2467 | M1 Macs GateKeeper bypass aka CVE-2021-30658 |
Local Privilege Escalation |
Apple |
Wojciech Reguła (@_r3ggi) |
Bug Bounty | 2021-06-18 | 2023-06-13 |
2466 | Account takeover via stored XSS with arbitrary file upload |
Insecure file upload
XSS
Account takeover |
NA |
0xbadb00da (@0xbadb00da) |
Bug Bounty | 2021-06-18 | 2023-06-13 |
2465 | Accessing Restricted Documents With Extra JSON Body Content |
Mass assignment
Authorization flaw |
NA |
Imran Huda (@imranHudaA) |
Bug Bounty | 2021-06-18 | 2023-06-13 |
2464 | Exploiting File Upload Functionality in Unique Way. |
Unrestricted file upload |
NA |
Rohit Soni (@streetofhacker) |
Bug Bounty | 2021-06-19 | 2023-06-13 |
2463 | Zero Click account Takeover |
Account takeover
Password reset |
NA |
Zahir Tariq (@ZahirTariq3) |
Bug Bounty | 2021-06-19 | 2023-06-13 |
2462 | Full Local File Read via Error Based XXE using XLIFF File |
XXE |
NA |
pwn.vg / Tomi (@mastomii) |
Bug Bounty | 2021-06-19 | 2023-06-13 |
2460 | Unprivileged User with Read/Write permission to `User Access` can escalate their role to ADMIN — Privilege Escalation |
Privilege escalation |
NA |
Ertugrul Ozdemir (@ertugrulphp) |
Bug Bounty | 2021-06-20 | 2023-06-13 |
2458 | Cracking Encrypted Credit Card Numbers Exposed By API |
Information disclosure
Weak crypto |
NA |
Craig Hays (@craighays) |
Bug Bounty | 2021-06-22 | 2023-06-13 |
2456 | How i was able to get Appreciation from the organization of a website just by changing a sign..!!! |
Information disclosure
Source code disclosure |
NA |
Fardeen Ahmed (@fardeenahmed411) |
Bug Bounty | 2021-06-23 | 2023-06-13 |
2452 | Flywheel Subdomain Takeover |
Subdomain takeover |
NA |
Smaran Chand (@smaranchand) |
Bug Bounty | 2021-06-24 | 2023-06-13 |
2451 | A supply-chain breach: Taking over an Atlassian account |
XSS
CSRF |
Atlassian |
Dikla Barda, Yaara Shriki |
Bug Bounty | 2021-06-24 | 2023-06-13 |
2450 | PII Leakage - Revealing Secrets |
Information disclosure |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-06-25 | 2023-06-13 |
2449 | From Information Disclosure to interesting Privilege Escalation |
Information disclosure
Account takeover
Privilege escalation |
NA |
David Shaul (@dudy2kk) |
Bug Bounty | 2021-06-25 | 2023-06-13 |
2448 | Gaining access to protected components |
Vulnerable Android content provider
Android |
NA |
DavMehtab Zafar (@0xmzfr) |
Bug Bounty | 2021-06-25 | 2023-06-13 |
2447 | Some ways to find more IDOR |
IDOR |
NA |
Thái Vũ (@thaivd98) |
Bug Bounty | 2021-06-26 | 2023-06-13 |
2444 | Escalating XSS to Arbitrary File Read |
XSS
LFI |
NA |
Pethuraj (@Pethuraj) |
Bug Bounty | 2021-06-27 | 2023-06-13 |
2443 | Misconfigured $3 Bucket - A Semi Opened Environment |
AWS misconfiguration |
Redbull |
Yukesh Kumar (@3th1c_yuk1) |
Bug Bounty | 2021-06-27 | 2023-06-13 |
2440 | How I found my first Chrome bug (CVE-2021–21210) |
NAT Slipstreaming |
Google (Chrome) |
Daniel Santos (@bananabr) |
Bug Bounty | 2021-06-28 | 2023-06-13 |
2439 | gcp-dhcp-takeover-code-exec |
DHCP flood
VM takeover |
Google |
Imre Rad (@ImreRad) |
Bug Bounty | 2021-06-28 | 2023-06-13 |
2438 | How I was able to Takeover Accounts on Foxit.com |
Password reset
Account takeover |
NA |
Jefferson Gonzales (@gonzxph) |
Bug Bounty | 2021-06-29 | 2023-06-13 |
2437 | Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) |
RCE
Insecure deserialization |
NA |
Michael Stepankin (@artsploit) |
Bug Bounty | 2021-06-29 | 2023-06-13 |
2435 | Testing Cookies worth $500 |
Account takeover
IDOR |
NA |
Sankalpa Acharya (@sankalpa_02) |
Bug Bounty | 2021-06-30 | 2023-06-13 |
2432 | Blind XSS in Apple School- Enrollment Data Disclosure |
Blind XSS |
Apple |
hackrzvijay (@hackrzvijay) |
Bug Bounty | 2021-07-05 | 2023-06-13 |
2431 | Solarwinds Serv-U 15.2.3 Share URL XSS (CVE-2021-32604) |
XSS |
SolarWinds |
Victor Kahan |
Bug Bounty | 2021-07-06 | 2023-06-13 |
2430 | Exploiting Auto-save Functionality To Steal Login Credentials |
HTML injection |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2021-07-06 | 2023-06-13 |