1519 | How an Open Redirection Leads to an Account Takeover? |
Open redirect
Account takeover |
NA |
Mahendra Purbia (@Mah3Sec_) |
Bug Bounty | 2022-05-26 | 2023-06-13 |
1518 | Social Media Take Over = Easy Money |
Broken link hijacking |
NA |
Jesse Clark (@Hogarth45_) |
Bug Bounty | 2022-05-26 | 2023-06-13 |
1517 | DNN CMS Server-Side Request Forgery (CVE-2021-40186) |
SSRF
Security code review |
DNN (DotNetNuke) |
Appcheck NG |
Bug Bounty | 2022-05-26 | 2023-06-13 |
1516 | Bygone Vulnerabilities - Remote Code Execution in IBM Lotus SameTime Clients (CVE-2013-0553) |
XSS
RCE |
IBM |
Brian (@hoyahaxa) |
Bug Bounty | 2022-05-27 | 2023-06-13 |
1514 | Weird Email Verification Bypass |
Email verification bypass |
NA |
Vaibhav Atkale |
Bug Bounty | 2022-05-28 | 2023-06-13 |
1512 | Exploiting iOS app for fun and profit |
Account takeover
Information disclosure |
NA |
Bijan Murmu (@0xbijan) |
Bug Bounty | 2022-05-29 | 2023-06-13 |
1511 | External Authentication bypass in ingress-nginx |
Path traversal
Authentication bypass |
Kubernetes |
Niemiec Marcin (@xvnpw) |
Bug Bounty | 2022-05-29 | 2023-06-13 |
1510 | DOMAIN ADMIN Compromise in 3 HOURS |
Default credentials |
NA |
popalltheshells |
Bug Bounty | 2022-05-29 | 2023-06-13 |
1508 | How to find & access Admin Panel by digging into JS files…🥰 |
Weak credentials
WAF bypass |
NA |
Ratnadip Gajbhiye (@scspcommunity) |
Bug Bounty | 2022-05-30 | 2023-06-13 |
1505 | SQL injection to Remote Command Execution (RCE) |
SQL injection
RCE |
NA |
Kwadwo Amoako |
Bug Bounty | 2022-05-31 | 2023-06-13 |
1504 | How I found a GoldMine but got No Gold |
Old components with known vulnerabilities |
NA |
Muhammad Abdullah |
Bug Bounty | 2022-06-01 | 2023-06-13 |
1500 | How Attacker could have suffocated the company staff |
Default credentials |
NA |
Muhammad Abdullah |
Bug Bounty | 2022-06-05 | 2023-06-13 |
1499 | If It’s a Feature!!! Let’s Abuse It for $750 |
CSRF |
NA |
Shakti Mohanty (@3ncryptSaan) |
Bug Bounty | 2022-06-05 | 2023-06-13 |
1498 | Ivanti EPM Remote Code Execution |
RCE
Components with known vulnerabilities |
NA |
Nick Berrie (@machevalia) |
Bug Bounty | 2022-06-05 | 2023-06-13 |
1497 | Another vision for SSRF |
SSRF |
NA |
phor3nsic (@phor3nsic_br) |
Bug Bounty | 2022-06-06 | 2023-06-13 |
1493 | CVE-2022-26937: Microsoft Windows Network File System NLM Portmap Stack Buffer Overflow |
Buffer Overflow
Memory corruption |
Microsoft |
Yuki Chen (@guhe120) |
Bug Bounty | 2022-06-08 | 2023-06-13 |
1491 | Account Takeover by Chaining Two IDORs |
IDOR
Account takeover |
NA |
Demon (@R29k_) |
Bug Bounty | 2022-06-08 | 2023-06-13 |
1490 | Extracting Clear-Text Credentials Directly From Chromium’s Memory |
Browser hacking |
Google (Chromium) |
Zeev Ben Porat |
Bug Bounty | 2022-06-08 | 2023-06-13 |
1489 | De-Anonymization attacks against Proton services |
Privacy issue
Information disclosure
HTML injection
Local Privilege Escalation |
Proton AG |
Ruben Santamarta (@reversemode) |
Bug Bounty | 2022-06-08 | 2023-06-13 |
1488 | Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225 |
Zip bomb
DoS |
Envoy |
JFrog Security Research Team (@JFrogSecurity) |
Bug Bounty | 2022-06-09 | 2023-06-13 |
1485 | CVE-2022-1040 Sophos XG Firewall Authentication bypass |
Authentication bypass
RCE |
Sophos |
Nguyễn Đình Biển (@biennd279) |
Bug Bounty | 2022-06-09 | 2023-06-13 |
1483 | My first CVE-2022–31289 |
Authentication bypass
403 bypass
HTTP response manipulation |
Sonatype |
Praveen Mali (@pmmali_) |
Bug Bounty | 2022-06-11 | 2023-06-13 |
1482 | ed25519-unsafe-libs |
Cryptographic issues |
NA |
Konstantinos Chalkias |
Bug Bounty | 2022-06-11 | 2023-06-13 |
1480 | From blind SSRF to localhost dirbusting and asset enumeration |
SSRF |
NA |
Jovan Šikanja (@joshibeast) |
Bug Bounty | 2022-06-11 | 2023-06-13 |
1477 | Hacking 6.5+ million websites => CVE-2022-29455 (Elementor) |
XSS |
NA |
Rotem Bar (@rotembar) |
Bug Bounty | 2022-06-12 | 2023-06-13 |