2190 | Improper phone number validation to account takeover |
Logic flaw
OTP bypass
Account takeover |
NA |
shesha sai_c (@Cyb3r_4ss4s1n) |
Bug Bounty | 2021-09-27 | 2023-06-13 |
2189 | CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux |
Verbose logging |
Tor |
sickcodes (@sickcodes) |
Bug Bounty | 2021-09-27 | 2023-06-13 |
2186 | Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS) |
Stored XSS |
Apple |
Bobby Rauch / Bobbyr |
Bug Bounty | 2021-09-28 | 2023-06-13 |
2185 | "A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild |
Prototype pollution
XSS |
Apple
Atlassian
Mozilla
HubSpot
Segment Analytics |
Sergey Bobrov (@black2fan) |
Bug Bounty | 2021-09-28 | 2023-06-13 |
2180 | Expect The Unexpected: Discovering fresh ZeroDay for Bounty |
Logic flaw
Information disclosure |
NA |
Sina Kheirkhah (@SinSinology) |
Bug Bounty | 2021-09-30 | 2023-06-13 |
2178 | vScalation (CVE-2021-22015)- Local Privilege Escalation in VMware vCenter |
Local Privilege Escalation |
VMware |
Yuval Lazar |
Bug Bounty | 2021-11-30 | 2023-06-13 |
2177 | Privilege Escalation to stored XSS |
Privilege escalation
HTTP response manipulation
Stored XSS |
NA |
Rohit Kumar (Rohit_443) |
Bug Bounty | 2021-10-01 | 2023-06-13 |
2176 | The Discovery Of Gatekeeper Bypass CVE-2021-1810 |
Logic flaw |
Apple |
Rasmus Sten (@pajp) |
Bug Bounty | 2021-10-01 | 2023-06-13 |
2175 | Pre-Auth SSRF To Full MailBox Access (Microsoft Exchange Server Exploit) |
SSRF |
NA |
Vanshal Gaur (@VanshalG) |
Bug Bounty | 2021-10-02 | 2023-06-13 |
2172 | Bypassing 403 Protection To Get Pagespeed Admin Access |
403 bypass |
NA |
Prajit Sindhkar (@PrajitSindhkar) |
Bug Bounty | 2021-10-04 | 2023-06-13 |
2171 | CVE-2021-43136 – FormaLMS – The evil default value that leads to Authentication Bypass |
Authentication bypass
Security code review |
Forma LMS |
Cristian Giustini |
Bug Bounty | 2021-10-05 | 2023-06-13 |
2170 | CVE-2021-26084 |
RCE |
Atlassian |
snowyyowl (@bennyyjacob) |
Bug Bounty | 2021-10-05 | 2023-06-13 |
2169 | How I got access to many PIIs through a source code leak |
Information disclosure |
NA |
Supras (@LdrTom) |
Bug Bounty | 2021-10-05 | 2023-06-13 |
2167 | CSRF to one tray Red-bull |
CSRF |
Redbull |
Mohammed Saneem |
Bug Bounty | 2021-10-06 | 2023-06-13 |
2165 | CVE-2021-26420: Remote Code Execution In Sharepoint Via Workflow Compilation |
RCE |
Microsoft |
- |
Bug Bounty | 2021-10-06 | 2023-06-13 |
2164 | Accessing Apple’s internal UAT Slackbot for fun and non-profit |
Authorization flaw |
Apple |
Shail Patel (@shail_official) |
Bug Bounty | 2021-10-07 | 2023-06-13 |
2163 | Request Smuggling In Major Crypto Site — road to disappointment |
HTTP Header Smuggling |
NA |
CeloIme Prezime |
Bug Bounty | 2021-10-09 | 2023-06-13 |
2162 | Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage |
Information disclosure |
NA |
MikeChan |
Bug Bounty | 2021-10-09 | 2023-06-13 |
2160 | Account Takeover — Story of 2 same issues in a single program but different sub-domains. |
Account takeover |
NA |
Himanshu Pdy (@himanshu_pdy) |
Bug Bounty | 2021-10-10 | 2023-06-13 |
2158 | How I got $500 with Open redirect |
Open redirect |
NA |
khan mamun (@mamunwhh) |
Bug Bounty | 2021-10-10 | 2023-06-13 |
2156 | Exploiting HTML-to-PDF Converters through HTML Imports |
XSS
LFI |
NA |
Mohammed Diaa (@mhmdiaa) |
Bug Bounty | 2021-10-10 | 2023-06-13 |
2149 | Abusing Slack’s file-sharing functionality to de-anonymise fellow workspace members |
XSLeaks |
Slack |
Julien Cretel (@jub0bs) |
Bug Bounty | 2021-10-12 | 2023-06-13 |
2148 | 500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any account of India’s Biggest College Ever.👨💻 |
OTP bypass
Account takeover
Password reset |
NA |
Gowtham_Naidu (@NaiduPonnana) |
Bug Bounty | 2021-10-13 | 2023-06-13 |
2145 | Exploitation of file’s download parameters to create potential risk of malware delivery: $200 bug! |
CSRF
RCE |
NA |
Muhammad Aamir (@Muhammad__Aamir) |
Bug Bounty | 2021-10-17 | 2023-06-13 |
2144 | Business Logic Errors - A Logic Destruction |
Logic flaw |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-10-17 | 2023-06-13 |