1094 | SSRF(g/vrp) for 5000$ |
SSRF |
NA |
lalka (@0x01alka) |
Bug Bounty | 2022-09-12 | 2023-06-13 |
1093 | Contentful Access Token Disclosure in Android APK |
Information disclosure
Android |
NA |
Cyberali |
Bug Bounty | 2022-09-12 | 2023-06-13 |
1092 | Bug Bounty - Cross-site request forgery is a thing |
CSRF
XSS |
NA |
Patrick Hener (@C1sc01) |
Bug Bounty | 2022-09-12 | 2023-06-13 |
1091 | How I DIDN’T get an RCE in a $200 Billion company — Bug Bounty |
RCE
Components with known vulnerabilities |
NA |
nynan (@_nynan) |
Bug Bounty | 2022-09-12 | 2023-06-13 |
1090 | LiveHelperChat - Remote Code Execution via Vulnerable Theme Upload Function |
RCE |
Live Helper Chat |
Arben Shala (@arbennsh) |
Bug Bounty | 2022-09-13 | 2023-06-13 |
1087 | Blind XSS and Time-Based SQL Injection to Admin Panel Control and Database Takeover |
Blind XSS
SQL injection |
NA |
Cyberali |
Bug Bounty | 2022-09-13 | 2023-06-13 |
1086 | Data Exfiltration through Blind XXE on PDF Generator |
Blind XXE
WAF bypass |
NA |
Arben Shala (@arbennsh) |
Bug Bounty | 2022-09-13 | 2023-06-13 |
1084 | mast1c0re: Hacking the PS4 / PS5 through the PS2 Emulator - Part 1 - Escape |
Memory corruption |
PlayStation |
CTurt (@CTurtE) |
Bug Bounty | 2022-09-26 | 2023-06-13 |
1083 | Attacking the Android kernel using the Qualcomm TrustZone |
Memory corruption |
Qalcomm
Google |
Tamir Zahavi-Brunner (@tamir_zb) |
Bug Bounty | 2022-09-14 | 2023-06-13 |
1081 | How I abused the file upload function to get a high severity vulnerability in Bug Bounty |
Unrestricted file upload
Information disclosure |
NA |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-09-14 | 2023-06-13 |
1079 | Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804) |
RCE
OS command injection |
Atlassian |
Maxwell Garrett (@TheGrandPew) |
Bug Bounty | 2022-09-14 | 2023-06-13 |
1078 | HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites |
HTTP Request Smuggling
Desync attack |
NA |
Ankit Singh (@AnkitCuriosity) |
Bug Bounty | 2022-09-14 | 2023-06-13 |
1075 | Getting Paid With Just Picking Color — Bug Bounty |
CSS injection |
NA |
Redza |
Bug Bounty | 2022-09-16 | 2023-06-13 |
1071 | How i Found Unauthorized Bypass RCE |
RCE
Old components with known vulnerabilities |
NA |
Yashshirke |
Bug Bounty | 2022-09-18 | 2023-06-13 |
1070 | SSRF Attack Leading To AWS Metadata |
SSRF |
CERT-EU |
ParagBagul |
Bug Bounty | 2022-09-18 | 2023-06-13 |
1069 | Bug Bounty { How I found an Sensitive Information Disclosure( Reconnaissance ) } |
Information disclosure |
NA |
S Rahul (@7srambo) |
Bug Bounty | 2022-09-18 | 2023-06-13 |
1067 | Android Application Forgot Password Token Leakage Leading to Account Takeover |
Information disclosure
Password reset
Account takeover
Android |
NA |
Cyberali |
Bug Bounty | 2022-09-19 | 2023-06-13 |
1065 | SSD Advisory – Linux CLOCK_THREAD_CPUTIME_ID LPE |
Memory corruption
Race condition
Kernel hacking |
Linux Kernel Organization |
- |
Bug Bounty | 2022-09-20 | 2023-06-13 |
1064 | Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286) |
Local Privilege Escalation
Windows
Driver hacking |
Seagate |
x86matthew (@x86matthew) |
Bug Bounty | 2022-09-20 | 2023-06-13 |
1063 | Privilege Escalation Leads to making authenticated actions (payment processing, creating invoices.. etc) |
Privilege escalation
Authorization flaw |
NA |
X-Vector (@XVector11) |
Bug Bounty | 2022-09-20 | 2023-06-13 |
1060 | AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes |
Cloud
Cross-tenant vulnerability
Authorization flaw |
Oracle |
Elad Gabay (@eladgabay_) |
Bug Bounty | 2022-09-20 | 2023-06-13 |
1057 | How we Abused Repository Webhooks to Access Internal CI Systems at Scale |
CI/CD |
NA |
Omer Gil (@omer_gil) |
Bug Bounty | 2022-09-20 | 2023-06-13 |
1055 | Mass Assignment Leading to Pre Account Takeover |
Mass assignment |
NA |
Cyberali |
Bug Bounty | 2022-09-21 | 2023-06-13 |
1054 | TypeORM Prototype Pollution Leading To SQL Injection (CVE-2022-36531) |
DoS
SQL injection |
TypeORM |
Norbert Szetei (@73696e65) |
Bug Bounty | 2022-09-21 | 2023-06-13 |
1053 | Tarfile: Exploiting the World With a 15-Year-Old Vulnerability |
Path traversal |
Python |
Kasimir Schulz (@Abraxus7331) |
Bug Bounty | 2022-09-21 | 2023-06-13 |