| 3302 | I am able to see user’s sensitive data through JSON file. |
Information disclosure
Authorization flaw |
NA |
Saurabh siddharam sanmane (@saurabhsanmane2) |
Bug Bounty | 2020-07-17 | 2023-06-13 |
| 3300 | How I lost my followers on Medium |
GraphQL
Authorization flaw |
Medium |
Florian (@fh4ntke) |
Bug Bounty | 2020-07-17 | 2023-06-13 |
| 3285 | Hunting Android Application Bugs Using Android Studio. |
Authorization flaw
Client-side enforcement of server-side security
Information disclosure |
NA |
Tarek Mohammed (@Conan0x3) |
Bug Bounty | 2020-07-24 | 2023-06-13 |
| 3277 | CVE-2020–9934: Bypassing the macOS Transparency, Consent, and Control (TCC) Framework for unauthorized access to sensitive user data |
MacOS
Local Privilege Escalation
Authorization flaw |
Apple |
Matt Shockley (@mattshockl) |
Bug Bounty | 2020-07-27 | 2023-06-13 |
| 3271 | Authorization bypass in Google’s ticketing system (Google-GUTS) |
Authorization flaw |
Google |
Zohar Shachar |
Bug Bounty | 2020-07-28 | 2023-06-13 |
| 3268 | The Noob Way Of Taking Over Accounts |
Authorization flaw
Account takeover
Homograph attack |
NA |
Mudassir Sharief |
Bug Bounty | 2020-07-29 | 2023-06-13 |
| 3263 | New features means new bugs |
Logic flaw
Authorization flaw
Payment bypass |
NA |
Zseano (@zseano) |
Bug Bounty | 2020-07-30 | 2023-06-13 |
| 3205 | How could I Tag Photo to any user’s Scrapbook on Facebook |
Authorization flaw |
Meta / Facebook |
Raja Sudhakar (@Rajasudhakar) |
Bug Bounty | 2020-08-18 | 2023-06-13 |
| 3183 | Unhiding the hidden |
Client-side enforcement of server-side security
Authorization flaw
CSRF |
NA |
I am Broot |
Bug Bounty | 2020-08-31 | 2023-06-13 |
| 3104 | Weak Password Setting function on practo.com |
Authorization flaw |
Practo |
dark-haxor |
Bug Bounty | 2020-10-09 | 2023-06-13 |
| 3064 | Abusing %27Report Abuse%27 |
Logic flaw
Authorization flaw |
NA |
Aseem Shrey (@AseemShrey) |
Bug Bounty | 2020-10-31 | 2023-06-13 |
| 3057 | Forcing for a bounty$$ |
Authorization flaw |
NA |
Rafi Ahamed (Leonidas D. Ace) |
Bug Bounty | 2020-11-03 | 2023-06-13 |
| 3055 | Delete Any Photos In Facebook |
Authorization flaw
Logic flaw |
Meta / Facebook |
Lokesh Kumar (@lokeshdlk77) |
Bug Bounty | 2020-11-04 | 2023-06-13 |
| 3038 | User’s private watched videos/saved videos exposed through a messenger call from a locked smartphone. |
Information disclosure
Authorization flaw |
Meta / Facebook |
Samip Aryal (@samiparyal_) |
Bug Bounty | 2020-11-13 | 2023-06-13 |
| 2967 | Disclosing the members of private Facebook Group as a non-member. |
Authorization flaw
Logic flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2020-12-15 | 2023-06-13 |
| 2964 | JavaScript analysis leading to Admin portal access |
Authorization flaw
Broken Access Control |
NA |
Rikesh Baniya / NotRickyy (@rikeshbaniya) |
Bug Bounty | 2020-12-16 | 2023-06-13 |
| 2958 | Broken Access Control on samsung.com subdomain leads to Mass Account Takeover of Samsung employees application accounts |
Information disclosure
Account takeover
Authorization flaw |
Samsung |
Gal Nagli (@naglinagli) |
Bug Bounty | 2020-12-18 | 2023-06-13 |
| 2911 | How I was able to Regain access to account deleted by Admin leading to $$$ |
Logic flaw
Authorization flaw |
NA |
Rajesh Ranjan (@_rajesh_ranjan_) |
Bug Bounty | 2021-01-10 | 2023-06-13 |
| 2910 | Unauthorized Access to OData Entities + $2K Bounty From Microsoft |
Authorization flaw
Information disclosure |
Microsoft |
Borna Nematzadeh (@LogicalHunter) |
Bug Bounty | 2021-01-10 | 2023-06-13 |
| 2883 | Simple & Sweet: Bypass email update restriction to change emails of team members |
Logic flaw
Authorization flaw |
NA |
Sunil Yedla (@sunilyedla2) |
Bug Bounty | 2021-01-19 | 2023-06-13 |
| 2810 | How I Hacked Everyone’s Resume/CV’s and Got €€€ |
IDOR
Authorization flaw
Information disclosure |
NA |
Vishal Bharad |
Bug Bounty | 2021-02-14 | 2023-06-13 |
| 2751 | RocketChat - Unauthenticated access to messages |
Authorization flaw |
Rocket.Chat |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2021-03-01 | 2023-06-13 |
| 2750 | Join Facebook Group With Unpublish Page |
Authorization flaw |
Meta / Facebook |
gevakun |
Bug Bounty | 2021-03-01 | 2023-06-13 |
| 2694 | Multiple Authorization bypass issues in Google%27s Richmedia Studio |
Authorization flaw |
Google |
Zohar Shachar |
Bug Bounty | 2021-03-24 | 2023-06-13 |
| 2680 | My first Bug report at Facebook 2021 |
Logic flaw
Authorization flaw |
Meta / Facebook |
Kent Jarold Abulag (@wkemenhehehegsg) |
Bug Bounty | 2021-03-31 | 2023-06-13 |
