2244 | SSRF in PDF export with PhantomJs |
SSRF
XSS
LFI |
NA |
أنس روبي (@xhzeem) |
Bug Bounty | 2021-09-07 | 2023-06-13 |
2156 | Exploiting HTML-to-PDF Converters through HTML Imports |
XSS
LFI |
NA |
Mohammed Diaa (@mhmdiaa) |
Bug Bounty | 2021-10-10 | 2023-06-13 |
2038 | VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability |
LFI
SSRF
XSS
Arbitrary file read |
VMware |
Khoa Dinh (@_l0gg) |
Bug Bounty | 2021-11-30 | 2023-06-13 |
1917 | 120 Days of High Frequency Hunting |
SSRF
LFI
Information disclosure
Broken Access Control
Authentication bypass
XSS
SQL injection |
NA |
Kuldeep Pandya (@kuldeepdotexe) |
Bug Bounty | 2022-01-15 | 2023-06-13 |
1901 | 120 Days of Frequent Hacking |
SSRF
LFI
Information disclosure
XSS
SQL injection |
NA |
Kuldeep Pandya (@kuldeepdotexe) |
Bug Bounty | 2022-01-21 | 2023-06-13 |
1899 | Path Traversal Paradise |
Path traversal
LFI |
NA |
Kuldeep Pandya (@kuldeepdotexe) |
Bug Bounty | 2022-01-23 | 2023-06-13 |
1788 | CVE-2021-45467: CWP CentOS Web Panel – preauth RCE |
RCE
LFI
Arbitrary file write |
Centos Web Panel (CWP) |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2022-01-22 | 2023-06-13 |
1780 | SSRF & LFI In Uploads Feature |
SSRF
LFI
HTML injection |
NA |
Raymond Lind |
Bug Bounty | 2022-02-26 | 2023-06-13 |
1776 | Pwning a Server using Markdown |
LFI
RCE |
Hashnode |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2022-02-28 | 2023-06-13 |
1709 | Targeting Visual Studio Code for macOS: File Discovery and a TCC bypass (kinda) |
Local Privilege Escalation
TCC bypass
MacoS |
Apple
Microsoft |
Alfie Champion (@ajpc500) |
Bug Bounty | 2022-03-21 | 2023-06-13 |
1639 | AWS RDS Vulnerability Leads to AWS Internal Service Credentials |
LFI |
AWS |
Gafnit Amiga (@gafnitav) |
Bug Bounty | 2022-04-11 | 2023-06-13 |
1588 | Sensitive Data Exfiltration through XSS ($450) |
Token leak |
NA |
Zulfi Al-Farizi |
Bug Bounty | 2022-04-30 | 2023-06-13 |
1575 | Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO) |
XSS
CSRF
Account takeover |
NA |
Zulfi Al-Farizi |
Bug Bounty | 2022-05-06 | 2023-06-13 |
1539 | Research: Auditing WordPress Plugins |
SQL injection
LFI
XSS
RCE |
NA |
cy//ective (@cyllective) |
Bug Bounty | 2022-05-20 | 2023-06-13 |
1506 | From open redirect to RCE in one week |
Open redirect
SSRF
Insecure deserialization
LFI
RCE |
Mail.ru |
byq (@ByQwert) |
Bug Bounty | 2022-05-31 | 2023-06-13 |
1388 | Advisory | GLPI Service Management Software Multiple Vulnerabilities and Remote Code Execution |
SQL injection
RCE
LFI |
GLPI |
Nuri Çilengir (@ncilengir) |
Bug Bounty | 2022-07-08 | 2023-06-13 |
1340 | Local File Inclusion (interesting method) |
LFI |
NA |
Captain hook |
Bug Bounty | 2022-07-19 | 2023-06-13 |
1269 | Stored XSS in app.gitbook.com |
Stored XSS |
GitBook |
Mohammad Alfin Hidayatullah (@Alpinbrainsec) |
Bug Bounty | 2022-08-08 | 2023-06-13 |
1209 | Critical Local File Read in Electron Desktop App |
LFI |
Asana |
Renwa (@RenwaX23) |
Bug Bounty | 2022-08-17 | 2023-06-13 |
915 | SSRF & LFI In Uploads Feature |
SSRF
LFI |
NA |
Raymond Lind |
Bug Bounty | 2022-10-24 | 2023-06-13 |
890 | CVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities |
RCE
Phar deserialization
Reflected XSS
XPATH injection
Path traversal
LFI |
Juniper |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2022-10-28 | 2023-06-13 |
841 | From Shodan Dork to Grafana 📊Local File Inclusion |
LFI
Old components with known vulnerabilities |
NA |
Anurag__Verma |
Bug Bounty | 2022-11-11 | 2023-06-13 |
748 | Bypassing The Client Side Encryption To Read Internal Windows Server Files |
Client-side encryption bypass
LFI
Security code review |
NA |
Abhishek Morla (@abhishekmorla) |
Bug Bounty | 2022-12-01 | 2023-06-13 |
742 | Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway |
XSS
CRLF injection
SSRF
LFI
Local Privilege Escalation
Arbitrary file read |
Proxmox |
JianTao Li (@cursered) |
Bug Bounty | 2022-12-02 | 2023-06-13 |
648 | How I found multiple critical bugs in Red Bull |
Authentication bypass
HTTP response manipulation
Path traversal
LFI
XSS
SQL injection
RCE
Unrestricted file upload
RFI
Security code review |
Red Bull |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-12-26 | 2023-06-13 |