2543 | Time-Based SQL Injection to Dumping the Database |
SQL injection
Android |
NA |
Naveen J (@thevillagehackr) |
Bug Bounty | 2021-05-19 | 2023-06-13 |
2542 | SSRF in PDF Renderer using SVG |
SSRF |
NA |
pwn.vg / Tomi (@mastomii) |
Bug Bounty | 2021-05-19 | 2023-06-13 |
2540 | Third-Party Apps were still getting your private Facebook data even after their access expiry. |
Logic flaw |
Meta / Facebook |
Samip Aryal (@samiparyal_) |
Bug Bounty | 2021-05-20 | 2023-06-13 |
2536 | 403 Forbidden Bypass |
403 bypass
Forced browsing |
NA |
th3.d1p4k (@DipakPanchal05) |
Bug Bounty | 2021-05-21 | 2023-06-13 |
2535 | How I turned 0000 into $600: Phone Verification Bypass |
OTP bypass |
NA |
Shrirang Diwakar |
Bug Bounty | 2021-05-21 | 2023-06-13 |
2533 | Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device (500$) |
Information disclosure |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2021-05-21 | 2023-06-13 |
2532 | Finding and Exploiting Unintended Functionality in Main Web App APIs |
IDOR
Information disclosure
Privilege escalation |
NA |
Bend Theory (@bendtheory) |
Bug Bounty | 2021-05-21 | 2023-06-13 |
2531 | CORS misconfig that worths USD200 |
CORS misconfiguration |
NA |
MikeChan |
Bug Bounty | 2021-05-23 | 2023-06-13 |
2529 | Content Spoofing Vulnerability in Shibboleth Service Provider |
Content spoofing |
NA |
Toni Huttunen |
Bug Bounty | 2021-05-24 | 2023-06-13 |
2528 | Chaining XSS with authentication issues to turn it into full account takeover |
XSS
Account takeover |
NA |
N1GHTMAR3 (@n1ghtmar3_2421) |
Bug Bounty | 2021-05-24 | 2023-06-13 |
2526 | Stored XSS with two different parameters |
Reflected XSS |
NA |
Joel Cantu (@InfosecRintox) |
Bug Bounty | 2021-05-25 | 2023-06-13 |
2525 | GitLab Arbitrary File Read & Write through Kroki - CVE-2021-22203 |
Arbitrary file read |
NA |
Anh Duc Nguyen (@ledz1996) |
Bug Bounty | 2021-05-25 | 2023-06-13 |
2523 | How I hacked a Target again and again… |
OAuth
Account takeover
XSS
Broken Access Control |
NA |
Aditya Verma (@0cirius0) |
Bug Bounty | 2021-05-27 | 2023-06-13 |
2522 | Hey WAF! Better Luck Next Time! 👽 |
SQL injection |
NA |
Akash Rox Starz |
Bug Bounty | 2021-05-28 | 2023-06-13 |
2521 | Github, The Goldmine for P1s and P2s - Sensitive Information Exposure via Github by a Company Employee |
Information disclosure |
NA |
Savir Suda (@savxiety) |
Bug Bounty | 2021-05-28 | 2023-06-13 |
2519 | The beauty of chaining client-side bugs |
CRLF injection
XSS
CSP bypass
DoS
CSTI |
NA |
Master SEC (@MasterSEC_AR) |
Bug Bounty | 2021-05-29 | 2023-06-13 |
2518 | Account Takeover via iFrame Injection |
Iframe injection
Account takeover |
NA |
xbforce (@xbforce) |
Bug Bounty | 2021-05-29 | 2023-06-13 |
2516 | runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs (CVE-2021-30465) |
Kubernetes
Container escape |
Google |
Etienne Champetier / champtar |
Bug Bounty | 2021-05-30 | 2023-06-13 |
2515 | Escalating SSRF to Accessing all user PII information by aws metadata |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-05-31 | 2023-06-13 |
2512 | CVE-2021-29084: Exploiting CRLF Header Injection in Synology NAS for Unauthenticated File Downloads |
CRLF injection |
Synology |
Justin Taft |
Bug Bounty | 2021-06-01 | 2023-06-13 |
2511 | Escalating SSRF to Accessing all user PII information by aws metadata |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-06-01 | 2023-06-13 |
2510 | Admin Panel? Pwned! |
Information disclosure
Hardcoded credentials |
NA |
Splintersec (@splint3rsec) |
Bug Bounty | 2021-06-02 | 2023-06-13 |
2508 | Exploiting Open Redirect - Whitelist Bypass Using Salesforce Environment |
Open redirect
Token theft
Salesforce |
NA |
Gaurav Nayak (@4auvar) |
Bug Bounty | 2021-06-02 | 2023-06-13 |
2506 | Bypassing LFI (Local File Inclusion) |
LFI |
NA |
Abhishek (@abhishake21) |
Bug Bounty | 2021-06-03 | 2023-06-13 |
2505 | Server Side Request Forgery - A Forged Document |
SSRF
File upload |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-06-03 | 2023-06-13 |