1783 | Bypassing default visibility for newly-added email in Facebook(Part I - Submitting I.D) |
Logic flaw |
Meta / Facebook |
Kent Jarold Abulag (@wkemenhehehegsg) |
Bug Bounty | 2022-02-25 | 2023-06-13 |
1782 | A Weird Price Tampering Vulnerability |
Payment tampering
Logic flaw |
NA |
vFlexo (@vflexo) |
Bug Bounty | 2022-02-25 | 2023-06-13 |
1780 | SSRF & LFI In Uploads Feature |
SSRF
LFI
HTML injection |
NA |
Raymond Lind |
Bug Bounty | 2022-02-26 | 2023-06-13 |
1779 | CVE-2022-22947: SpEL Casting And Evil Beans |
RCE
Java Beans |
NA |
Wyatt Dahlenburg (@wdahlenb) |
Bug Bounty | 2022-02-26 | 2023-06-13 |
1778 | Hacking Subscription Plans for free service. |
Payment bypass
OTP bypass |
NA |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2022-02-27 | 2023-06-13 |
1775 | HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations |
HTTP request smuggling
DoS
Semantic gap attacks |
NA |
Kaiwen Shen (@m0xiaoxi) |
Bug Bounty | 2022-03-01 | 2023-06-13 |
1774 | Password Reset to Admin Access |
Account takeover
Authentication bypass
Password reset |
NA |
Jesse Clark (@Hogarth45_) |
Bug Bounty | 2022-03-01 | 2023-06-13 |
1772 | [ Directory Traversal attack ] How did I find it using GitHub |
Information disclosure
Path traversal |
NA |
Fenrir (@leetibrahim) |
Bug Bounty | 2022-03-02 | 2023-06-13 |
1771 | webOS Revisited - Even More Mistaken Identities |
Local Privilege Escalation
Browser hacking |
LG |
Andreas Lindh (@addelindh) |
Bug Bounty | 2022-03-02 | 2023-06-13 |
1770 | CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO |
Stored XSS
Account takeover |
Apache |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2022-03-02 | 2023-06-13 |
1766 | CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED) |
Username enumeration
GraphQL |
GitLab |
Jacob Baines (@junior_baines) |
Bug Bounty | 2022-03-03 | 2023-06-13 |
1764 | How I Hacked A Crypto Company And Could Steal 1 Million Dollars Worth of Bitcoin |
Path traversal |
NA |
zoid (@z0idsec) |
Bug Bounty | 2022-03-05 | 2023-06-13 |
1762 | Some critical vulnerabilities found with passive analysis on bug bounty programs explained |
Information disclosure
Logic flaw |
NA |
Daniel V. (@d4niel_v) |
Bug Bounty | 2022-03-07 | 2023-06-13 |
1761 | The Bad Twin: a peculiar case of JWT exploitation scenario |
Account takeover |
NA |
Sandh0t (@sandh0t) |
Bug Bounty | 2022-03-07 | 2023-06-13 |
1760 | AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service |
Cross-tenant vulnerability
Account takeover |
Microsoft |
Yanir Tsarimi (@Yanir_) |
Bug Bounty | 2022-03-07 | 2023-06-13 |
1759 | Circumventing Browser Security Mechanisms For SSRF |
SSRF
XSS |
NA |
HTTPVoid (@httpvoid0x2f) |
Bug Bounty | 2022-03-08 | 2023-06-13 |
1758 | How I managed to make a DDoS attack by exploiting a company’s service — Bug Bounty |
DoS |
NA |
Mr Empy (@mr_empy) |
Bug Bounty | 2022-03-08 | 2023-06-13 |
1755 | Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis) |
RCE |
Oracle |
Nguyễn Tiến Giang (@testanull) |
Bug Bounty | 2022-03-09 | 2023-06-13 |
1754 | SSD Advisory – NETGEAR DGND3700v2 PreAuth Root Access |
Authentication bypass
OS command injection
RCE |
Netgear |
- |
Bug Bounty | 2022-03-09 | 2023-06-13 |
1747 | CVE-2022-24696 – Glance By Mirametrix Privilege Escalation |
Local Privilege Escalation |
Lenovo |
Oddvar Moe (@Oddvarmoe) |
Bug Bounty | 2022-03-11 | 2023-06-13 |
1746 | How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control) |
Broken Access Control |
NA |
can1337 (@canmustdie) |
Bug Bounty | 2022-03-11 | 2023-06-13 |
1744 | I can see the dislikes count even though is hidden by YouTube | YouTube ($500) |
Broken Access Control
IDOR |
NA |
R ando (@Rando02355205) |
Bug Bounty | 2022-03-12 | 2023-06-13 |
1743 | XSS through base64 encoded JSON |
XSS |
NA |
Aman Pareek (@aman_notsogreat) |
Bug Bounty | 2022-03-12 | 2023-06-13 |
1742 | A Tale of Open Redirection to Stored XSS |
Stored XSS
Open redirect |
NA |
Tushar Sharma (@tusharSharma_0) |
Bug Bounty | 2022-03-12 | 2023-06-13 |
1741 | Open Redirect via Sendgrid Email Misconfiguration |
Open redirect |
NA |
Rifqi Hilmy Zhafrant |
Bug Bounty | 2022-03-13 | 2023-06-13 |