1476 | Finding vulnerabilities in curl 7.83.0 without reading a single-line of C code |
SSRF
Information disclosure
HSTS bypass |
Internet Bug Bounty (curl) |
Haxatron (@Haxatron1) |
Bug Bounty | 2022-06-12 | 2023-06-13 |
1470 | SynLapse – Technical Details for Critical Azure Synapse Vulnerability |
Cross-tenant vulnerability
RCE
Cloud |
Microsoft |
Tzah Pahima (@TzahPahima) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
1469 | Cryptographic Side-Channels (Timing Leaks) in JSBN |
Cryptographic issues
Side-channel attack
Timing attack |
Xfinity Opensource |
Soatok (@SoatokDhole) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
1468 | 403 bypass on a fortune 100 financial institution (P3) |
Information disclosure
Authorization flaw
Forced browsing |
NA |
Damaidec |
Bug Bounty | 2022-06-14 | 2023-06-13 |
1467 | Zimbra Email - Stealing Clear-Text Credentials via Memcache injection |
Memcache injection
CRLF injection |
Zimbra |
Sonar (@SonarSource) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
1466 | 2FA Bypass via Basic Authentication on private bug bounty program |
MFA bypass |
NA |
Sharat Kaikolamthuruthil (@sharp488) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
1465 | Automating reflected XSS with burp-suite Intruder |
Reflected XSS |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
1464 | Hertzbleed Attack |
Side-channel attack
Hardware hacking
Cryptographic issues |
Intel
Cloudflare
Microsoft |
Yingchen Wang (@YingchenWang96) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
1463 | [BugTales] UnZiploc: From 0-click To Platform Compromise |
Memory corruption
Logic flaw
RCE
Local Privilege Escalation |
Huawei |
Daniel Komaromy (@kutyacica) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
1460 | Amazon Linux "log4j hotpatch" <1.3-5 local privilege escalation to root (race condition) |
Local Privilege Escalation |
Amazon |
Justin Steven (@justinsteven) |
Bug Bounty | 2022-06-15 | 2023-06-13 |
1459 | CVE-2022-23088: Exploiting A Heap Overflow In The Freebsd Wi-fi Stack |
Memory corruption
RCE |
FreeBSD Security Team |
m00nbsd (@m00nbsd) |
Bug Bounty | 2022-06-16 | 2023-06-13 |
1455 | Chaining MFA-Enabled IAM Users with IAM Roles for Potential Privilege Escalation in AWS |
Privilege escalation |
AWS |
Jason Kao |
Bug Bounty | 2022-06-16 | 2023-06-13 |
1451 | Hacking a NFT Platform |
SSRF |
NA |
Muhammad Abdullah |
Bug Bounty | 2022-06-17 | 2023-06-13 |
1450 | How I hacked one of the biggest Airline in the world |
IDOR
Account takeover
Authorization flaw |
NA |
Dali Jandro (@Sazouki_) |
Bug Bounty | 2022-06-18 | 2023-06-13 |
1448 | Account Takeover by OTP bypass |
Information disclosure
Client-side enforcement of server-side security
OTP bypass
Account takeover |
NA |
Vaibhav Kumar Srivastava |
Bug Bounty | 2022-06-19 | 2023-06-13 |
1447 | Every XSS is different |
XSS |
NA |
Leonardo |
Bug Bounty | 2022-06-20 | 2023-06-13 |
1444 | XSS Vulnerability in IBM Content Navigator (CVE-2020-4757) |
XSS |
IBM |
Olivier Laflamme (@olivier_boschko) |
Bug Bounty | 2022-06-21 | 2023-06-13 |
1443 | Widespread prototype pollution gadgets |
Prototype pollution |
NA |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2022-06-21 | 2023-06-13 |
1442 | Exploiting vulnerabilities in iOS Application |
IDOR
Bruteforce
Lack of rate limiting
Account takeover
iOS |
NA |
Raj Singh Chauhan (@raj_singh_ch) |
Bug Bounty | 2022-06-22 | 2023-06-13 |
1440 | We were vulnerable - how a security company could have vulns |
Broken Access Control
Authorization flaw
Information disclosure |
Volkis |
Soman Verma |
Bug Bounty | 2022-06-22 | 2023-06-13 |
1437 | Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006) |
Authentication bypass
Lock screen bypass |
Google |
Joshua Nearchos |
Bug Bounty | 2022-06-23 | 2023-06-13 |
1436 | CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed) |
Argument injection |
WatchGuard |
Jake Baines (@Junior_Baines) |
Bug Bounty | 2022-06-23 | 2023-06-13 |
1434 | Miracle - One Vulnerability To Rule Them All |
Insecure deserialization
SSRF
RCE |
Oracle |
Nguyễn Tiến Giang (@testanull) |
Bug Bounty | 2022-06-23 | 2023-06-13 |
1433 | An Out Of Scope domain Leads To a Critical Bug[$1500] |
Authorization flaw
Broken Access Control |
NA |
Shakti Mohanty (@3ncryptSaan) |
Bug Bounty | 2022-06-24 | 2023-06-13 |
1431 | mysqlnd/pdo password buffer overflow leading to RCE (CVE 2022-31626) |
Buffer Overflow
Memory corruption |
PHP |
Charles Fol (@cfreal_) |
Bug Bounty | 2022-06-25 | 2023-06-13 |