2982 | Story of the best vulnerability I’ve found so far… |
Self-XSS
Blind XSS
Account takeover |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2020-12-07 | 2023-06-13 |
2981 | "Important, Spoofing" - zero-click, wormable, cross-platform remote code execution in Microsoft Teams |
RCE
Stored XSS
CSP bypass
CSTI |
Microsoft |
Oskars Vegeris |
Bug Bounty | 2020-12-07 | 2023-06-13 |
2977 | Hacking — Tamper with the URL Parameters, especially if they modify the page |
HTTP parameter pollution |
NA |
Jack |
Bug Bounty | 2020-12-09 | 2023-06-13 |
2976 | Content-Security-Policy Bypass to perform XSS using MIME sniffing |
XSS
CSP bypass |
NA |
Kleiton Kurti (@kleiton0x7e) |
Bug Bounty | 2020-12-10 | 2023-06-13 |
2973 | Exploiting new-era of Request forgery on mobile applications |
CSRF
Account takeover |
Pinterest |
Sayed Abdelhafiz (@dPhoeniixx) |
Bug Bounty | 2020-12-11 | 2023-06-13 |
2972 | How I dumped PII information of customers in an ecommerce site? |
AWS misconfiguration |
NA |
Rikesh Baniya / NotRickyy (@rikeshbaniya) |
Bug Bounty | 2020-12-11 | 2023-06-13 |
2971 | How i got my First Bug Bounty in Intersting Target (LFI to SXSS) |
LFI
Stored XSS |
NA |
Ph.Hitachi |
Bug Bounty | 2020-12-11 | 2023-06-13 |
2969 | Security Study of Service Worker Cross-Site Scripting. |
XSS
Service worker based XSS |
NA |
Phakpoom Chinprutthiwong |
Bug Bounty | 2020-12-11 | 2023-06-13 |
2967 | Disclosing the members of private Facebook Group as a non-member. |
Authorization flaw
Logic flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2020-12-15 | 2023-06-13 |
2966 | Download Filename Manipulation due to improper rendering of RTLO characters |
RTLO |
NA |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2020-12-15 | 2023-06-13 |
2964 | JavaScript analysis leading to Admin portal access |
Authorization flaw
Broken Access Control |
NA |
Rikesh Baniya / NotRickyy (@rikeshbaniya) |
Bug Bounty | 2020-12-16 | 2023-06-13 |
2962 | D-Link: Multiple Security Vulnerabilities Leading to RCE |
RCE
Authentication bypass
Information disclosure |
D-Link |
Harold Zang |
Bug Bounty | 2020-12-17 | 2023-06-13 |
2960 | My Bug Bounty Journey and My First Critical Bug — Time Based Blind SQL Injection |
SQL injection |
NA |
Marx Chryz |
Bug Bounty | 2020-12-17 | 2023-06-13 |
2959 | Misconfigured s3 bucket leads to Sensitive Data exposure(No super controls ) |
AWS misconfiguration |
NA |
Virdoexhunter |
Bug Bounty | 2020-12-18 | 2023-06-13 |
2956 | Worth $1,500 IDOR (Access Unauthorize Data) |
IDOR |
NA |
Muhammad Asim Shahzad (@protector47) |
Bug Bounty | 2020-12-20 | 2023-06-13 |
2955 | Facebook bug Bounty -Finding the hidden members of the private events. |
Information disclosure
Logic flaw |
Meta / Facebook |
Vivek ps (@vivekps143) |
Bug Bounty | 2020-12-20 | 2023-06-13 |
2952 | Hack crypto secrets from heap memory to exploit Android application |
Cryptographic issues |
NA |
secureITmania (@secureitmania) |
Bug Bounty | 2020-12-22 | 2023-06-13 |
2951 | Cookie Tossing to RCE on Google Cloud JupyterLab |
Self-XSS
DoS
CSRF
RCE |
Google |
s1r1us (@s1r1u5_) |
Bug Bounty | 2020-12-23 | 2023-06-13 |
2950 | Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge |
Prototype pollution |
Node.js third-party modules |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2020-12-23 | 2023-06-13 |
2948 | EN | Account Takeover via Web Cache Poisoning based Reflected XSS |
Reflected XSS
Web cache poisoning
Account takeover |
NA |
Lütfü Mert Ceylan (@lutfumertceylan) |
Bug Bounty | 2020-12-26 | 2023-06-13 |
2945 | Chaining CORS by Reflected xss to Account takeover #My first Blog |
CORS misconfiguration
Reflected XSS
Account takeover |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2020-12-26 | 2023-06-13 |
2944 | Regular expression injection, a code review low hanging fruit |
ReDoS |
NA |
Dominic (@dee__see) |
Bug Bounty | 2020-12-27 | 2023-06-13 |
2940 | Sensitive data leak using IDOR in integration service |
IDOR |
NA |
Ronak Patel (@ronak_9889) |
Bug Bounty | 2020-12-29 | 2023-06-13 |
2939 | Cache-Key Normalization - What could go wrong? |
Web cache poisoning
DoS |
NA |
Youstin (@iustinBB) |
Bug Bounty | 2020-12-29 | 2023-06-13 |
2935 | Cross Domain Referrer Leakage |
Cross-Domain Referrer Leakage |
NA |
Mohsinalibukc |
Bug Bounty | 2020-12-31 | 2023-06-13 |