQL injection
RCE |
NA |
Kwadwo Amoako |
Bug Bounty | 2022-05-31 | 2023-06-13 |
| 1504 | How I found a GoldMine but got No Gold |
Old components with known vulnerabilities |
NA |
Muhammad Abdullah |
Bug Bounty | 2022-06-01 | 2023-06-13 |
| 1503 | Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ Bounty |
RCE |
Microsoft |
Chen Cohen (@chencococococo) |
Bug Bounty | 2022-06-01 | 2023-06-13 |
| 1502 | How I Mass hunt for Admin Panel Access…🤩 |
Default credentials |
Gemeente Delft (The City of Delft) |
Ratnadip Gajbhiye (@scspcommunity) |
Bug Bounty | 2022-06-02 | 2023-06-13 |
| 1501 | Is Exploiting A Null Pointer Deref For LPE Just A Pipe Dream? |
Memory corruption |
Microsoft (Bitdefender) |
Michael DePlante (@izobashi) |
Bug Bounty | 2022-06-02 | 2023-06-13 |
| 1500 | How Attacker could have suffocated the company staff |
Default credentials |
NA |
Muhammad Abdullah |
Bug Bounty | 2022-06-05 | 2023-06-13 |
| 1499 | If It’s a Feature!!! Let’s Abuse It for $750 |
CSRF |
NA |
Shakti Mohanty (@3ncryptSaan) |
Bug Bounty | 2022-06-05 | 2023-06-13 |
| 1498 | Ivanti EPM Remote Code Execution |
RCE
Components with known vulnerabilities |
NA |
Nick Berrie (@machevalia) |
Bug Bounty | 2022-06-05 | 2023-06-13 |
| 1497 | Another vision for SSRF |
SSRF |
NA |
phor3nsic (@phor3nsic_br) |
Bug Bounty | 2022-06-06 | 2023-06-13 |
| 1496 | Multiple vulnerabilities in Zyxel zysh |
OS command injection
Memory corruption |
Zyxel |
Marco Ivaldi / Raptor (@0xdea) |
Bug Bounty | 2022-06-07 | 2023-06-13 |
| 1495 | An unusual way to find XSS injection in one minute |
CSTI
XSS |
TimeWeb |
Andrey Onishchenko |
Bug Bounty | 2022-06-07 | 2023-06-13 |
