| 911 | The Logging Dead: Two Event Log Vulnerabilities Haunting Windows |
DoS |
Microsoft |
Dolev Taler |
Bug Bounty | 2022-10-25 | 2023-06-13 |
| 885 | 2FA Bypass due to information disclosure & Improper access control. |
DoS
MFA bypass |
NA |
Akash Hamal (@AkashHamal0x01) |
Bug Bounty | 2022-10-31 | 2023-06-13 |
| 879 | CVE−2022-3602: Punycode buffer overflow in OpenSSL |
Memory corruption
DoS |
OpenSSL |
Colm MacCárthaigh (@colmmacc) |
Bug Bounty | 2022-11-01 | 2023-06-13 |
| 838 | Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js |
RCE
Prototype pollution
DoS |
Rocket.Chat
NPM CLI
Parse Server
Node.js |
Mikhail Shcherbakov |
Bug Bounty | 2022-11-11 | 2023-06-13 |
| 713 | Public Report – VPN by Google One Security Assessment |
Android
iOS
DoS
Windows
MacoS
Local Privilege Escalation |
Google |
Daniel Romero (@daniel_rome) |
Bug Bounty | 2022-12-09 | 2023-06-13 |
| 694 | You’ve Crossed the Line — Disturbing a Host’s Rest |
Windows
MS-RPC
DoS |
Microsoft |
Ben Barnea (@nachoskrnl) |
Bug Bounty | 2022-12-14 | 2023-06-13 |
| 618 | Prototype Pollution in Python |
Prototype pollution
DoS |
NA |
Abdulraheem Khaled (@Abdulrah33mK) |
Bug Bounty | 2023-01-04 | 2023-06-13 |
| 611 | The SSRF that Brought down a Server |
SSRF
DoS |
NA |
g30rgy th3 d4rk (@Crypt0g30rgy) |
Bug Bounty | 2023-01-07 | 2023-06-13 |
| 578 | XML Security in Java |
XXE
Billion laugh attack
DoS |
NA |
Pieter De Cremer (@0xDC0DE) |
Bug Bounty | 2023-01-17 | 2023-06-13 |
| 573 | The MarkdownTime Vulnerability: How to Avoid This DoS Attack on Business Critical Services |
DoS |
GitLab
GitHub
commonmarker RubyGem |
Tor Beer (@tor19951) |
Bug Bounty | 2023-01-18 | 2023-06-13 |
| 520 | Can%27t Wait to Shut You Down — Remote DoS Using Wininit.exe |
DoS
MS-RPC
Windows |
Microsoft |
Stiv Kupchik (@kupsul) |
Bug Bounty | 2023-01-31 | 2023-06-13 |
| 512 | ImageMagick: The hidden vulnerability behind your online images |
Application-level DoS
Arbitrary file read
Security code review |
ImageMagick |
Bryan Gonzalez |
Bug Bounty | 2023-02-01 | 2023-06-13 |
| 510 | Vulnerability Causing Deletion of All Users in CrushFTP Admin Area |
Application-level DoS |
CrushFTP |
Jean Calvin Mugabo |
Bug Bounty | 2023-02-02 | 2023-06-13 |
| 461 | Zip bomb attack |
Zip bomb
DoS
Unrestricted file upload |
NA |
Ramkumar Nadar |
Bug Bounty | 2023-02-12 | 2023-06-13 |
| 441 | Server-side prototype pollution: Black-box detection without the DoS |
Server-side prototype pollution
RCE |
NA |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2023-02-15 | 2023-06-13 |
| 416 | With a single request, you can kill any Gitea server |
Application-level DoS |
Gitea |
Khaled Nassar (@knassar702) |
Bug Bounty | 2023-02-22 | 2023-06-13 |
| 273 | Expression DoS Vulnerability Found In Spring - CVE-2023-20861 |
DoS |
Spring |
Dan Glendowne |
Bug Bounty | 2023-03-22 | 2023-06-13 |
| 252 | CVE-2022-37734: graphql-java Denial-of-Service |
GraphQL
DoS
Security code review |
graphql-java |
Artem Logutov |
Bug Bounty | 2023-03-30 | 2023-06-13 |
| 217 | SQL Wildcard DoS - Hang Till Death |
DoS
File upload |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2023-04-08 | 2023-06-13 |
| 157 | New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP) |
DoS
UDP spoofing |
Service Location Protocol (SLP) |
Pedro Umbelino |
Bug Bounty | 2023-04-25 | 2023-06-13 |
| 93 | Linux IPv6 "Route of Death" 0day |
DoS
Kernel hacking
IPv6 |
Linux Kernel Organization |
Max VA (@maxpl0it) |
Bug Bounty | 2023-05-15 | 2023-06-13 |
| 83 | DOS via cache poisoning |
Web cache deception
DoS |
NA |
Allam Rachid (@blank_cold) |
Bug Bounty | 2023-05-17 | 2023-06-13 |
| 72 | DNS Recursion Leads to DoS Attack Vivo Play (IPTV) — CVE-2023–31893 |
DoS |
Vivo |
Shooter |
Bug Bounty | 2023-05-20 | 2023-06-13 |
| 25 | A short white box code audit of avo |
Stored XSS
DoS |
Avo |
Paul Werther |
Bug Bounty | 2023-06-05 | 2023-06-13 |
