979 | Enter "Sandbreak" - Vulnerability In vm2 Sandbox Module Enables Remote Code Execution (CVE-2022-36067) |
RCE
Sandbox bypass |
vm2 |
Oxeye (@OxeyeSecurity) |
Bug Bounty | 2022-10-10 | 2023-06-13 |
977 | Web application firewall bypass |
WAF bypass |
NA |
- |
Bug Bounty | 2022-10-11 | 2023-06-13 |
976 | Cold Hard Cache — Bypassing RPC Interface Security with Cache Abuse |
Privilege escalation
Windows |
Microsoft |
- |
Bug Bounty | 2022-10-11 | 2023-06-13 |
975 | In GUID We Trust |
IDOR
Password reset
Race condition
Account takeover |
NA |
Daniel Thatcher (@_danielthatcher) |
Bug Bounty | 2022-10-11 | 2023-06-13 |
974 | Breaking Parser Logic: Gain Access To NGINX Plus API — Read/Write Upstreams. |
Path traversal |
NA |
Cyberlix (@cyberlixio) |
Bug Bounty | 2022-10-12 | 2023-06-13 |
973 | Critical IDOR Vulnerability on Medium? |
IDOR |
NA |
zer0d |
Bug Bounty | 2022-10-12 | 2023-06-13 |
972 | Pwning ManageEngine — From Endpoint to Exploit: A deep dive into CVE-2021–42847 |
Arbitrary file write
XXE
RCE |
Zoho |
Erik Wynter (@WynterErik) |
Bug Bounty | 2022-10-12 | 2023-06-13 |
971 | Broken Access Control leads to full team takeover and privilege escalation |
Broken Access Control
Privilege escalation |
NA |
Abdelhameed Ghazy (@El3Etraa1) |
Bug Bounty | 2022-10-12 | 2023-06-13 |
968 | The story of a [P5] that lead me to a [P3] find |
Pre-account takeover |
NA |
JAI NIRESH J |
Bug Bounty | 2022-10-13 | 2023-06-13 |
967 | Compromising a Backup System by iSCSI Interface During a Routine Penetration Test |
Missing authentication |
NA |
Bruno Oliveira |
Bug Bounty | 2022-10-13 | 2023-06-13 |
966 | Adobe Reader - XFA - ANSI-Unicode Confusion Information Leak |
Memory corruption |
Adobe |
Ashfaq Ansari (@HackSysTeam) |
Bug Bounty | 2022-10-13 | 2023-06-13 |
965 | SQL Injection in GraphQL |
SQL injection
GraphQL |
NA |
Ahmed Gad (@0xGAD) |
Bug Bounty | 2022-10-13 | 2023-06-13 |
964 | Code flaws leads to Org/Admin Account Takeover |
Privilege escalation
Account takeover |
NA |
Saransh Saraf (@mr23r0) |
Bug Bounty | 2022-10-13 | 2023-06-13 |
963 | FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684) |
Authentication bypass |
Fortinet |
James Horseman (@JamesHorseman2) |
Bug Bounty | 2022-10-13 | 2023-06-13 |
962 | Fall account takeover via Amazon Cognito misconfiguration |
IDOR
Account takeover |
NA |
Hossam Ahmed (@iknowhatodo0x01) |
Bug Bounty | 2022-10-13 | 2023-06-13 |
961 | Some Vulnerabilities Don’t Have A Name |
ReDoS
Memory leak |
Node.js third-party modules (debug) |
Mario Teixeira |
Bug Bounty | 2022-10-13 | 2023-06-13 |
960 | It’s the Little Things : Breaking an AI |
Path traversal |
NA |
Debangshu Kundu (@debangshu_kundu) |
Bug Bounty | 2022-10-13 | 2023-06-13 |
958 | Code Injection and SQLi in WP ALL Export Pro |
SQL injection
Security code review |
NA |
p3n7a90n (@p3n7a90n) |
Bug Bounty | 2022-10-14 | 2023-06-13 |
956 | The Castle’s Latrine |
SQL injection |
NA |
infiltrateops |
Bug Bounty | 2022-10-14 | 2023-06-13 |
955 | Story about Escalation of HTML Injection to EC2 Instance credentials leak |
SSRF
HTML injection |
NA |
Harsh Tandel (@H4r5h_T4nd37) |
Bug Bounty | 2022-10-14 | 2023-06-13 |
954 | Google SSO misconfiguration leading to Account Takeover |
Authentication bypass
Account takeover
SSO |
NA |
0x4KD (@0x4kd) |
Bug Bounty | 2022-10-14 | 2023-06-13 |
953 | [CVE-2022-1786] A Journey To The Dawn |
Use-After-Free
Memory corruption
Local Privilege Escalation |
Google (kCTF)
Linux Kernel Organization |
kylebot (@ky1ebot) |
Bug Bounty | 2022-10-15 | 2023-06-13 |
952 | My First Critical Bug In HackerOne Platform |
HTTP request smuggling |
NA |
EX_097 |
Bug Bounty | 2022-10-16 | 2023-06-13 |
946 | Guest Blog Post - Memory corruption vulnerabilities in Edge |
Browser hacking
Memory corruption
Use-After-Free
Out-of-bounds Read
Out-of-bounds Write |
Microsoft |
David Erceg (@david_erceg) |
Bug Bounty | 2022-10-17 | 2023-06-13 |
943 | Basic recon to RCE III |
RCE
OS command injection |
NA |
Joshua Martinelle (@J0_mart) |
Bug Bounty | 2022-10-18 | 2023-06-13 |