786 | CVE-2022-40300: SQL Injection In Manageengine Privileged Access Management |
SQL injection |
Zoho (ManageEngine) |
Justin Hung |
Bug Bounty | 2022-11-23 | 2023-06-13 |
785 | Dodging OAuth origin restrictions for Firebase spelunking |
OAuth
Security misconfiguration
Authentication flaw |
NA |
Aditya Saligrama (@saligrama_a) |
Bug Bounty | 2022-11-23 | 2023-06-13 |
784 | From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942) |
Authentication bypass
Kerberos
RCE
Privilege escalation
Security code review |
Intel |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2022-11-23 | 2023-06-13 |
782 | Contrast discovers zero-day flaw in popular Quarkus Java framework |
Drive-by attack
CSRF
RCE |
Quarkus |
Joseph Beeton |
Bug Bounty | 2022-11-23 | 2023-06-13 |
781 | Legally hacking a Government Satellite? |
Missing authentication
OS command injection
RCE |
NA |
RiotSecTeam (@RiotSecTeam) |
Bug Bounty | 2022-11-24 | 2023-06-13 |
780 | Hacker%27s Guide to Directory/Endpoint Enumeration |
40x bypass |
NA |
Inderjeet Singh (@3nc0d3dGuY) |
Bug Bounty | 2022-11-24 | 2023-06-13 |
779 | CVE-2022–43781 |
OS command injection
RCE |
Atlassian |
Petrus Viet (@VietPetrus) |
Bug Bounty | 2022-11-25 | 2023-06-13 |
778 | Able to Mass-change profile section leads to my first $BOUNTY$ |
HTML injection
IDOR
CSRF |
NA |
SYRINE |
Bug Bounty | 2022-11-25 | 2023-06-13 |
777 | Exploiting an N-day vBulletin PHP Object Injection Vulnerability |
PHP Object Injection
Security code review |
vBulletin |
Egidio Romano / EgiX |
Bug Bounty | 2022-11-26 | 2023-06-13 |
776 | Hacking Dutch Government-Broken Authentication To Full Website Takeover (P1) |
Exposed registration page |
Dutch Government |
V1dr4X |
Bug Bounty | 2022-11-26 | 2023-06-13 |
775 | How I hacked into a government e-learning website |
IDOR
Account takeover |
NA |
iamgk808 (@iamgk808) |
Bug Bounty | 2022-11-26 | 2023-06-13 |
773 | WebView XSS, account takeover |
Webview XSS
Android
Account takeover
Improper Export of Android Application Components |
NA |
shafou |
Bug Bounty | 2022-11-26 | 2023-06-13 |
772 | A great weekend hack(worth $8k) |
SQL injection
IDOR
Stored XSS |
NA |
Manas Harsh (@ManasH4rsh) |
Bug Bounty | 2022-11-26 | 2023-06-13 |
771 | [Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application |
Android
Hardcoded credentials
IDOR |
NA |
Abdelhak Kharroubi |
Bug Bounty | 2022-11-26 | 2023-06-13 |
770 | A Real World Example Of Classic Remote Command Execution (RCE) |
OS command injection
XSS
RCE |
NA |
Bhashit Pandya (@x30r_) |
Bug Bounty | 2022-11-26 | 2023-06-13 |
768 | Access Any Owner Account without Authentication (Auth bypass + 2FA bypass) |
Authentication bypass
MFA bypass
Account takeover |
NA |
Sharat Kaikolamthuruthil (@sharp488) |
Bug Bounty | 2022-11-27 | 2023-06-13 |
767 | Firebase Exploit bug bounty |
Security misconfiguration
Firebase |
NA |
Damaidec |
Bug Bounty | 2022-11-27 | 2023-06-13 |
766 | Unique Rate limit bypass worth 1800$ |
Rate limiting bypass
Captcha bypass |
NA |
Manav Bankatwala (@ManavBankatwala) |
Bug Bounty | 2022-11-27 | 2023-06-13 |
765 | 2FA Enabled Accounts Can Bypass Authentication & Access Account After Deactivation |
Authentication bypass
Account takeover |
NA |
Sharat Kaikolamthuruthil (@sharp488) |
Bug Bounty | 2022-11-27 | 2023-06-13 |
762 | Improper error handling leads to exposing internal tokens |
Information disclosure |
NA |
Agnieszka Pietruczuk |
Bug Bounty | 2022-11-28 | 2023-06-13 |
761 | Broken access control + misconfiguration = Beautiful privilege escalation |
Broken Access Control
Privilege escalation |
NA |
Hossam Mesbah (@m359ah) |
Bug Bounty | 2022-11-28 | 2023-06-13 |
759 | Cross-Site Scripting in CodeIgniter version 3.1.13 |
Reflected XSS
Security code review |
CodeIgniter |
Antoine Cervoise |
Bug Bounty | 2022-11-29 | 2023-06-13 |
758 | VoIP Spoofing (Intigriti) 1,250€ |
VoIP
Spoofing |
NA |
0xJin (@0xJin) |
Bug Bounty | 2022-11-29 | 2023-06-13 |
752 | VLC : Integer overflow in vnc module <= 3.0.18 CVE-2022-41325 |
Memory corruption
Integer overflow |
VLC |
0xMitsurugi |
Bug Bounty | 2022-11-30 | 2023-06-13 |
749 | Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access |
Cloud
SQL injection
Privilege escalation
Information disclosure |
IBM |
Ronen Shustin (@ronenshh) |
Bug Bounty | 2022-12-01 | 2023-06-13 |