2319 | CVE-2021-22929 – Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware /Brave-Browser/tor/data/tor.log |
Privacy issue
Information disclosure |
Brave Software |
sickcodes (@sickcodes) |
Bug Bounty | 2021-08-16 | 2023-06-13 |
2317 | Dangling DNS: Announcekit |
Subdomain takeover |
NA |
Mohamed Elbadry (@_melbadry9) |
Bug Bounty | 2021-08-16 | 2023-06-13 |
2316 | Confirming any new Email Address bug in Facebook (Part-4) |
Rate limiting bypass |
Meta / Facebook |
Lokesh Kumar (@lokeshdlk77) |
Bug Bounty | 2021-08-17 | 2023-06-13 |
2314 | A New Attack Surface on MS Exchange Part 1 - ProxyLogon! |
RCE
Privilege escalation |
Microsoft |
Orange Tsai (@orange_8361) |
Bug Bounty | 2021-08-18 | 2023-06-13 |
2313 | Account Takeover via Access Token Leakage |
IDOR
Information disclosure
Account takeover |
NA |
Tuhin Bose (@tuhin1729_) |
Bug Bounty | 2021-08-19 | 2023-06-13 |
2310 | How I found my first Subdomain Takeover vulnerability |
Subdomain takeover
CSRF |
NA |
Monish Basaniwal |
Bug Bounty | 2021-08-20 | 2023-06-13 |
2309 | Playing With s3 Leaks |
AWS misconfiguration |
NA |
Aswin Thambi Panikulangara (@r0074g3n7) |
Bug Bounty | 2021-08-21 | 2023-06-13 |
2308 | How I was able to get 1000$ bounty from a ds-store file? |
Information disclosure
Debugging enabled |
NA |
Khaled Mohamed (@0xElkomy) |
Bug Bounty | 2021-08-21 | 2023-06-13 |
2307 | MonkeyType.com Stored Cross-Site Scripting |
Stored XSS
Authentication bypass
IDOR |
MonkeyType.com |
Tyle Butler (@tbutler0x90) |
Bug Bounty | 2021-08-22 | 2023-06-13 |
2306 | Story Of Unexpected Bugs |
IDOR
XSS |
NA |
Neh Patel (@thecyberneh) |
Bug Bounty | 2021-08-22 | 2023-06-13 |
2305 | Server Side Request Forgery with huge impact in production application |
SSRF |
NA |
Gökhan Güzelkokar (@gkhck_) |
Bug Bounty | 2021-08-23 | 2023-06-13 |
2303 | Hey Google ! - Delete my Data Properly — #GoogleVRP |
Logic flaw |
Google |
Sriram Kesavan (@sriramoffcl) |
Bug Bounty | 2021-08-23 | 2023-06-13 |
2301 | How i was able to steal private files of any user on Larksuite |
IDOR |
NA |
Imran Nissar (@Imrannissar3) |
Bug Bounty | 2021-08-24 | 2023-06-13 |
2300 | [$5K] Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO) |
Account takeover
Password reset
Information disclosure |
NA |
Aditya Sharma (@Assass1nmarcos) |
Bug Bounty | 2021-08-24 | 2023-06-13 |
2299 | One Endpoint, Two Account Takeovers |
Account takeover |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2021-08-24 | 2023-06-13 |
2298 | “How Companies Need to Widen There Scopes” |
RCE
Components with known vulnerabilities |
NA |
amnotacat |
Bug Bounty | 2021-08-25 | 2023-06-13 |
2294 | Business Logic Ratings Bug |
Logic flaw |
NA |
Maxwell Dulin (@Dooflin5) |
Bug Bounty | 2021-08-25 | 2023-06-13 |
2292 | Websocket Hijacking’ to steal Session_ID of victim users |
Cross-Site WebSocket Hijacking (CSWH) |
NA |
Sunil Yedla (@sunilyedla2) |
Bug Bounty | 2021-08-25 | 2023-06-13 |
2291 | Reflective XSS via search box [Bypassing Cloudflare WAF]. |
Reflected XSS |
NA |
Friendly (@SkeletorKeys) |
Bug Bounty | 2021-08-26 | 2023-06-13 |
2290 | Oauth client secret leak and possible IDOR leading to PII Disclosure |
IDOR
OAuth
Information disclosure |
NA |
Monke (@pmofcats) |
Bug Bounty | 2021-08-26 | 2023-06-13 |
2288 | How did I earned 6000$ from tokens and scopes in one day |
Authorization flaw
Privilege escalation |
NA |
Corraldev (@javier_corralg) |
Bug Bounty | 2021-08-27 | 2023-06-13 |
2286 | Exploiting Devops -Leak Source codes |
Information disclosure |
NA |
Shivbihari Pandey (@ninja_pandit_) |
Bug Bounty | 2021-08-28 | 2023-06-13 |
2285 | SSRF External Service Interaction for Find Real IP CloudFlare and Leads to SQL Injection |
WAF bypass
SSRF
SQL injection |
NA |
Caesar Evan Santoso |
Bug Bounty | 2021-08-28 | 2023-06-13 |
2284 | Cache Poisoning via SelfXSS + Path Parameter |
XSS
Web cache poisoning |
NA |
ElMahdi Mrhassel (@ElMrhassel) |
Bug Bounty | 2021-08-28 | 2023-06-13 |
2283 | Bug Bounty: “My Remote Code Execution” |
Default credentials
RCE |
NA |
0xJin (@0xJin) |
Bug Bounty | 2021-08-29 | 2023-06-13 |