| 143 | Exploiting an Order of Operations Bug to Achieve RCE in Oracle Opera |
RCE
Unrestricted file upload
Path traversal
Security code review |
Oracle (Opera) |
Shubham Shah (@infosec_au) |
Bug Bounty | 2023-04-30 | 2023-06-13 |
| 139 | Azure Devops CICD Pipelines - Command Injection With Parameters, Variables And A Discussion On Runner Hijacking |
CI/CD
OS command injection
RCE |
Microsoft (Azure DevOps Pipelines) |
Sana Oshika (@bigshika) |
Bug Bounty | 2023-05-01 | 2023-06-13 |
| 138 | Apache Solr 8.3.1 RCE from exposed administration interface |
RCE
Unrestricted file upload
XSLT injection
Path traversal |
Apache Solr |
Nicolas Brunner |
Bug Bounty | 2023-05-01 | 2023-06-13 |
| 135 | SSD Advisory – KerioControl Remote Code Execution |
RCE
TAR path traversal |
GFI Software (KerioControl) |
Simon Janz |
Bug Bounty | 2023-05-02 | 2023-06-13 |
| 134 | CVE-2023-28231: RCE In The Microsoft Windows DHCPv6 Service |
RCE
Buffer Overflow
Memory corruption |
Microsoft (Windows) |
Guy Lederfein (@glederfein) |
Bug Bounty | 2023-05-02 | 2023-06-13 |
| 130 | When you%27re so bored, you start debugging someone else%27s code: bug hunting in a random Cloud-Native project |
SSTI
RCE |
Foreman |
ONSEC.io Research Team |
Bug Bounty | 2023-05-03 | 2023-06-13 |
| 114 | How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain |
RCE
Unrestricted file upload
Stored XSS
Information disclosure
Directory listing |
NA |
Aayush Vishnoi (@AayushVishnoi10) |
Bug Bounty | 2023-05-07 | 2023-06-13 |
| 112 | Sorting Your Way to Stolen Passwords |
Bruteforce
Cryptographic issues |
NA |
Nightbane (@Nightbanes) |
Bug Bounty | 2023-05-08 | 2023-06-13 |
| 110 | A deep-dive on Pluck CMS vulnerability CVE-2023-25828 |
Unrestricted file upload
RCE
Security code review |
Pluck CMS |
Matthew Hogg |
Bug Bounty | 2023-05-08 | 2023-06-13 |
| 109 | PwnAssistant - Controlling /home%27s Via A Home Assistant RCE |
Authentication bypass
RCE
Security code review
IoT |
Home Assistant |
elttam (@elttam) |
Bug Bounty | 2023-05-09 | 2023-06-13 |
| 106 | RCE due to Dependency Confusion — $5000 bounty! |
Dependency confusion
RCE |
NA |
Chevon Phillip (@ChevonPhillip) |
Bug Bounty | 2023-05-10 | 2023-06-13 |
| 104 | Bypass IIS Authorisation with this One Weird Trick - Three RCEs and Two Auth Bypasses in Sitecore 9.3 |
RCE
Authorization bypass
Security code review |
Sitecore |
Dylan Pindur |
Bug Bounty | 2023-05-10 | 2023-06-13 |
| 103 | What is kong & why we’re relying on it |
RCE
Sandbox escape
Authentication bypass
Hardcoded credentials
Broken Access Control
Privilege escalation
JWT |
Konga |
Laluka (@TheLaluka) |
Bug Bounty | 2023-05-10 | 2023-06-13 |
| 96 | CS:GO: From Zero to 0-day |
Game hacking
RCE
Memory corruption
Arbitrary file download
Arbitrary file write
DLL Hijacking
Privilege Escalation |
Valve (CS:GO) |
Felipe |
Bug Bounty | 2023-05-13 | 2023-06-13 |
| 94 | Pimcore: One click, two security vulnerabilities |
Path traversal
SQL injection
Arbitrary file write
RCE
Security code review |
Pimcore |
Yaniv Nizry (@YNizry) |
Bug Bounty | 2023-05-15 | 2023-06-13 |
| 91 | Triple Threat: Breaking Teltonika Routers Three Ways |
IoT
RCE
OS command injection
SSRF
XSS |
Teltonika |
Roni Gavrilov |
Bug Bounty | 2023-05-15 | 2023-06-13 |
| 87 | Unauthenticated Remote Command Execution in Multiple WAGO Products |
RCE
OS command injection
Security code review |
WAGO |
Quentin Kaiser (@QKaiser) |
Bug Bounty | 2023-05-16 | 2023-06-13 |
| 86 | Hardcore RCE via directory name for $3.000 |
RCE
OS command injection
Security code review |
NA |
Lev Shmelev |
Bug Bounty | 2023-05-16 | 2023-06-13 |
| 64 | Red team: Journey from RCE to have total control of cloud infrastructure |
RCE
SSTI
Container escape
Kubernetes
Components with known vulnerabilities
CI/CD |
NA |
Quang Vo (@mr_r3bot) |
Bug Bounty | 2023-05-22 | 2023-06-13 |
| 53 | Exploiting The Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight |
Memory corruption
RCE
Out-of-bounds Read |
Sonos |
The ZDI Research Team (@thezdi) |
Bug Bounty | 2023-05-25 | 2023-06-13 |
| 52 | Exploring Three Remote Code Execution Vulnerabilities in RPC Runtime |
RCE
MS-RPC
Integer overflow
Memory corruption |
Microsoft (Windows) |
Ben Barnea (@nachoskrnl) |
Bug Bounty | 2023-05-26 | 2023-06-13 |
| 49 | Anonymised Penetration Test Report |
Internal pentest
RCE
ADCS
Active Directory
Kerberos
DHCPv6
LLMNR |
NA |
Volkis (@VolkisAU) |
Bug Bounty | 2023-05-28 | 2023-06-13 |
| 48 | The 30000$ Bounty Affair. |
RCE
Missing authentication
Exposed Jenkins instance |
NA |
Gokulsspace (@GokTest) |
Bug Bounty | 2023-05-28 | 2023-06-13 |
| 44 | VSCode Remote Code Execution advisory |
RCE
Thick client
Local Privilege Escalation |
Microsoft VSCode) |
Ammar Askar |
Bug Bounty | 2023-05-30 | 2023-06-13 |
| 40 | Kramer VIA GO² – Multiple issues |
RCE
SQL injection
Arbitrary file upload
Arbitrary file read |
Kramer |
Jim Rush (@JimSRush) |
Bug Bounty | 2023-05-31 | 2023-06-13 |
