1694 | Deleting account via support ticket |
IDOR
Broken Access Control |
NA |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2022-03-26 | 2023-06-13 |
1693 | Stealing cookies from subdomain leads to takeover user accounts at redacted.com |
Account takeover
XSS |
NA |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2022-03-27 | 2023-06-13 |
1692 | How I was able to rick roll every users on root-me.org |
XSS |
Root-Me |
Mizu (@kevin_mizu) |
Bug Bounty | 2022-03-27 | 2023-06-13 |
1690 | Ruby Deserialization - Gadget on Rails |
Insecure deserialization
RCE |
Ruby on Rails |
HTTPVoid (@httpvoid0x2f) |
Bug Bounty | 2022-03-28 | 2023-06-13 |
1688 | ABC-Code Execution for Veeam |
Local Privilege Escalation |
Veeam |
Sina Kheirkhah (@SinSinology) |
Bug Bounty | 2022-03-29 | 2023-06-13 |
1687 | How I bypassed 403 forbidden domain using a simple trick |
403 bypass |
NA |
Jan Muhammad Zaidi (@hasanakajan) |
Bug Bounty | 2022-03-29 | 2023-06-13 |
1685 | CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter |
Information disclosure |
VMware |
Yuval Lazar |
Bug Bounty | 2022-03-29 | 2023-06-13 |
1682 | CVE-2022-27643 - NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability |
Memory corruption
RCE |
Netgear |
Relyze (@relyze) |
Bug Bounty | 2022-03-31 | 2023-06-13 |
1681 | Got Access To Dota 2 Admin Panel By Exploiting In-game Feature |
XSS |
Valve |
Abdillah Muhamad (@abdilahrf) |
Bug Bounty | 2022-03-31 | 2023-06-13 |
1678 | A Large-scale and Longitudinal Measurement Study of DKIM Deployment |
Email spoofing
Phishing |
Google
Mailchimp
Sendgrid
Salesforce |
Chuhan Wang |
Bug Bounty | 2022-04-01 | 2023-06-13 |
1676 | Small bugs are more dangerous than you think |
Self-XSS
Stored XSS
Open redirect
CSRF |
NA |
Liv Matan (@terminatorLM) |
Bug Bounty | 2022-04-01 | 2023-06-13 |
1674 | Write Up – Finapi (Open Banking API) Oauth Credentials Exposed In Plain Text In Android App |
Hardcoded credentials
Android |
NA |
Omar Espino (@omespino) |
Bug Bounty | 2022-04-01 | 2023-06-13 |
1673 | Design Flaw : A Tale of Permanent DOS (Informative -> Triaged) |
DoS |
NA |
Akash Hamal (@AkashHamal0x01) |
Bug Bounty | 2022-04-02 | 2023-06-13 |
1668 | Exploiting a double-edged SSRF for server and client-side impact |
SSRF |
NA |
Yassine Aboukir (@Yassineaboukir) |
Bug Bounty | 2022-04-03 | 2023-06-13 |
1666 | Cloud SSRF Exploitation |
SSRF |
NA |
Dan Barros |
Bug Bounty | 2022-04-04 | 2023-06-13 |
1665 | Hacked Nokia With Reflected Cross-site Scripting Vulnerability…. |
Reflected XSS |
Nokia |
Amit Kumar (@Amitlt2) |
Bug Bounty | 2022-04-04 | 2023-06-13 |
1664 | MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639 |
Local Privilege Escalation |
Apple |
Mickey Jin (@patch1t) |
Bug Bounty | 2022-04-04 | 2023-06-13 |
1663 | NoSQL Injection in Plain Sight |
NoSQL injection |
NA |
Kuldeep Pandya (@kuldeepdotexe) |
Bug Bounty | 2022-04-04 | 2023-06-13 |
1661 | CVE-2021-38159: MOVEit Transfer SQL Injection Analysis |
SQL injection |
Palantir Public |
Tuan Anh Nguyen (@haxor31337) |
Bug Bounty | 2022-04-05 | 2023-06-13 |
1659 | How I hacked one of the biggest airlines group of the world |
IDOR
Account takeover |
NA |
Tarek Bouali (@iambouali) |
Bug Bounty | 2022-04-05 | 2023-06-13 |
1655 | CVE-2021-4119: [Bookstack] Email harvesting via SQL "LIKE" clause exploitation |
Broken Access Control
SQL injection |
Bookstack |
Haxatron (@Haxatron1) |
Bug Bounty | 2022-04-05 | 2023-06-13 |
1654 | The Bug That Kept On Giving :: PaymentBypass :: Eposed Return Url |
Payment bypass
Logic flaw |
NA |
g30rgy th3 d4rk (@Crypt0g30rgy) |
Bug Bounty | 2022-04-05 | 2023-06-13 |
1652 | Watch out the links : Account takeover! |
Account takeover |
NA |
Akash Hamal (@AkashHamal0x01) |
Bug Bounty | 2022-04-06 | 2023-06-13 |
1651 | SSRF and Account Takeover via XSS in ERPNext (0-day) |
SSRF
XSS
Account takeover |
ERPNext |
huli (@aszx87410) |
Bug Bounty | 2022-04-06 | 2023-06-13 |
1650 | How i got access to 1600k Users PII Data $$$$ |
Information disclosure |
NA |
Gokul AP (@CodingGokul) |
Bug Bounty | 2022-04-06 | 2023-06-13 |