| 1646 | MSRC – Joint security research write up – Azure AD Consent bypass disclosure with Kim Jamia – Q1/2022 |
Authorization flaw |
Microsoft |
Joosua Santasalo (@SantasaloJoosua) |
Bug Bounty | 2022-04-09 | 2023-06-13 |
| 1583 | CVE-2022-25262 | JetBrains Hub single-click SAML response takeover |
Authorization flaw
SAML
OAuth |
JetBrains |
Yurii Sanin (@SaninYurii) |
Bug Bounty | 2022-05-03 | 2023-06-13 |
| 1479 | Same bug different platform |
Logic flaw
Authorization flaw |
Meta / Facebook |
Prajwol Dhungana (@PrajwolDhunga14) |
Bug Bounty | 2022-06-11 | 2023-06-13 |
| 1473 | How I was able to see likes and dislikes count which is hidden by victim | YouTube #1 |
Logic flaw
Authorization flaw |
Google |
Jay Jani (@JayJani007) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
| 1468 | 403 bypass on a fortune 100 financial institution (P3) |
Information disclosure
Authorization flaw
Forced browsing |
NA |
Damaidec |
Bug Bounty | 2022-06-14 | 2023-06-13 |
| 1452 | How I was able to see likes and dislikes count which is hidden by victim | YouTube #2 |
Logic flaw
Authorization flaw |
Google |
Jay Jani (@JayJani007) |
Bug Bounty | 2022-06-17 | 2023-06-13 |
| 1450 | How I hacked one of the biggest Airline in the world |
IDOR
Account takeover
Authorization flaw |
NA |
Dali Jandro (@Sazouki_) |
Bug Bounty | 2022-06-18 | 2023-06-13 |
| 1440 | We were vulnerable - how a security company could have vulns |
Broken Access Control
Authorization flaw
Information disclosure |
Volkis |
Soman Verma |
Bug Bounty | 2022-06-22 | 2023-06-13 |
| 1433 | An Out Of Scope domain Leads To a Critical Bug[$1500] |
Authorization flaw
Broken Access Control |
NA |
Shakti Mohanty (@3ncryptSaan) |
Bug Bounty | 2022-06-24 | 2023-06-13 |
| 1408 | Facebook Portal’s business logic error lead to 500$ |
Logic flaw
Authorization flaw |
Meta / Facebook |
unurbayar amarsaikhan (@0xunuruu) |
Bug Bounty | 2022-06-30 | 2023-06-13 |
| 1346 | Authomize Discovers PassBleed Password Stealing and Impersonation Risks in Okta |
Sensitive data sent over an unencrypted channel
Authorization flaw
Information disclosure |
Okta |
Authomize (@Authomize) |
Bug Bounty | 2022-07-19 | 2023-06-13 |
| 1298 | Reading Message from Microsoft’s Private Yammer Group |
Authorization flaw |
Microsoft |
Meareg |
Bug Bounty | 2022-07-28 | 2023-06-13 |
| 1289 | How I earned $10,000 within the last 7 months — a 17y/o Edition |
Authorization flaw |
NA |
Gowtham Naidu Ponnana (@gowtham_ponnana) |
Bug Bounty | 2022-08-01 | 2023-06-13 |
| 1285 | Multiple bugs in one program leads to 1500€ |
Privilege escalation
IDOR
Authorization flaw |
NA |
can1337 (@canmustdie) |
Bug Bounty | 2022-08-02 | 2023-06-13 |
| 1173 | Break the Logic: 5 Different Perspectives in Single Page (€1500) |
Client-side enforcement of server-side security
IDOR
Authorization flaw |
NA |
can1337 (@canmustdie) |
Bug Bounty | 2022-08-26 | 2023-06-13 |
| 1158 | Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl |
Authorization flaw
Signature validation bypass |
Amazon |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2022-08-30 | 2023-06-13 |
| 1098 | Attackers Can Bypass GitHub Required Reviewers to Submit Malicious Code |
Authorization flaw
Logic flaw |
GitHub |
Noam Dotan |
Bug Bounty | 2022-09-08 | 2023-06-13 |
| 1074 | Cloning internal Google repos for fun and… info? |
Authorization flaw |
Google |
Luke Berner |
Bug Bounty | 2022-09-16 | 2023-06-13 |
| 1063 | Privilege Escalation Leads to making authenticated actions (payment processing, creating invoices.. etc) |
Privilege escalation
Authorization flaw |
NA |
X-Vector (@XVector11) |
Bug Bounty | 2022-09-20 | 2023-06-13 |
| 1060 | AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes |
Cloud
Cross-tenant vulnerability
Authorization flaw |
Oracle |
Elad Gabay (@eladgabay_) |
Bug Bounty | 2022-09-20 | 2023-06-13 |
| 988 | Insecure Comments |
IDOR
Authorization flaw |
Microsoft |
Meareg |
Bug Bounty | 2022-10-07 | 2023-06-13 |
| 939 | Vulnerabilities in Tenda%27s W15Ev2 AC1200 Router |
OS command injection
Buffer Overflow
Memory corruption
Stored XSS
Authorization flaw
Information disclosure |
Tenda |
Olivier Laflamme (@olivier_boschko) |
Bug Bounty | 2022-10-19 | 2023-06-13 |
| 926 | Reverse Engineering the Apple Multipeer Connectivity Framework |
Authorization flaw
Reverse engineering
Networking |
Apple |
Simone Margaritelli (@evilsocket) |
Bug Bounty | 2022-10-20 | 2023-06-13 |
| 909 | Support supports a Hacker |
Social engineering
Spoofing
Authorization flaw
Account takeover |
NA |
mechboy (@mechboy_) |
Bug Bounty | 2022-10-25 | 2023-06-13 |
| 869 | Invitation Hijacking |
Authorization flaw
Privilege escalation |
NA |
vFlexo (@vflexo) |
Bug Bounty | 2022-11-03 | 2023-06-13 |
