2237 | GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink |
Logic flaw
Information disclosure |
GitHub |
Justin Steven (@justinsteven) |
Bug Bounty | 2021-09-08 | 2023-06-13 |
2236 | Change home directory and bypass TCC aka CVE-2020-27937 |
Privacy issue
MacOS |
Apple |
Wojciech Reguła (@_r3ggi) |
Bug Bounty | 2021-09-09 | 2023-06-13 |
2235 | Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances |
Container takeover
Container escape
Privilege escalation
Cloud |
Microsoft |
Unit 42 (@Unit42_Intel) |
Bug Bounty | 2021-09-09 | 2023-06-13 |
2234 | Mistuned Part 1: Client-side XSS to Calculator and More |
XSS
Memory corruption
iOS |
Apple |
CodeColorist (@codecolorist) |
Bug Bounty | 2021-09-10 | 2023-06-13 |
2231 | How I found my first AEM related bug. |
LFR |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2021-09-11 | 2023-06-13 |
2226 | Hacking CloudKit - How I accidentally deleted your Apple Shortcuts |
Logic flaw |
Apple |
Frans Rosén (@fransrosen) |
Bug Bounty | 2021-09-13 | 2023-06-13 |
2223 | Microsoft Azure Portal – Persistent Cross-Site Scripting |
Stored XSS |
Microsoft |
Christian Becker (@0xchrisb) |
Bug Bounty | 2021-09-15 | 2023-06-13 |
2219 | This is why you shouldn’t trust your Federated Identity Provider |
OAuth
Account takeover
Authentication bypass |
NA |
Soufiane Habti (@wld_basha) |
Bug Bounty | 2021-09-15 | 2023-06-13 |
2217 | Weaponizing Reflected XSS to Account Takeover |
XSS
Account takeover |
NA |
Hassan Shahid (@pwnsauc3) |
Bug Bounty | 2021-09-16 | 2023-06-13 |
2216 | A Small Tale of Account Takeover … |
IDOR
Account takeover |
NA |
Saugat Pokharel (@saugatpk5) |
Bug Bounty | 2021-09-16 | 2023-06-13 |
2214 | All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021–33035) |
RCE
Memory corruption |
Apache |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2021-09-17 | 2023-06-13 |
2213 | From Google Dorking to Information Disclosure |
Information disclosure
Missing authentication |
NA |
MikeChan |
Bug Bounty | 2021-09-18 | 2023-06-13 |
2212 | From phpinfo page to many P1 bugs and RCE. [Symfony] |
File disclosure
Information disclosure
RCE |
NA |
Abdelrahman Khaled |
Bug Bounty | 2021-09-18 | 2023-06-13 |
2211 | A small change, and things go in your hand : Story of a $250 bounty |
Information disclosure |
NA |
Fardeen Ahmed (@fardeenahmed411) |
Bug Bounty | 2021-09-18 | 2023-06-13 |
2210 | Admin access !! |
Privilege escalation
Broken Access Control |
NA |
th3.d1p4k (@DipakPanchal05) |
Bug Bounty | 2021-09-19 | 2023-06-13 |
2209 | Chaining bugs for better bounties |
SSRF
XSS
Information disclosure |
NA |
Manas Harsh (@ManasH4rsh) |
Bug Bounty | 2021-09-19 | 2023-06-13 |
2207 | 5 RCEs in npm for $15,000 |
RCE |
NA |
Robert Chen (@NotDeGhost) |
Bug Bounty | 2021-09-20 | 2023-06-13 |
2205 | RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through |
RCE
Path traversal |
Citrix Systems |
Markus Wulftange (@mwulftange) |
Bug Bounty | 2021-09-21 | 2023-06-13 |
2204 | Cookie Stealing via Clickjacking using Burp collaborator |
Clickjacking |
NA |
Anurag__Verma |
Bug Bounty | 2021-09-22 | 2023-06-13 |
2203 | A fever Worth 750$- [Accessing Private Projects ] |
IDOR
Information disclosure |
Mozilla |
Shakti Mohanty (@3ncryptSaan) |
Bug Bounty | 2021-09-22 | 2023-06-13 |
2200 | Super Admin panel without Credentials 😎 |
Authentication bypass |
NA |
Rizwan_siddiqui (@Rizwan_SiDdiqu1) |
Bug Bounty | 2021-09-22 | 2023-06-13 |
2197 | Bug-Bounty | FASTMAIL [topicbox.com: Privileges Escalation > Organization Takeover] |
Privilege escalation
Logic flaw |
Fastmail |
Mohammed ELdawody |
Bug Bounty | 2021-09-24 | 2023-06-13 |
2196 | Bug-Bounty | FASTMAIL [pobox.com : account takeover] |
Account takeover
Password reset |
Fastmail |
Mohammed ELdawody |
Bug Bounty | 2021-09-24 | 2023-06-13 |
2194 | Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program |
Information disclosure
Local Privilege Escalation
Privacy issue |
Apple |
Denis Tokarev / illusionofchaos |
Bug Bounty | 2021-09-24 | 2023-06-13 |
2191 | Attack Surface Analysis - Part 3 - Resurrected Code Execution |
RCE |
NA |
Parsia Hackerman (@cryptogangsta) |
Bug Bounty | 2021-09-26 | 2023-06-13 |