2054 | ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717) |
DoS |
ModSecurity |
theMiddle (@AndreaTheMiddle) |
Bug Bounty | 2021-11-24 | 2023-06-13 |
2051 | Unauthenticated Sensitive Information Disclosure at [REDACTED] |
Old components with known vulnerabilities
Information disclosure |
NA |
Rizaldi Wahaz (@wah_haz) |
Bug Bounty | 2021-11-25 | 2023-06-13 |
2049 | RocketChat - Monitor User Messages |
Authorization flaw |
Rocket.Chat |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2021-11-25 | 2023-06-13 |
2048 | WordPress Plugin Confusion: How an update can get you pwned |
Supply chain attack
WordPress plugin confusion
WordPress theme confusion |
NA |
Kamil Vavra (@vavkamil) |
Bug Bounty | 2021-11-25 | 2023-06-13 |
2046 | How I got my first bounty on financial sector gateway site by using Previous GraphQL vulnerabilities. |
Information disclosure
GraphQL |
NA |
Night Hawk |
Bug Bounty | 2021-11-26 | 2023-06-13 |
2045 | SEC-596 |
Reflected XSS |
cPanel |
sh1yo (@sh1yo_) |
Bug Bounty | 2021-11-29 | 2023-06-13 |
2044 | [socket.io] Cross-Site Websockets Hijacking |
Cross-Site Websocket Hijacking (CSWH) |
Node.js third-party modules |
sh1yo (@sh1yo_) |
Bug Bounty | 2021-11-29 | 2023-06-13 |
2043 | Price Manipulation Bypass Using Integer Overflow Method |
Payment tampering
Memory corruption |
NA |
Marx Chryz |
Bug Bounty | 2021-11-29 | 2023-06-13 |
2040 | NodeBB 1.18.4 - Remote Code Execution With One Shot |
RCE
XSS
Authentication bypass
Arbitrary file read |
NodeBB |
Sonar (@SonarSource) |
Bug Bounty | 2021-11-30 | 2023-06-13 |
2037 | HTTP Header Injection In Citrix ADC And Citrix Gateway (CVE-2020-8300, CVE-2021-22927) |
Host header injection
XSS |
Citrix Systems |
Wolfgang Ettlinger |
Bug Bounty | 2021-11-30 | 2023-06-13 |
2030 | AWS SageMaker Jupyter Notebook Instance Takeover |
Self-XSS
CSRF
RCE |
AWS |
Gafnit Amiga (@gafnitav) |
Bug Bounty | 2021-12-02 | 2023-06-13 |
2029 | Bypassing Box’s Time-based One-Time Password MFA |
OTP bypass
MFA bypass |
Box |
Tal Peleg |
Bug Bounty | 2021-12-02 | 2023-06-13 |
2026 | How I accessed the Sensitive document which I had already deleted |
Privacy issue |
NA |
Pawan Chhabria (@heybenchmarkkk) |
Bug Bounty | 2021-12-04 | 2023-06-13 |
2024 | How I managed to hack User accounts of a billion-dollar sport platform |
OTP bypass
Bruteforce
Lack of rate limiting |
NA |
Vishnuraj |
Bug Bounty | 2021-12-04 | 2023-06-13 |
2021 | SSRF vulnerability in AppSheet - Google VRP |
SSRF |
Google |
David Nechuta (@david_nechuta) |
Bug Bounty | 2021-12-05 | 2023-06-13 |
2019 | Hacking into Admin Panel of U.S Federal government system C.A.R.S — without credentials. |
Client-side enforcement of server-side security
Privilege escalation |
U.S. General Services Administration |
Hazem Brini (@ImJungsuu) |
Bug Bounty | 2021-12-07 | 2023-06-13 |
2014 | Another Admin panel |
HTTP response manipulation
Authentication bypass |
NA |
Rizwan_siddiqui (@Rizwan_SiDdiqu1) |
Bug Bounty | 2021-12-08 | 2023-06-13 |
2013 | CVE-2021-43798 - Path Traversal Vulnerability In Grafana |
Path traversal |
Grafana Labs |
Jordy Versmissen / J0VSEC (@j0v0x0) |
Bug Bounty | 2021-12-08 | 2023-06-13 |
2012 | Account Takeover via Stored XSS |
Account takeover
Stored XSS |
NA |
Demon (@R29k_) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
2011 | From Finding AWS S3 Bucket to Sensitive Data Exposure |
AWS misconfiguration |
NA |
Demon (@R29k_) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
2010 | Exploiting S3 bucket with path folder to Access PII info of A BANK |
AWS misconfiguration
Information disclosure |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
2009 | File Upload to RCE |
Unrestricted file upload |
NA |
Ahmed Magdy (@8Ahmed88Magdy8) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
2003 | Open Redirection - QR Code Magic |
Open redirect |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-12-11 | 2023-06-13 |
2002 | A story about a not-so-direct SSRF |
SSRF |
NA |
Preetham Bomma (@cyber01_) |
Bug Bounty | 2021-12-12 | 2023-06-13 |
2001 | SVG based Stored XSS |
Stored XSS |
NA |
xaonan44 |
Bug Bounty | 2021-12-12 | 2023-06-13 |