1593 | Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054) |
SSRF |
VMware |
Keiran Sampson (@hpy_downunder) |
Bug Bounty | 2022-04-27 | 2023-06-13 |
1592 | 2FA Secret value disclosure leads to 2FA Bypass - Bug Bounty Writeup |
MFA bypass
Information disclosure |
NA |
Aditya Singh / rook1337 (@imrook1337) |
Bug Bounty | 2022-04-28 | 2023-06-13 |
1591 | Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL |
Cross-tenant vulnerability
Privilege escalation
Authentication bypass
Cloud |
Microsoft |
Shir Tamari (@shirtamari) |
Bug Bounty | 2022-04-28 | 2023-06-13 |
1589 | Exploitation of an SSRF vulnerability against EC2 IMDSv2 |
SSRF |
NA |
Yassine Aboukir (@Yassineaboukir) |
Bug Bounty | 2022-04-28 | 2023-06-13 |
1588 | Sensitive Data Exfiltration through XSS ($450) |
Token leak |
NA |
Zulfi Al-Farizi |
Bug Bounty | 2022-04-30 | 2023-06-13 |
1585 | Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks |
Privilege escalation
CI/CD |
NA |
Noam Dotan |
Bug Bounty | 2022-05-02 | 2023-06-13 |
1584 | How I got a lousyT-Shirt from the Dutch Government. |
Old components with known vulnerabilities |
Dutch Government |
Mava (@mava656) |
Bug Bounty | 2022-05-03 | 2023-06-13 |
1583 | CVE-2022-25262 | JetBrains Hub single-click SAML response takeover |
Authorization flaw
SAML
OAuth |
JetBrains |
Yurii Sanin (@SaninYurii) |
Bug Bounty | 2022-05-03 | 2023-06-13 |
1582 | Hacking a Bank by Finding a 0day in DotCMS |
Directory traversal
Unrestricted file upload
RCE |
NA |
Shubham Shah (@infosec_au) |
Bug Bounty | 2022-05-03 | 2023-06-13 |
1579 | Business Logic Errors - Art of Testing Cards |
Payment bypass
Logic flaw |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-05-04 | 2023-06-13 |
1577 | Samsung Flow - Any App Can Read The External Storage |
Android
Insecure intent |
Samsung |
Ken Gannon (@Yogehi) |
Bug Bounty | 2022-05-04 | 2023-06-13 |
1576 | Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store |
Android
Insecure intent |
Samsung |
Ken Gannon (@Yogehi) |
Bug Bounty | 2022-05-04 | 2023-06-13 |
1575 | Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO) |
XSS
CSRF
Account takeover |
NA |
Zulfi Al-Farizi |
Bug Bounty | 2022-05-06 | 2023-06-13 |
1574 | CVE-2022-0540 - Authentication bypass in Seraph |
Authentication bypass |
NA |
Khoa Dinh (@_l0gg) |
Bug Bounty | 2022-05-06 | 2023-06-13 |
1573 | How We hacked (bypassed) Admin Panel just by JS file |
Information disclosure |
NA |
Zhenwar Hawlery (@zhenwarx) |
Bug Bounty | 2022-05-06 | 2023-06-13 |
1572 | Advanced sqlmap Case Study |
SQL injection |
NA |
Peter M (@h1pmnh) |
Bug Bounty | 2022-05-06 | 2023-06-13 |
1570 | The $16,000 Dev Mistake |
Information disclosure |
NA |
Daniel Marte (@Masonhck3571) |
Bug Bounty | 2022-05-07 | 2023-06-13 |
1569 | Its all about 2fa bypass, or Account Takeover |
Password reset
Account takeover
OTP bypass |
NA |
anjaneyulu kanakatla |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1568 | P1 Bug — PII information disclosure |
Information disclosure
IDOR |
NA |
Huntersherlock |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1567 | How I Paid For My Holiday With Bug Bounty |
XSS
Broken Access Control
IDOR
Unrestricted file upload |
NA |
Tobydavenn |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1566 | Can analyzing javascript files lead to remote code execution? |
Unrestricted file upload
RCE |
NA |
Asem Eleraky (@melotover) |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1565 | Account verification code bypass lead to a $4000 bounty |
OTP bypass |
NA |
Mohsin Khan (@tabaahi_) |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1564 | RCE via Dependency Confusion |
Dependency confusion |
NA |
Samrat Gupta (@Sm4rty_) |
Bug Bounty | 2022-05-10 | 2023-06-13 |
1563 | ResolveURI RXSS Imperva Waf Bypass |
XSS |
NA |
Ahsan Shahid (@hunter0x8) |
Bug Bounty | 2022-05-10 | 2023-06-13 |
1562 | The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… |
CSS injection
Clickjacking
Account takeover
XSS
Cookie bomb
Self-XSS
CSRF |
NA |
Renwa (@RenwaX23) |
Bug Bounty | 2022-05-10 | 2023-06-13 |