| 3104 | Weak Password Setting function on practo.com |
Authorization flaw |
Practo |
dark-haxor |
Bug Bounty | 2020-10-09 | 2023-06-13 |
| 3103 | JS is l0ve ❤️. |
Information disclosure
API key leakage |
NA |
Shivam Kamboj Dattana (@sechunt3r) |
Bug Bounty | 2020-10-09 | 2023-06-13 |
| 3102 | Leveraging XSS to Read Internal Files |
XSS
LFI |
NA |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2020-10-09 | 2023-06-13 |
| 3101 | Unauthorized access to all the user’s account. |
Account takeover
Authentication bypass
JWT |
NA |
Rahul Naidu |
Bug Bounty | 2020-10-12 | 2023-06-13 |
| 3100 | Guest Blog Post: Rollback Attack |
Local Privilege Escalation |
Mozilla |
Xiaoyin Liu (@general_nfs) |
Bug Bounty | 2020-10-12 | 2023-06-13 |
| 3099 | Disclose Emails, phone numbers, more For Facebook users who tried to add funds to their account |
Information disclosure |
Meta / Facebook |
Mustafa Ahmed (@mustafa0x2021) |
Bug Bounty | 2020-10-12 | 2023-06-13 |
| 3098 | How I find my first P1 level Bug. $$$ |
XSS |
NA |
Harsh |
Bug Bounty | 2020-10-13 | 2023-06-13 |
| 3097 | Blind SSRF - The Hide & Seek Game |
Blind SSRF |
NA |
Shrey Shah (@ShreySh43332033) |
Bug Bounty | 2020-10-13 | 2023-06-13 |
| 3096 | I had fun with this XSS |
XSS |
NA |
yappare (@yappare) |
Bug Bounty | 2020-10-13 | 2023-06-13 |
| 3095 | MS Enterprise app management service RCE. CVE-2022-35841 |
RCE
Local Privilege Escalation
Windows |
Microsoft |
Ceri Coburn (@_ethicalchaos_) |
Bug Bounty | 2020-10-13 | 2023-06-13 |
| 3094 | Weaponizing XSS For Fun & Profit |
XSS
CSRF |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2020-10-14 | 2023-06-13 |
| 3093 | Discord Desktop app RCE |
RCE |
Discord |
Masato Kinugawa (@kinugawamasato) |
Bug Bounty | 2020-10-17 | 2023-06-13 |
| 3092 | GitHub - RCE via git option injection (almost) - $20,000 Bounty |
RCE |
GitHub |
William Bowling / vakzz (@wcbowling) |
Bug Bounty | 2020-10-18 | 2023-06-13 |
| 3091 | GitHub Gist - Account takeover via open redirect - $10,000 Bounty |
Open redirect
Account takeover |
GitHub |
William Bowling / vakzz (@wcbowling) |
Bug Bounty | 2020-10-19 | 2023-06-13 |
| 3090 | Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers |
Authentication bypass
JWT
Android |
NHS COVID-19 App |
James Sanderson (@zofrex) |
Bug Bounty | 2020-10-20 | 2023-06-13 |
| 3089 | Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers |
Address Bar Spoofing |
Yandex
Apple
Opera |
Rafay Baloch (@rafaybaloch) |
Bug Bounty | 2020-10-20 | 2023-06-13 |
| 3088 | Back to 2019: Disclosure Employers PII and Credentials |
Information disclosure |
NA |
Wh11teW0lf (@wh11tew0lf) |
Bug Bounty | 2020-10-20 | 2023-06-13 |
| 3087 | GitHub Pages - Multiple RCEs via insecure Kramdown configuration - $25,000 Bounty |
RCE
Path traversal |
GitHub |
William Bowling / vakzz (@wcbowling) |
Bug Bounty | 2020-10-20 | 2023-06-13 |
| 3084 | IBM Datapower Exploit CVE-2020-5014 |
SSRF
HTTP Request Smuggling |
IBM |
Thomas Cope |
Bug Bounty | 2020-10-21 | 2023-06-13 |
| 3083 | 300$ P3 Easy Bug in 30 Seconds |
Missing authentication
Broken Access Control |
NA |
Omar Hamdy (@seaman00o) |
Bug Bounty | 2020-10-22 | 2023-06-13 |
| 3082 | Samsung S20 - RCE via Samsung Galaxy Store App |
RCE |
Samsung |
F-Secure |
Bug Bounty | 2020-10-23 | 2023-06-13 |
| 3081 | Accidental Observation to Critical IDOR |
IDOR |
NA |
Harsh Bothra (@harshbothra_) |
Bug Bounty | 2020-10-24 | 2023-06-13 |
| 3080 | My first bug on Google |
IDOR |
Google |
Manas Harsh (@ManasH4rsh) |
Bug Bounty | 2020-10-25 | 2023-06-13 |
| 3078 | Link Previews: How a Simple Feature Can Have Privacy and Security Risks |
Information disclosure |
Discord
Meta / Facebook
Google
LINE
LinkedIn
Slack
Twitter
Zoom |
Talal Haj Bakry (@parasarora06) |
Bug Bounty | 2020-10-25 | 2023-06-13 |
| 3077 | TikTok fixes privacy issue discovered by Check Point Research |
Information disclosure |
TikTok |
Eran Vaknin |
Bug Bounty | 2020-10-26 | 2023-06-13 |
