| 359 | CS-Cart PDF Plugin Unauthenticated Command Injection |
RCE
OS command injection
Security code review |
CS-Cart |
Ngo Wei Lin (@Creastery) |
Bug Bounty | 2023-03-03 | 2023-06-13 |
| 358 | Web Cache Poisoning - Capability to disable/deface the app.██████████.com (A tale of poisoning through the layers of caching) |
Web cache poisoning |
NA |
Ankit Singh (@AnkitCuriosity) |
Bug Bounty | 2023-03-03 | 2023-06-13 |
| 357 | GitHub Security Lab audited DataHub: Here’s what they found |
SSRF
Insecure deserialization
Cypher injection
Authentication bypass
Authorization bypass
XSS
Open redirect
JWT
JSON injection
Cryptographic issues
Session expiration issue
Security code review |
DataHub |
Alvaro Muñoz (@pwntester) |
Bug Bounty | 2023-03-03 | 2023-06-13 |
| 356 | Bypass TCC via iCloud |
TCC bypass
Local Privilege Escalation |
Apple (macOS) |
Wojciech Reguła (@_r3ggi) |
Bug Bounty | 2023-03-04 | 2023-06-13 |
| 355 | Unauthorized Access To Admin Panel via Swagger |
Missing authentication
Broken Access Control |
Coca-Cola |
Arman (@M7arm4n) |
Bug Bounty | 2023-03-04 | 2023-06-13 |
| 353 | 30-Minute Heist: How I Bagged a $1500 Bounty in Just few Minutes! |
Broken Access Control
Logic flaw |
NA |
Charlie : The Hacker |
Bug Bounty | 2023-03-04 | 2023-06-13 |
| 352 | JS file enumeration for bug bounty hunters |
Information disclosure
IDOR |
NA |
Aadarsh Anand (@ScreamZoro) |
Bug Bounty | 2023-03-04 | 2023-06-13 |
| 351 | Microsoft Word RTF Font Table Heap Corruption |
Memory corruption |
Microsoft (Office) |
Joshua J. Drake (@jduck) |
Bug Bounty | 2023-03-05 | 2023-06-13 |
| 350 | 500$ Bounty in just 5 minutes through Recon!!!! |
AWS misconfiguration
Cloud storage misconfiguration |
NA |
Himanshu Pdy (@himanshu_pdy) |
Bug Bounty | 2023-03-05 | 2023-06-13 |
| 348 | Protecting Android clipboard content from unintended exposure |
Android |
SHEIN |
Microsoft 365 Defender Research Team |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 347 | Exposing Users Table From a Leaky GraphQL Query |
GraphQL
Authorization flaw
Broken Access Control |
NA |
Inderjeet Singh - encodedguy (@3nc0d3dGuY) |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 346 | Accessing to Data Sources of any Facebook Business account via IDOR in GraphQL |
IDOR
GraphQL |
Meta / Facebook |
Mukund Bhuva (@MukundBhuva) |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 345 | Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002) |
Authentication bypass
Security code review
ColdFusion |
Mura CMS
Masa CMS |
Brian (@hoyahaxa) |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 344 | Insecure Toyota CRM exposed Mexican customer information |
Authentication bypass |
Toyota |
Eaton Z. (@XeEaton) |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 343 | Manipulating Encrypted Traffic for Manual and Automation |
Client-side encryption bypass
Bruteforce |
NA |
Sourav Kalal (@Ano_F_) |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 342 | Remote Stealth Brute-force of Oracle Database Passwords |
Bruteforce
Information disclosure
Authentication bypass
Components with known vulnerabilities |
NA |
Viktor Markopoulos |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 341 | A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithms |
Cryptographic issues
Buffer Overflow |
Python
PHP
PyPy
SHA3 for Ruby
Keccak Team |
Nicky Mouha |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 340 | Caveat Implementor! Key Recovery Attacks on MEGA |
Cryptographic issues |
MEGA |
Martin R. Albrecht (@martinralbrecht) |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 339 | Attacking .NET Web Services |
Security code review
Arbitrary file read
Arbitrary file write
SSRF |
Siemens |
b0yd (@rwincey) |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 338 | Feeding Tasty Objects to Visual Studio%27s App Center SDK for Apple |
Insecure deserialization
MacOS |
Microsoft |
Jenny (@OldM4nHunting) |
Bug Bounty | 2023-03-07 | 2023-06-13 |
| 337 | WordPress BuddyForms Plugin — Unauthenticated Insecure Deserialization (CVE-2023–26326) |
Insecure deserialization
Security code review
RCE |
NA |
Joshua Martinelle (@J0_mart) |
Bug Bounty | 2023-03-07 | 2023-06-13 |
| 336 | [Account Takeover] Don’t Send a Message to anyone Before Reading This [External Audit] |
HTTP response manipulation
Authentication bypass
Account takeover |
NA |
Vipul Sahu |
Bug Bounty | 2023-03-07 | 2023-06-13 |
| 335 | Unauthorized access to Codespace secrets in GitHub |
Logic flaw
Broken Access Control
Account takeover |
GitHub |
Ophion Security (@OphionSecurity) |
Bug Bounty | 2023-03-07 | 2023-06-13 |
| 334 | Subdomain Takeover: How a Misconfigured DNS Record Could Lead to a Huge Supply Chain Attack |
Subdomain takeover
Supply chain attack |
GitHub |
Gal Nagli (@naglinagli) |
Bug Bounty | 2023-03-08 | 2023-06-13 |
| 333 | The story of becoming a Super Admin |
Hardcoded credentials
Account takeover
Information disclosure |
NA |
Ömer Kepenek (@omer_kepenek) |
Bug Bounty | 2023-03-08 | 2023-06-13 |
