2725 | Business Logic Error on Registration Leads to SMS Validation Bypass |
MFA bypass |
NA |
pleorqy (@pleorqy) |
Bug Bounty | 2021-03-10 | 2023-06-13 |
2724 | Messing with GitHub%27s fork collaboration for fun and profit |
Broken Access Control |
GitHub |
Teddy Katz (@not_aardvark) |
Bug Bounty | 2021-03-10 | 2023-06-13 |
2723 | [Google VRP] How I Get Blind XSS At Google With Dork (First Bounty and HOF ) |
Blind XSS |
Google |
Rio Mulyadi (@riomulyadi_) |
Bug Bounty | 2021-03-11 | 2023-06-13 |
2722 | Account Takeover Via Reset Password Worth 2000$ |
Password reset
Account takeover |
NA |
Ashutosh mishra (@ashutoshmish_ra) |
Bug Bounty | 2021-03-12 | 2023-06-13 |
2721 | Finding keys under the door |
Stored XSS
Unrestricted file upload |
Paytm |
Naveen Prakaasham K S V |
Bug Bounty | 2021-03-12 | 2023-06-13 |
2720 | How I Found Sql Injection on 8x8 , Cengage,Comodo,Automattic,20 company |
SQL injection |
Automattic
IBM
8x8 |
Ahmad A Abdulla (@lu3ky13) |
Bug Bounty | 2021-03-12 | 2023-06-13 |
2719 | IDOR Vulenebility with empty response still exposing sensitive details of customers! |
IDOR |
NA |
Rahul Varale |
Bug Bounty | 2021-03-14 | 2023-06-13 |
2718 | Facebook Group Members Disclosure. |
Information disclosure |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2021-03-15 | 2023-06-13 |
2717 | De-anonymize the members of a private Facebook Group as a non-member. |
GraphQL
Information disclosure |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2021-03-15 | 2023-06-13 |
2716 | API Misconfiguration which leads to unauthorized access to servicedesk tickets |
Information disclosure |
NA |
Gaurav Popalghat (@N008x) |
Bug Bounty | 2021-03-16 | 2023-06-13 |
2715 | Voice Confusion When Commenting On Watch Party |
Information disclosure |
Meta / Facebook |
Prakash Panta (@prakashpanta268) |
Bug Bounty | 2021-03-16 | 2023-06-13 |
2714 | An Interesting Account Takeover!! |
IDOR
Account takeover
Weak encryption
Password reset |
NA |
Mayank Pandey (@mayank_pandey01) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
2713 | An unknown Linux secret that turned SSRF to OS Command injection |
SSRF
Command injection |
NA |
secureITmania (@secureitmania) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
2712 | CVE-2021-27076: A Replay-style Deserialization Attack Against Sharepoint |
Insecure deserialization
RCE |
Microsoft |
Simon Zuckerbraun (@HexKitchen) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
2711 | Abusing Data Protection Laws For D0xing & Account Takeovers |
SSTI
Account takeover |
NA |
Hx01 (@Hxzeroone) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
2710 | Dangling DNS: Worksites.net |
Dangling DNS records
Subdomain takeover |
NA |
Mohamed Elbadry (@_melbadry9) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
2709 | Stealing arbitrary GitHub Actions secrets |
Logic flaw |
GitHub |
Teddy Katz (@not_aardvark) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
2708 | Chaining bugs for the greater good |
Blind XSS
CSRF |
NA |
mohamad mahmoudi (@Lotus_619) |
Bug Bounty | 2021-03-18 | 2023-06-13 |
2707 | How I hacked Facebook: Part Two |
SSRF
Account takeover
Cookie manipulation |
Meta / Facebook |
Alaa Abdulridha (@alaa0x2) |
Bug Bounty | 2021-03-18 | 2023-06-13 |
2706 | TikTok for Android 1-Click RCE |
RCE
XSS
Insecure intent
Android |
TikTok |
Sayed Abdelhafiz (@dPhoeniixx) |
Bug Bounty | 2021-03-18 | 2023-06-13 |
2705 | H2C Smuggling in the Wild |
HTTP request smuggling |
NA |
Sean Yeoh (@seanyeoh) |
Bug Bounty | 2021-03-18 | 2023-06-13 |
2704 | How to Harpon Big Blue! |
Logic flaw
Exposed registration page |
IBM |
Clark Voss (@clark_voss) |
Bug Bounty | 2021-03-19 | 2023-06-13 |
2703 | A short story about an XSS in chat.mozilla.org (CVE-2021-21320) |
XSS |
Mozilla |
Guilherme Keerok (@k33r0k) |
Bug Bounty | 2021-03-19 | 2023-06-13 |
2702 | Subdomain Takeover in AWS: making a PoC |
Subdomain takeover |
NA |
Diego Bernal Adelantado (@secfaults) |
Bug Bounty | 2021-03-20 | 2023-06-13 |
2701 | OAuth Misconfiguration found in small time-window of attack |
OAuth |
NA |
Muhammad Aamir (@Muhammad__Aamir) |
Bug Bounty | 2021-03-20 | 2023-06-13 |