2763 | CVE-2020–13956 |
Blind SSRF
URL parsing issue |
Apache HttpClient |
Priyank (@Rev_Octo) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
2762 | Somebody Call The Plumber, GraphQL is Leaking Again… |
Information disclosure
GraphQL |
NA |
N0ur5 |
Bug Bounty | 2021-02-27 | 2023-06-13 |
2761 | Story About Stop 10000+ users to get Their job notification |
Logic flaw |
NA |
PJBorah |
Bug Bounty | 2021-02-27 | 2023-06-13 |
2760 | Host MITM attack via IPv6 rogue router advertisements (K8S CVE-2020-10749 / Docker CVE-2020-13401 / LXD / WSL2 / ...) |
MiTM |
Kubernetes |
Etienne Champetier / champtar |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2759 | Kubernetes man in the middle using LoadBalancer or ExternalIPs (CVE-2020-8554) |
MiTM |
Kubernetes |
Etienne Champetier / champtar |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2758 | Any Account Takeover Through Privilege Escalation |
Privilege escalation
Account takeover |
NA |
Shubham Chaskar (@chaskar_shubham) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2757 | Somebody Call The Plumber, GraphQL is Leaking Again… |
Information disclosure
GraphQL |
NA |
N0ur5 |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2755 | Bragging Rights: Killing File Uploads softly |
Unrestricted file upload
Stored XSS |
NA |
Manas Harsh (@ManasH4rsh) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2754 | Admin Panel Accessed Via SQL Injection… (Ezy Boooom…😅) |
SQL injection |
NA |
Ratnadip Gajbhiye (@scspcommunity) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2753 | Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape |
RCE |
NA |
Alex Chapman (@ajxchapman) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2752 | SSRF to fetch AWS credentials with full access to multiple services |
SSRF |
NA |
Zonduhackerone (@zonduu1) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2751 | RocketChat - Unauthenticated access to messages |
Authorization flaw |
Rocket.Chat |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2021-03-01 | 2023-06-13 |
2749 | Secret Key Exposure in API Config Directory |
Information disclosure |
NA |
Ahmad Halabi (@Ahmad_Halabi_) |
Bug Bounty | 2021-03-01 | 2023-06-13 |
2748 | Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure |
CORS misconfiguration
Information disclosure |
NA |
Harsh Parekh (@notmarshmllow) |
Bug Bounty | 2021-03-01 | 2023-06-13 |
2747 | GKE Autopilot Node Compromise via local-storage PersistentVolume |
Container escape |
Google |
Anthony Weems |
Bug Bounty | 2021-03-01 | 2023-06-13 |
2746 | Microsoft Edge Browser For IOS - Address Bar Spoofing Vulnerability |
Address Bar Spoofing |
Microsoft |
Rafay Baloch (@rafaybaloch) |
Bug Bounty | 2021-03-02 | 2023-06-13 |
2740 | Leveraging Template injection to takeover an account. |
CSTI
XSS |
NA |
Akash Methani (@0xAkash) |
Bug Bounty | 2021-03-04 | 2023-06-13 |
2739 | GKE Autopilot Node Compromise via startup-script |
Container escape |
Google |
Anthony Weems |
Bug Bounty | 2021-03-05 | 2023-06-13 |
2736 | Exploiting a hidden and forgotten Bug |
SSRF |
NA |
Aditya Verma (@0cirius0) |
Bug Bounty | 2021-03-07 | 2023-06-13 |
2735 | Finding Hidden Login Endpoint Exposing Secret `Client ID` |
Information disclosure |
NA |
Ahmad Halabi (@Ahmad_Halabi_) |
Bug Bounty | 2021-03-07 | 2023-06-13 |
2729 | Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover |
HTTP request smuggling
XSS |
NA |
Kleiton Kurti (@kleiton0x7e) |
Bug Bounty | 2021-03-09 | 2023-06-13 |
2728 | Dangling DNS Records on surf-test.xwf.internet.org (Amazon EC2)! |
Subdomain takeover
Dangling DNS records |
Meta / Facebook |
Binit Ghimire (@WHOISbinit) |
Bug Bounty | 2021-03-10 | 2023-06-13 |
2727 | Finding Basic Authtoken in JAVASCRIPT file BY Full Automation |
Information disclosure |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-03-10 | 2023-06-13 |
2726 | Chain of Low Level Bugs and Misconfigurations Leads to Account Takeover |
Reflected XSS
Clickjacking
Account takeover |
NA |
pleorqy (@pleorqy) |
Bug Bounty | 2021-03-10 | 2023-06-13 |
2725 | Business Logic Error on Registration Leads to SMS Validation Bypass |
MFA bypass |
NA |
pleorqy (@pleorqy) |
Bug Bounty | 2021-03-10 | 2023-06-13 |