| 3258 | CVE-2020-13379 Unauthenticated Full-Read SSRF in Grafana |
SSRF
Open redirect |
NA |
Justin Gardner (@Rhynorater) |
Bug Bounty | 2020-08-01 | 2023-06-13 |
| 3257 | Refocusing in bug hunting, Bonus: An interestingly simple to test CSRF bypass |
CSRF |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-01 | 2023-06-13 |
| 3256 | CVE-2020–9854: "Unauthd" |
MacOS
Local Privilege Escalation
SIP bypass |
Apple (macOS) |
Ilias Morad (@A2nkF_) |
Bug Bounty | 2020-08-01 | 2023-06-13 |
| 3255 | Multi-factor Auth Bypass with Password Reset Function |
MFA bypass
Password reset
Account takeover |
NA |
Vaibhav Joshi (@vj0shii) |
Bug Bounty | 2020-08-02 | 2023-06-13 |
| 3254 | Banning users Race condition |
Race condition |
NA |
Saddam Hussain (@wisdomfreak1) |
Bug Bounty | 2020-08-02 | 2023-06-13 |
| 3253 | Look at what i found in Comodo |
Stored XSS
Reflected XSS |
Comodo |
Maor Dayan (@mord1234) |
Bug Bounty | 2020-08-03 | 2023-06-13 |
| 3252 | Account takeover in cups.mail.ru |
Logic flaw
Password reset
Account takeover |
Mail.ru |
kminthein / weev3 (@kyawminthein99) |
Bug Bounty | 2020-08-03 | 2023-06-13 |
| 3251 | Vulnerability in new TouchID feature put iCloud accounts at risk of being breached |
OAuth
Account takeover |
Apple |
Thijs Alkemade (@xnyhps) |
Bug Bounty | 2020-08-03 | 2023-06-13 |
| 3250 | Amazon AWS Bastion - Logger Bypass |
Logging bypass
Local Privilege Escalation |
AWS |
Denis Andzakovic |
Bug Bounty | 2020-08-03 | 2023-06-13 |
| 3249 | How I was able to do Mass Account Takeover[Bug Bounty] |
Account takeover
Password reset |
NA |
Not Rickyy (@RickyyNot) |
Bug Bounty | 2020-08-05 | 2023-06-13 |
| 3248 | I want all these features |
Logic flaw
Payment tampering |
NA |
Mohamed Ayad |
Bug Bounty | 2020-08-05 | 2023-06-13 |
| 3247 | CSRF PoC mistake that broke crucial functions for the end user/victim |
Logic flaw |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-05 | 2023-06-13 |
| 3246 | The Case of the Missing Cache Keys |
Web cache poisoning |
NA |
Aaron Costello (@ConspiracyProof) |
Bug Bounty | 2020-08-05 | 2023-06-13 |
| 3245 | Apache Example Servlet leads to $$$$ |
Clickjacking |
NA |
Debangshu Kundu (@debangshu_kundu) |
Bug Bounty | 2020-08-06 | 2023-06-13 |
| 3244 | Stored XSS on Slack, Bug Bounty |
Stored XSS |
Slack |
Tommysuriel |
Bug Bounty | 2020-08-06 | 2023-06-13 |
| 3243 | Blind SQL Injection at fasteditor.hema.com |
SQL injection |
Hema |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2020-08-06 | 2023-06-13 |
| 3242 | Reflected XSS at fotoservice.hema.nl |
Reflected XSS
Open redirect |
Hema |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2020-08-06 | 2023-06-13 |
| 3241 | Smear phishing: a new Android vulnerability |
Phishing
Android |
Google |
Jim Fisher (@MrJamesFisher) |
Bug Bounty | 2020-08-06 | 2023-06-13 |
| 3240 | Exploiting JWT - Lack of Signature Verification |
Account takeover |
NA |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2020-08-06 | 2023-06-13 |
| 3239 | The feature works as intended, but what’s in the source? |
Information disclosure |
NA |
Zseano (@zseano) |
Bug Bounty | 2020-08-08 | 2023-06-13 |
| 3238 | Reflected XSS in Facebook’s mirror websites |
Reflected XSS |
Meta / Facebook |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2020-08-08 | 2023-06-13 |
| 3237 | Bug Hunting with Param Miner: Cache poisoning with XSS, a peculiar case |
XSS
Web cache poisoning |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-08 | 2023-06-13 |
| 3236 | Bypassing Google Maps API Key Restrictions |
Logic flaw |
Google |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2020-08-08 | 2023-06-13 |
| 3235 | Hacking Zoom: Uncovering Tales of Security Vulnerabilities in Zoom |
Information disclosure
RCE
Memory leak |
Zoom |
Mazin Ahmed (@mazen160) |
Bug Bounty | 2020-08-08 | 2023-06-13 |
| 3234 | Bypassing 403 |
Authentication bypass |
NA |
Michael Hyndman (@michaelhyndman) |
Bug Bounty | 2020-08-09 | 2023-06-13 |
