1017 | XSS through DHCP: How Attackers Use Standards |
XSS |
NA |
Dylan Ross |
Bug Bounty | 2022-09-29 | 2023-06-13 |
1016 | ECDSA Nonce Reuse |
Cryptographic issues |
NA |
Ingredous Labs |
Bug Bounty | 2022-09-29 | 2023-06-13 |
1014 | Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned) |
Web cache poisoning |
Akamai
Paypal
Airbnb
Tesla
Valve
Zomato
Whitejar
Starbucks
PlayStation
Marriott
Hyatt Hotels
Goldman Sachs
Microsoft
Apple
LastPass
Brussels Airlines
Mastercard
eToro BBP
BMW Group
Rockstar Games |
Francesco Mariani (@_medusa_1_) |
Bug Bounty | 2022-09-29 | 2023-06-13 |
1013 | Security vs Compliance-Cloudflare Password Policy Restriction Bypass |
Client-side enforcement of server-side security |
Cloudflare |
Lohith Gowda M (@lohigowda_in) |
Bug Bounty | 2022-09-29 | 2023-06-13 |
1009 | Tale of Easy P1 Bugs in Wild |
Forced browsing
403 bypass
Information disclosure |
NA |
Harsh Tandel |
Bug Bounty | 2022-10-01 | 2023-06-13 |
1008 | Breaking Business Logic - Part: 2^7 = 1 |
Race condition |
NA |
Hemdeep Gamit |
Bug Bounty | 2022-10-02 | 2023-06-13 |
1006 | Using Default Credential to Admin Account Takeover |
Weak credentials |
NA |
Rohit Kumar (Rohit_443) |
Bug Bounty | 2022-10-02 | 2023-06-13 |
1005 | CSRF Attack — 0 click account delete - 1st write-up |
CSRF
HTML injection |
NA |
Deepak (@bug_vs_me) |
Bug Bounty | 2022-10-03 | 2023-06-13 |
1004 | My First And Second Bugs Are — 2FA Bypass |
MFA bypass
HTTP response manipulation
Information disclosure |
NA |
Jai Niresh J |
Bug Bounty | 2022-10-03 | 2023-06-13 |
1003 | Bugcrowd — Tale of multiple misconfigurations!! ❌ |
Account takeover
OAuth
OTP bypass
Password reset |
NA |
Vaibhav Lakhani |
Bug Bounty | 2022-10-04 | 2023-06-13 |
1001 | Hacking TMNF: Part 1 - Fuzzing the game server |
RCE
Memory corruption
Format string vulnerability |
Ubisoft |
- |
Bug Bounty | 2022-10-05 | 2023-06-13 |
1000 | How I Found A P1 Bug |
Authentication bypass
Information disclosure |
NA |
Amith |
Bug Bounty | 2022-10-05 | 2023-06-13 |
999 | Appsmith Patches Full-Read SSRF Vulnerabilities Reported by CloudSEK |
SSRF |
Appsmith |
Sparsh Kulshrestha (@d0tdotslash) |
Bug Bounty | 2022-10-05 | 2023-06-13 |
997 | A Deep Dive of CVE-2022–33987 (Got allows a redirect to a UNIX socket) |
SSRF |
MediaWiki |
Chaim Sanders |
Bug Bounty | 2022-10-06 | 2023-06-13 |
996 | Error based SQL Injection with WAF bypass manual Exploit 100% |
SQL injection
WAF bypass |
NA |
Ahmed Qaramany (@c0nqr0r) |
Bug Bounty | 2022-10-06 | 2023-06-13 |
995 | Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style |
DNS cache poisoning
Kaminsky attack |
NA |
Timo Longin |
Bug Bounty | 2022-10-06 | 2023-06-13 |
994 | CVE-2022-41343 |
RCE
Insecure deserialization
Phar deserialization |
dompdf |
Tanto Security team (@TantoSecurity) |
Bug Bounty | 2022-10-06 | 2023-06-13 |
993 | Mr. Robot: Self Xss from Informative to high 1200$ ,csrf, open redirect,self xss to stored |
Self-XSS
CSRF |
NA |
Ahmad A Abdulla (@lu3ky13) |
Bug Bounty | 2022-10-06 | 2023-06-13 |
990 | Full Company Building Takeover |
Information disclosure |
NA |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-10-06 | 2023-06-13 |
989 | CVE-2022–36635 — A SQL Injection in ZKSecurityBio to RCE |
SQL injection |
ZKTeco |
Caio Burgardt (@CaioBurgardt) |
Bug Bounty | 2022-10-06 | 2023-06-13 |
987 | Auth Bypass Via Exposed Credentials |
Hardcoded API keys |
NA |
g30rgy th3 d4rk (@Crypt0g30rgy) |
Bug Bounty | 2022-10-07 | 2023-06-13 |
986 | Vulnerabilities in Online Payment Systems |
Payment bypass
Payment tampering
Logic flaw |
NA |
Claudio Moran |
Bug Bounty | 2022-10-08 | 2023-06-13 |
984 | Persistent PHP Payloads In PNGs: How To Inject PHP Code In An Image – And Keep It There ! |
Unrestricted file upload
Code injection
RCE |
NA |
Quentin Roland (@ROLANDQuentin2) |
Bug Bounty | 2022-10-10 | 2023-06-13 |
982 | Reflected cross-site scripting vulnerability in Crealogix EBICS implementation |
Reflected XSS |
CREALOGIX AG |
Tobias Ospelt (@floyd_ch) |
Bug Bounty | 2022-10-10 | 2023-06-13 |
980 | [Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I] |
Broken Access Control
Android |
NA |
Abdelhak Kharroubi |
Bug Bounty | 2022-10-10 | 2023-06-13 |