1231 | CVE-2022-30216 - Authentication coercion of the Windows “Server” service |
Off-by-one Error
Authentication coercion |
Microsoft |
Ben Barnea (@nachoskrnl) |
Bug Bounty | 2022-08-13 | 2023-06-13 |
1229 | Remote Code Execution on Element Desktop Application using Node Integration in Sub Frames Bypass - CVE-2022-23597 |
RCE
XSS |
Matrix (Element) |
s1r1us (@s1r1u5_) |
Bug Bounty | 2022-08-13 | 2023-06-13 |
1228 | XSS via Angular Template Injection |
CSTI
XSS
WAF bypass |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-13 | 2023-06-13 |
1225 | URL filter bypass, RFI and XSS |
Stored XSS
RFI |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-14 | 2023-06-13 |
1224 | The forgotten API and XSS filter bypass |
XSS |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-14 | 2023-06-13 |
1223 | Five-minute hunting for hidden XSS |
Reflected XSS |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-15 | 2023-06-13 |
1222 | 1day to 0day(CVE-2022-30024) on TP-Link TL-WR841N |
Memory corruption |
TP-Link |
Trần Minh Cường |
Bug Bounty | 2022-08-15 | 2023-06-13 |
1221 | Business Logic Vulnerability via IDOR |
IDOR
Payment tampering |
NA |
Sagar Sajeev (@Sagar__Sajeev) |
Bug Bounty | 2022-08-15 | 2023-06-13 |
1220 | Salesforce bug hunting to Critical bug |
Information disclosure
Salesforce |
NA |
Vuk Ivanovic |
Bug Bounty | 2022-08-15 | 2023-06-13 |
1218 | CVE-2022-30211: Windows L2TP VPN Memory Leak and Use after Free Vulnerability |
Memory corruption
RCE |
Microsoft |
Alex Nichols (@i4mchr00t) |
Bug Bounty | 2022-08-15 | 2023-06-13 |
1216 | FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug |
Memory corruption
Local Privilege Escalation |
FreeBSD Security Team |
Chris (@accessvector) |
Bug Bounty | 2022-08-16 | 2023-06-13 |
1214 | 2FA Bypass Do Re Mi |
MFA bypass |
NA |
Ashlyn Lau (@ashlyn_lau) |
Bug Bounty | 2022-08-16 | 2023-06-13 |
1210 | RCE on Spip and Root-Me, v2! |
RCE
SSTI
DNS rebinding
XSS
Code injection
Unrestricted file upload |
SPIP |
Laluka (@TheLaluka) |
Bug Bounty | 2022-08-16 | 2023-06-13 |
1208 | N/a to $750 bounty for a Blind XSS. |
Blind XSS |
NA |
Dirtycoder (@dirtycoder0124) |
Bug Bounty | 2022-08-18 | 2023-06-13 |
1206 | Let%27s Dance in the Cache - Destabilizing Hash Table on Microsoft IIS! |
DoS
Web cache poisoning
Authentication bypass |
Microsoft |
Orange Tsai (@orange_8361) |
Bug Bounty | 2022-08-18 | 2023-06-13 |
1205 | Fishbowl Disclosure: CVE-2022-29805 |
Insecure deserialization |
Fishbowl |
Michael Rand |
Bug Bounty | 2022-08-18 | 2023-06-13 |
1203 | Outlook CVE-2022-35742 |
DoS |
Microsoft |
insu (@hpy_insu) |
Bug Bounty | 2022-08-18 | 2023-06-13 |
1199 | Account takeover worth $1000 |
Account takeover
Authentication bypass
Information disclosure
Password reset |
NA |
Faique (@imfaiqu3) |
Bug Bounty | 2022-08-19 | 2023-06-13 |
1198 | Never underestimate the power of open redirect, a story of a full account takeover |
Open redirect
Account takeover
Token leak |
NA |
Ibrahim Auwal (@ibrahimatix0x01) |
Bug Bounty | 2022-08-20 | 2023-06-13 |
1196 | Failed Coding Assessment to Remote Code Execution - Part 1 |
RCE |
HackerEarth |
Akash Chhabra (@_hackingguy) |
Bug Bounty | 2022-08-20 | 2023-06-13 |
1195 | Blind command injection |
RCE
OS command injection |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-21 | 2023-06-13 |
1194 | Blockchain Network is Secured! But not the apps and their Integrations |
Payment tampering
Logic flaw |
NA |
Keyur Talati |
Bug Bounty | 2022-08-22 | 2023-06-13 |
1191 | Useless path traversals in Zyxel admin interface (CVE-2022-2030) |
Path traversal |
Zyxel |
Maurizio Agazzini (@0x696e6f6465) |
Bug Bounty | 2022-08-22 | 2023-06-13 |
1189 | Patch bypass for [CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager |
Hardcoded credentials
Information disclosure |
SAP |
Arpine Maghakyan |
Bug Bounty | 2022-08-22 | 2023-06-13 |
1188 | Paracosme - CVE-2022-33318 - Remote Code Execution in ICONICS Genesis64 |
Memory corruption
RCE |
ICONICS |
Axel Souchet (@0vercl0k) |
Bug Bounty | 2022-08-22 | 2023-06-13 |