| 1211 | Monitoring Linux host metrics with the Node Exporter information disclosure $350 |
Information disclosure
Missing authentication |
Slack |
Dhamotharan (@Dhamu_offi) |
Bug Bounty | 2022-08-16 | 2023-06-13 |
| 1193 | How a Port scan got me Nokia Hall of Fame |
Missing authentication
Information disclosure |
Nokia |
Mani Sashank |
Bug Bounty | 2022-08-22 | 2023-06-13 |
| 1155 | My findings on Hack U.S Program |
Missing authentication
.git folder disclosure
Information disclosure |
U.S. Dept Of Defense |
Charansai |
Bug Bounty | 2022-08-30 | 2023-06-13 |
| 1131 | Hacking My Helium Crypto Miner |
Hardcoded credentials
Missing authentication
RCE
Local Privilege Escalation |
Pycom |
Md. Asif Hossain (@0x0asif) |
Bug Bounty | 2022-09-05 | 2023-06-13 |
| 1015 | Orange Arbitrary Command Execution |
RCE
Docker daemon misconfiguration
Missing authentication |
Orange |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-09-29 | 2023-06-13 |
| 967 | Compromising a Backup System by iSCSI Interface During a Routine Penetration Test |
Missing authentication |
NA |
Bruno Oliveira |
Bug Bounty | 2022-10-13 | 2023-06-13 |
| 919 | Missing Authentication in ZKTeco ZEM/ZMM Web Interface |
Missing authentication |
ZKTeco |
RedTeam Pentesting (@RedTeamPT) |
Bug Bounty | 2022-10-24 | 2023-06-13 |
| 781 | Legally hacking a Government Satellite? |
Missing authentication
OS command injection
RCE |
NA |
RiotSecTeam (@RiotSecTeam) |
Bug Bounty | 2022-11-24 | 2023-06-13 |
| 690 | Unprotected API endpoint at HAwebsso.nl leads to data leak of +15k medical doctor usernames & password hashes |
SSO
IDOR
Missing authentication |
HAwebsso.nl |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2022-12-14 | 2023-06-13 |
| 508 | Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails |
RCE
Security code review
Missing authentication
Insecure deserialization |
IBM |
Maxwell Garrett (@TheGrandPew) |
Bug Bounty | 2023-02-02 | 2023-06-13 |
| 471 | Information disclosure or GDPR breach? A Google tale… |
Privacy issue
Information disclosure
Missing authentication |
Google |
Luke Berner |
Bug Bounty | 2023-02-10 | 2023-06-13 |
| 449 | Assumed Breach Assessment Case Study: Uncovering WeSecureApp’s Approach |
Internal pentest
Missing authentication
Hardcoded credentials
Cloud |
NA |
WeSecureApp (@wesecureapp) |
Bug Bounty | 2023-02-14 | 2023-06-13 |
| 408 | Exploit Airlines that use T-Mobile for Free WiFi |
Wifi
Payment bypass
MAC address spoofing
Missing authentication |
T-Mobile |
cylect.io (@cylect_io) |
Bug Bounty | 2023-02-23 | 2023-06-13 |
| 393 | Unauthenticated GraphQL Introspection and API calls |
GraphQL
Missing authentication |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2023-02-26 | 2023-06-13 |
| 355 | Unauthorized Access To Admin Panel via Swagger |
Missing authentication
Broken Access Control |
Coca-Cola |
Arman (@M7arm4n) |
Bug Bounty | 2023-03-04 | 2023-06-13 |
| 328 | The Silent Spy Among Us: Modern Attacks Against Smart Intercoms |
IoT
OS command injection
Missing authentication
MiTM
SIP |
Akuvox |
Claroty%27s Team82 (@Claroty) |
Bug Bounty | 2023-03-09 | 2023-06-13 |
| 232 | Holiday Hunting With Aquatone |
SSRF
Missing authentication
Information disclosure |
NA |
Kuldeep Pandya (@kuldeepdotexe) |
Bug Bounty | 2023-04-03 | 2023-06-13 |
| 68 | AEM Bug in Adobe |
AEM
Missing authentication
Security misconfiguration |
Adobe |
Muhammad Mater (@micro0x00) |
Bug Bounty | 2023-05-20 | 2023-06-13 |
| 48 | The 30000$ Bounty Affair. |
RCE
Missing authentication
Exposed Jenkins instance |
NA |
Gokulsspace (@GokTest) |
Bug Bounty | 2023-05-28 | 2023-06-13 |
