| 1 |
RepositoryPipeline allows importing of local git repos |
$22300.0 |
| 2 |
Information Disclosure in /skills call |
$10000.0 |
| 3 |
DoS on PayPal via web cache poisoning |
$9700.0 |
| 4 |
XSS at jamfpro.shopifycloud.com |
$9400.0 |
| 5 |
Able to Takeover Merchants Accounts Even They Have Already Setup SSO, After Bypassing the Email Confirmation |
$7500.0 |
| 6 |
Exposed Cortex API at https://cortex-ingest.shopifycloud.com/ |
$6300.0 |
| 7 |
Stored XSS in /admin/product and /admin/collections |
$5300.0 |
| 8 |
Stored XSS in SVG file as data: url |
$5300.0 |
| 9 |
Определение id по номеру телефона |
$5000.0 |
| 10 |
Fee discounts can be redeemed many times, resulting in unlimited fee-free transactions |
$5000.0 |
| 11 |
IDOR on GraphQL queries BillingDocumentDownload and BillDetails |
$5000.0 |
| 12 |
Delimiter injection in GitHub Actions core.exportVariable |
$4617.0 |
| 13 |
1 Click to 'Close Account and Refund' via POSTMESSAGE |
$4500.0 |
| 14 |
DoS via markdown API from unauthenticated user |
$4000.0 |
| 15 |
Smuggling content in PR with refs/replace in GitHub |
$4000.0 |
| 16 |
Git Reference Ambiguity in GitHub - Commit Smuggling, Account Takeover, and Remote Code Execution |
$4000.0 |
| 17 |
View Repo and Title of Any Private Check Run |
$4000.0 |
| 18 |
RC Between GitHub's Repo Transfer REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention |
$4000.0 |
| 19 |
Persistent Unauthorized Administrative Access on All Organization Repositories via RC in User Conversion to Organization |
$4000.0 |
| 20 |
Bypassing Collaborator Restrictions: Retaining Admin Access Post-Repository Transfer |
$4000.0 |
| 21 |
View private repository NWO of deploy key via internal LFS API |
$4000.0 |
| 22 |
GitHub Apps can access suspended installations via scoped user-to-server tokens |
$4000.0 |
| 23 |
Access body and title of Internal Repo Issues in Projects |
$4000.0 |
| 24 |
RC Between GitHub's Repo Update REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention |
$4000.0 |
| 25 |
XSSI on refer.xoom.com allows stealing email addresses and posting to Twitter on behalf of victim |
$3500.0 |
| 26 |
Bypass a fix for report #708013 |
$3500.0 |
| 27 |
Reflected XSS online-store-git.shopifycloud.com |
$3500.0 |
| 28 |
[h1-2102] FQDN takeover on all Shopify wholesale customer domains by trailing dot (RFC 1034) |
$3100.0 |
| 29 |
Possibility to enumerate and bruteforce promotion codes in Uber iOS App |
$3000.0 |
| 30 |
Reflected XSS POST method at partners.uber.com |
$3000.0 |
| 31 |
Discrepancy in hacker profile report count may reveal existence of a private program by publishing a report |
$3000.0 |
| 32 |
DoS on the Issue page by exploiting Mermaid. |
$3000.0 |
| 33 |
Bypass Email Verification -- Able to Access Internal Gitlab Services that use Login with Gitlab and Perform Check on email domain |
$3000.0 |
| 34 |
Initial mirror user can be assigned by other user even if the mirror was removed |
$3000.0 |
| 35 |
Stored XSS on PyPi simple API endpoint |
$3000.0 |
| 36 |
Stored XSS on auth.uber.com/oauth/v2/authorize via redirect_uri parameter leads to Account Takeover |
$3000.0 |
| 37 |
HackerOne Jira integration plugin Leaked JWT to unauthorized jira users |
$3000.0 |
| 38 |
XSS in request approvals |
$3000.0 |
| 39 |
Missing authentication in buddy group API of LINE TIMELINE |
$3000.0 |
| 40 |
Reflected XSS on TikTok Website |
$3000.0 |
| 41 |
SSRF in graphQL query (pwapi.ex2b.com) |
$3000.0 |
| 42 |
Incorrect details on OAuth permissions screen allows DMs to be read without permission |
$2940.0 |
| 43 |
[Information Disclosure] Amazon S3 Bucket of Shopify Ping (iOS) have public access of other users image |
$2900.0 |
| 44 |
https://themes.shopify.com::: Host header web cache poisoning lead to DoS |
$2900.0 |
| 45 |
Removing parts of URL from jQuery request exposes links for download of Paid Digital Assets of the most recent Order placed by anyone on the store! |
$2900.0 |
| 46 |
Create free Shopify application credits. |
$2900.0 |
| 47 |
Xss triggered in Your-store.myshopify.com/admin/apps/shopify-email/editor/**** |
$2900.0 |
| 48 |
Admin panel Exposure without credential at https://plus-website.shopifycloud.com/admin.php |
$2900.0 |
| 49 |
[CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML |
$2600.0 |
| 50 |
CVE-2024-35200 in nginx |
$2600.0 |
| 51 |
CVE-2024-31079 in nginx |
$2600.0 |
| 52 |
CVE-2024-32760 in nginx |
$2600.0 |
| 53 |
CVE-2024-3416: MTU of 4096 or greater without fragmentation may cause NGINX worker processes to leak previously freed memory |
$2600.0 |
| 54 |
moderate: Apache HTTP Server proxy encoding problem (CVE-2024-38473) |
$2600.0 |
| 55 |
moderate: Apache HTTP Server: HTTP response splitting (CVE-2023-38709) |
$2600.0 |
| 56 |
moderate: Apache HTTP Server: mod_rewrite proxy handler substitution (CVE-2024-39573) CWE-20 Improper Input Validation |
$2600.0 |
| 57 |
CVE-2024-2466: TLS certificate check bypass with mbedTLS (reward request) |
$2580.0 |
| 58 |
CVE-2024-2398: HTTP/2 push headers memory-leak |
$2580.0 |
| 59 |
Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames |
$2580.0 |
| 60 |
CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words() |
$2580.0 |
| 61 |
CVE-2024-25128: Apache Airflow: Authentication Bypass when Legacy OpenID(2.0) is in use as AUTH_TYPE |
$2580.0 |
| 62 |
SSRF Vulnerability through Connection test feature |
$2550.0 |
| 63 |
Context isolation bypass via nested unserializable return value |
$2550.0 |
| 64 |
[CVE-2023-27539] Possible Denial of Service Vulnerability in Rack’s header parsing |
$2540.0 |
| 65 |
CVE-2023-36617: ReDoS vulnerability in URI (Ruby) |
$2540.0 |
| 66 |
Argocd's web terminal session doesn't expire |
$2540.0 |
| 67 |
[curl] CVE-2023-38039: HTTP header allocation DOS |
$2540.0 |
| 68 |
OpenSSL engines can be used to bypass and/or disable the Node.js permission model |
$2540.0 |
| 69 |
CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows |
$2540.0 |
| 70 |
OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304) |
$2540.0 |
| 71 |
curl cookie mixed case PSL bypass |
$2540.0 |
| 72 |
ASAR Integrity bypass via filetype confusion |
$2540.0 |
| 73 |
Team object in GraphQL discloses team group names and permissions |
$2500.0 |
| 74 |
Team object in GraphQL disclosed total number of whitelisted hackers |
$2500.0 |
| 75 |
Proper verification is not done before sending invitations to researchers for certain private programs with rules e.g. "Participants must be US-based" |
$2500.0 |
| 76 |
IE only: stored Cross-Site Scripting (XSS) vulnerability through Program Asset identifier |
$2500.0 |
| 77 |
A user can bypass approval step in Hacker Publishing feature, allowing them to publish reports immediately |
$2500.0 |
| 78 |
Denial of service via cache poisoning |
$2500.0 |
| 79 |
“email” MFA mode allows bypassing MFA from victim’s device when the device trust is not expired |
$2500.0 |
| 80 |
Unauthorized user can obtain report_sources attribute through Team GraphQL object |
$2500.0 |
| 81 |
Uploading large payload on domain instructions causes server-side DoS |
$2500.0 |
| 82 |
Near to Infinite loop when changing Group's name that has API token as Team Member |
$2500.0 |
| 83 |
GraphQL field on Team node can be used to determine if External Program runs invite-only program |
$2500.0 |
| 84 |
Team object in GraphQL disclosed private_comment |
$2500.0 |
| 85 |
SQLI on desafio5estrelas.com |
$2500.0 |
| 86 |
Partial report contents leakage - via HTTP/2 concurrent stream handling |
$2500.0 |
| 87 |
Disclosure handle private program with external link |
$2500.0 |
| 88 |
IDOR the ability to view support tickets of any user on seller platform |
$2500.0 |
| 89 |
Disclose customer orders details by shopify chat application. |
$2500.0 |
| 90 |
CSRF token validation system is disabled on Stripe Dashboard |
$2500.0 |
| 91 |
Stack Buffer Overflow via gmp_sprintfin BLSSignature and BLSSigShare |
$2500.0 |
| 92 |
DOM XSS on ads.tiktok.com |
$2500.0 |
| 93 |
Stored XSS on TikTok Ads |
$2500.0 |
| 94 |
IDOR on TikTok Ads Endpoint |
$2500.0 |
| 95 |
CSRF protection bypass on TikTok Webcast Endpoints |
$2500.0 |
| 96 |
Triager/Team members can edit hacker's report and hacker is not even notified |
$2500.0 |
| 97 |
Draft report exposure via slack alerting system for programs |
$2500.0 |
| 98 |
New Search Feature: Search for non-public words in limited disclosure reports |
$2500.0 |
| 99 |
Server Side Request Forgery (SSRF) in webhook functionality |
$2500.0 |
| 100 |
Possible PII Disclosure via Advanced Vetting Process - ██████ |
$2500.0 |
| 101 |
LLM01: Invisible Prompt Injection |
$2500.0 |
| 102 |
Private draft report exposure in a program a user is added as a viewer to |
$2500.0 |
| 103 |
[curl] CVE-2023-32001: fopen race condition |
$2480.0 |
| 104 |
odbc apache airflow provider code execution vulnerability |
$2480.0 |
| 105 |
Account takeover due to insufficient URL validation on RelayState parameter |
$2450.0 |
| 106 |
CVE-2022-27774: Credential leak on redirect |
$2400.0 |
| 107 |
CVE-2022-27782: TLS and SSH connection too eager reuse |
$2400.0 |
| 108 |
CVE-2022-27778: curl removes wrong file on error |
$2400.0 |
| 109 |
Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag |
$2400.0 |
| 110 |
CVE-2022-32207: Unpreserved file permissions |
$2400.0 |
| 111 |
CVE-2022-32206: HTTP compression denial of service |
$2400.0 |
| 112 |
Apache HTTP Server: mod_proxy_ajp: Possible request smuggling |
$2400.0 |
| 113 |
Rack CVE-2022-30122: Denial of Service Vulnerability in Rack Multipart Parsing |
$2400.0 |
| 114 |
Airflow Daemon Mode Insecure Umask Privilege Escalation |
$2400.0 |
| 115 |
potential denial of service attack via the locale parameter |
$2400.0 |
| 116 |
POST following PUT confusion |
$2400.0 |
| 117 |
CVE-2022-23519: Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style) |
$2400.0 |
| 118 |
CVE-2022-23520: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations) |
$2400.0 |
| 119 |
Rails ActionView sanitize helper bypass leading to XSS using SVG tag. |
$2400.0 |
| 120 |
RCE vulnerability in apache-airflow-providers-apache-sqoop 3.1.0 |
$2400.0 |
| 121 |
UAF in OpenSSL up to 3.0.7 |
$2400.0 |
| 122 |
Potential DoS vulnerability in Django in multipart parser |
$2400.0 |
| 123 |
CVE-2023-27535: FTP too eager connection reuse |
$2400.0 |
| 124 |
Open Redirect Vulnerability in Action Pack |
$2400.0 |
| 125 |
Inadequate Encryption Strength in nodejs-current reads openssl.cnf from /home/iojs/build/... upon startup on MacOS |
$2400.0 |
| 126 |
Apache Airflow Google Cloud Sql Provider Remote Command Execution |
$2400.0 |
| 127 |
Privilege Esacalation at Apache Airflow 2.5.1 |
$2400.0 |
| 128 |
Authenticated but unauthorized users may enumerate Application names via the API |
$2400.0 |
| 129 |
CVE-2023-28710 Apache Airflow Spark Provider Arbitrary File Read via JDBC |
$2400.0 |
| 130 |
DOS via move_issue |
$2300.0 |
| 131 |
[Ruby]: Server Side Template Injection |
$2300.0 |
| 132 |
CVE-2024-38875: Denial-Of-Service through uncontrolled resource consumption caused by poor time complexity of strip_punctuation . |
$2142.0 |
| 133 |
[CVE-2024-35176] DoS vulnerability in REXML |
$2142.0 |
| 134 |
CVE-2024-7347: Buffer overread in the ngx_http_mp4_module |
$2142.0 |
| 135 |
CVE-2024-41989: Denial-Of-Service vulnerability in the floatformat template filter when input string contains a big exponent in scientific notation |
$2142.0 |
| 136 |
A HackerOne employee's GitHub personal access token exposed in Travis CI build logs |
$2000.0 |
| 137 |
Tinymce 2.4.0 |
$2000.0 |
| 138 |
The request tells the number of private programs, the new system of authorization /invite/token |
$2000.0 |
| 139 |
Reflected XSS on multiple uberinternal.com domains |
$2000.0 |
| 140 |
XSS in ubermovement.com via editable Google Sheets |
$2000.0 |
| 141 |
GitLab's GitHub integration is vulnerable to SSRF vulnerability |
$2000.0 |
| 142 |
Undocumented fileCopy GraphQL API |
$2000.0 |
| 143 |
Stored XSS in group issue list |
$2000.0 |
| 144 |
When you call your branch the same name as a git hash, it could be checked out by dependents |
$2000.0 |
| 145 |
Two out-of-bounds array reads in Python AST builder (Re-opening 520612 with CVEs) |
$2000.0 |
| 146 |
Stored XSS in repository file viewer |
$2000.0 |
| 147 |
Full read SSRF in flyte-poc-us-east4.uberinternal.com |
$2000.0 |
| 148 |
Traffic amplification attack via discovery protocol |
$2000.0 |
| 149 |
XSS vulnerability without a content security bypass in a CUSTOM App through Button tag |
$2000.0 |
| 150 |
Possible XSS vulnerability without a content security bypass |
$2000.0 |
| 151 |
Unauthenticated IP allowlist bypass when accessing job artifacts through gitlab pages at {group_id}.gitlab.io |
$1990.0 |
| 152 |
Reflected XSS in OAUTH2 login flow |
$1989.5 |
| 153 |
authenticity token not verfied leads to change business name |
$1900.0 |
| 154 |
Low Privileged Staff Member Can Export Billing Charges |
$1900.0 |
| 155 |
Add new development stores without permission |
$1900.0 |
| 156 |
Add new managed stores without permission |
$1900.0 |
| 157 |
[h1-2102] [PLUS] User with Store Management Permission can Make enforceSamlOrganizationDomains call - that should be limited to User Management Only |
$1900.0 |
| 158 |
[h1-2102] [Plus] User with Store Management Permission can Make convertUsersFromSaml/convertUsersToSaml - that should be limited to User Management |
$1900.0 |
| 159 |
[h1-2102] [Plus] User with Store Management Permission can Make changeDomainEnforcementState - that should be limited to User Management Only |
$1900.0 |
| 160 |
Collaborators and Staff members without all necessary permissions are able to create, edit and install custom apps |
$1900.0 |
| 161 |
[h1-2102] shopApps query from the graphql at /users/api returns all existing created apps, including private ones |
$1900.0 |
| 162 |
CodeQL query for finding CSRF vulnerabilities in Spring applications |
$1800.0 |
| 163 |
Java/CWE-036: Calling openStream on URLs created from remote source can lead to file disclosure |
$1800.0 |
| 164 |
Initial websocket support for Javascript (SockJS) |
$1800.0 |
| 165 |
[Java] CWE-939 - Address improper URL authorization |
$1800.0 |
| 166 |
CodeQL query to detect open Spring Boot actuator endpoints |
$1800.0 |
| 167 |
CodeQL query for unsafe TLS versions |
$1800.0 |
| 168 |
Java: CWE-297 Insecure JavaMail SSL configuration |
$1800.0 |
| 169 |
Java : CWE-548 - J2EE server directory listing enabled |
$1800.0 |
| 170 |
Java: CWE-273 Unsafe certificate trust |
$1800.0 |
| 171 |
CodeQL query for disabled revocation checking |
$1800.0 |
| 172 |
[CATENACYBER]: [CPP] CWE-476 Null Pointer Dereference : Another query to either missing or redundant NULL check |
$1800.0 |
| 173 |
CodeQL query to detect XSLT injections |
$1800.0 |
| 174 |
[Java] CWE-927: Sensitive broadcast |
$1800.0 |
| 175 |
Java: Detect remote source from Android intent extra |
$1800.0 |
| 176 |
Java: QL Query Detector for JHipster Generated CVE-2019-16303 |
$1800.0 |
| 177 |
CPP: CWE-191 into experimental this reveals a dangerous comparison |
$1800.0 |
| 178 |
[Java] CWE-755: Query to detect Local Android DoS caused by NFE |
$1800.0 |
| 179 |
Java: CWE-600 Uncaught servlet exception |
$1800.0 |
| 180 |
[Java] CWE-555: Query to detect password in Java EE configuration files |
$1800.0 |
| 181 |
ihsinme: CPP Add query for CWE-401 memory leak on unsuccessful call to realloc function |
$1800.0 |
| 182 |
[JavaScript]: add query for Express-HBS LFR |
$1800.0 |
| 183 |
[Java] CWE-522: Insecure LDAP authentication |
$1800.0 |
| 184 |
[Java] CWE-489: Query to detect main() method in Java EE applications |
$1800.0 |
| 185 |
ihsinme: CPP add query for CWE-788 Access of memory location after the end of a buffer using strncat. |
$1800.0 |
| 186 |
[Java] CWE-327: Add more broken crypto algorithms |
$1800.0 |
| 187 |
[Java] CWE-598: Use of GET Request Method with Sensitive Query Strings |
$1800.0 |
| 188 |
[Java] CWE-297: Insecure LDAP endpoint configuration |
$1800.0 |
| 189 |
ihsinme: CPP Add query for CWE-570 detect and handle memory allocation errors. |
$1800.0 |
| 190 |
[Java] Query for detecting Jakarta Expression Language injections |
$1800.0 |
| 191 |
[Java] CWE-094: Rhino code injection |
$1800.0 |
| 192 |
[Java] CWE-094: Jython code injection |
$1800.0 |
| 193 |
[GO]: CWE-326: Insufficient key size |
$1800.0 |
| 194 |
Python: Add support of clickhouse-driver package |
$1800.0 |
| 195 |
ihsinme:CPP Add query for CWE-415 Double Free |
$1800.0 |
| 196 |
[Java]: CWE-730 Regex injection |
$1800.0 |
| 197 |
ihsinme: CPP Add query for CWE-1126: Declaration of Variable with Unnecessarily Wide Scope |
$1800.0 |
| 198 |
ihsinme: CPP Add query for CWE-783 Operator Precedence Logic Error When Use Bool Type |
$1800.0 |
| 199 |
Java: CodeQL query for unsafe RMI deserialization |
$1800.0 |
| 200 |
[Java]: CWE-665 Insecure environment during RMI/JMX Server initialisation - All for one bounty |
$1800.0 |
| 201 |
[Python] CWE-287: LDAP Improper Authentication |
$1800.0 |
| 202 |
Java: Static initialization vector |
$1800.0 |
| 203 |
[Java] CWE-079: Query to detect XSS with JavaServer Faces (JSF) |
$1800.0 |
| 204 |
ihsinme: Add query for CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior |
$1800.0 |
| 205 |
[Python] CWE-522: Insecure LDAP Authentication |
$1800.0 |
| 206 |
[Java] CWE-200: Query to detect exposure of sensitive information from android file intent |
$1800.0 |
| 207 |
[Java] CWE-502: Unsafe deserialization with three JSON frameworks |
$1800.0 |
| 208 |
[Java] CWE-552: Query to detect unsafe request dispatcher usage |
$1800.0 |
| 209 |
[Java] CWE-400: Query to detect uncontrolled thread resource consumption |
$1800.0 |
| 210 |
[Python]: JWT security-related queries |
$1800.0 |
| 211 |
[Python]: CWE-079: HTTP Header injection |
$1800.0 |
| 212 |
[Java]: CWE-200 - Query to detect insecure WebResourceResponse implementation |
$1800.0 |
| 213 |
[Python]: CWE-611: XXE |
$1800.0 |
| 214 |
Python: CWE-338 insecureRandomness |
$1800.0 |
| 215 |
[C#] CWE-759: Query to detect password hash without a salt |
$1800.0 |
| 216 |
CPP: Add query for CWE-266 Incorrect Privilege Assignment |
$1800.0 |
| 217 |
[Java]: CWE-073 - File path injection with the JFinal framework |
$1800.0 |
| 218 |
Java: An experimental query for ignored hostname verification |
$1800.0 |
| 219 |
[Java]: CWE-321 - Query to detect hardcoded JWT secret keys |
$1800.0 |
| 220 |
[Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications |
$1800.0 |
| 221 |
[CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf |
$1800.0 |
| 222 |
[Java]: Flow sources and steps for JMS and RabbitMQ |
$1800.0 |
| 223 |
CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding |
$1800.0 |
| 224 |
CVE-2022-32213 - HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding |
$1800.0 |
| 225 |
CVE-2022-32214 - HTTP Request Smuggling Due To Improper Delimiting of Header Fields |
$1800.0 |
| 226 |
[CPP]: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch |
$1800.0 |
| 227 |
[JAVA]: Partial Path Traversal |
$1800.0 |
| 228 |
CVE-2023-23919: Multiple OpenSSL error handling issues in nodejs crypto library |
$1800.0 |
| 229 |
HTTP Request Smuggling Due to Incorrect Parsing of Header Fields |
$1800.0 |
| 230 |
[Javascript]: Add new queries for Javascript Github Actions |
$1800.0 |
| 231 |
[Python]: Timing attack |
$1800.0 |
| 232 |
[CPP]: Add query for CWE-805: Buffer Access with Incorrect Length Value using some functions |
$1800.0 |
| 233 |
DiffieHellman doesn't generate keys after setting a key |
$1800.0 |
| 234 |
HTTP Request Smuggling via Empty headers separated by CR |
$1800.0 |
| 235 |
Attacker is able to create,Edit & delete notes and leak the title of a victim's private personal snippet |
$1730.0 |
| 236 |
Gitlab Pages token theft using service workers |
$1680.0 |
| 237 |
Staff who only have apps and channels permission can do a takeover account at the wholesale store (Bypass get invitation link) |
$1600.0 |
| 238 |
A non-privileged user may create an admin account in Stocky |
$1600.0 |
| 239 |
Ability to connect an external login service for unverified emails/accounts at accounts.shopify.com |
$1600.0 |
| 240 |
[h1-2102] Stored XSS in product description via productUpdate GraphQL query leads to XSS at handshake-web-internal.shopifycloud.com/products/[ID] |
$1600.0 |
| 241 |
Cross-site scripting on api.collabs.shopify.com |
$1600.0 |
| 242 |
Staff can create workflows in Shopify Admin without apps permission |
$1600.0 |
| 243 |
Stored XSS in Dovetale by application of creator |
$1600.0 |
| 244 |
Read/Write arbitrary (non-HttpOnly) cookies on checkout pages via GoogleAnalyticsAdditionalScripts postMessage handler |
$1600.0 |
| 245 |
Disconnecting an external login provider does not revoke session |
$1600.0 |
| 246 |
Reading redacted data via hackbot's answers |
$1500.0 |
| 247 |
Blind SSRF in emblem editor (2) |
$1500.0 |
| 248 |
Query parameter reordering causes redirect page to render unsafe URL |
$1500.0 |
| 249 |
Path Traversal on Default Installed Rails Application (Asset Pipeline) |
$1500.0 |
| 250 |
Reflected XSS in *.myshopify.com/account/register |
$1500.0 |
| 251 |
Blocked user Git access through CI/CD token |
$1500.0 |
| 252 |
Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation |
$1500.0 |
| 253 |
Change the rating of any trip, therefore change the average driver rating |
$1500.0 |
| 254 |
Possible to enumerate Addresses of users using AddressId and guessing the delivery_subzone |
$1500.0 |
| 255 |
Java: CWE-939 - Address improper URL authorization |
$1500.0 |
| 256 |
OrderListInitial leaks order details |
$1500.0 |
| 257 |
Ability to see password protected content by bypassing the password page of shopify preview URL for new development stores (as of August 17, 2020) |
$1500.0 |
| 258 |
A staff member with no permissions can edit Store Customer Email |
$1500.0 |
| 259 |
3,880 Pull Requests Generated to fix JHipster RNG Vulnerability CVE-2019-16303 |
$1500.0 |
| 260 |
Revoked User can still view the Merge Request created by him via API |
$1500.0 |
| 261 |
End to end encryption public key is not properly verified on Desktop and Android |
$1500.0 |
| 262 |
Denial of Service via Hyperlinks in Posts |
$1500.0 |
| 263 |
Stored XSS on TikTok Live Form |
$1500.0 |
| 264 |
Bypass invite accept for victim |
$1500.0 |
| 265 |
Unauthorized access to GovSlack |
$1500.0 |
| 266 |
CSP bypass on PortSwigger.net using Google script resources |
$1500.0 |
| 267 |
Cross-Domain Leakage of X Username / UserID due to Dynamically Generated JS File |
$1500.0 |
| 268 |
[HTAF4-213] [Pre-submission] HTTPOnly session cookie exposure on the /csstest endpoint |
$1500.0 |
| 269 |
Twitter ID exposure via error-based side-channel attack |
$1470.0 |
| 270 |
DOM based XSS via insecure parameter on [ https://uberpay-mock-psp.uber.com ] |
$1420.0 |
| 271 |
A deactivated user can access data through GraphQL |
$1370.0 |
| 272 |
Change project visibility to a restricted option |
$1370.0 |
| 273 |
SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi) |
$1350.0 |
| 274 |
SQL Injection on /webApp/sijoitustalousuk email-parameter + potential lack of CSRF Token (viestinta.lahitapiola.fi) |
$1350.0 |
| 275 |
Improper Access Control in LINE Timeline API that returns a list of hidden friends |
$1346.85 |
| 276 |
Over-Privileged API Credentials for Elastic Agent |
$1300.0 |
| 277 |
Improper handling of wildcards in --allow-fs-read and --allow-fs-write |
$1290.0 |
| 278 |
Integrity checks according to policies can be circumvented in Node.js 20 and Node.js 18 |
$1270.0 |
| 279 |
Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client |
$1250.0 |
| 280 |
Local Privilege Escalation during execution of VeraCryptExpander.exe (UAC bypass) |
$1250.0 |
| 281 |
Cross-site scripting via hardcoded front-end watched expression. |
$1225.0 |
| 282 |
Open redirect at https://inventory.upserve.com/http://google.com/ |
$1200.0 |
| 283 |
Reflected XSS on https://inventory.upserve.com/ (affects IE users only) |
$1200.0 |
| 284 |
Request line injection via HTTP/2 in Apache mod_proxy |
$1200.0 |
| 285 |
Invalid handling of X509_verify_cert() internal errors in libssl (CVE-2021-4044) |
$1200.0 |
| 286 |
Off-by-slash vulnerability in nodejs.org and iojs.org |
$1200.0 |
| 287 |
Attacker can create malicious child epics linked to a victim's epic in an unrelated group |
$1160.0 |
| 288 |
IDOR Exposes All Machine Learning Models |
$1160.0 |
| 289 |
Access Violation Reading EXPLOITABLE_0228 |
$1135.32 |
| 290 |
XSS by clicking Jira's link |
$1130.0 |
| 291 |
Buffer overflow in libavi_plugin memmove() call |
$1126.91 |
| 292 |
Take over subdomains of r2.dev using R2 custom domains |
$1125.0 |
| 293 |
Access Violation Reading in libfaad_plugin |
$1120.81 |
| 294 |
[dev.twitter.com] XSS and Open Redirect |
$1120.0 |
| 295 |
[dev.twitter.com] XSS and Open Redirect Protection Bypass |
$1120.0 |
| 296 |
Twitter Periscope Clickjacking Vulnerability |
$1120.0 |
| 297 |
Denial of Service | twitter.com & mobile.twitter.com |
$1120.0 |
| 298 |
Staff Member can Get POS Access Without User Interaction |
$1100.0 |
| 299 |
Privilege escalation of "external user" (with maintainer privilege) to internal access through project token |
$1020.0 |
| 300 |
chain.setstate Type Confusion |
$1000.0 |
| 301 |
Changing Victim's JIRA Integration Settings Through Multiple Bugs |
$1000.0 |
| 302 |
Stored XSS in profile activity feed messages |
$1000.0 |
| 303 |
Stored XSS in snapmatic comments |
$1000.0 |
| 304 |
Stored XSS on support.rockstargames.com |
$1000.0 |
| 305 |
Stored XSS on support.rockstargames.com |
$1000.0 |
| 306 |
View Any Program's Team Members through GET https://hackerone.com/invitations/ |
$1000.0 |
| 307 |
SSL_peek() hang on empty record (CVE-2016-6305) |
$1000.0 |
| 308 |
Xss was found by exploiting the URL markdown on http://store.steampowered.com |
$1000.0 |
| 309 |
Information Leakage - GitHub - VCenter configuration scripts, StorMagic usernames and password along with default ESXi root password |
$1000.0 |
| 310 |
[CVE-2018-6913] heap-buffer-overflow in S_pack_rec |
$1000.0 |
| 311 |
Reverse Proxy misroute leading to steal X-Shopify-Access-Token header |
$1000.0 |
| 312 |
Build fetches jars over HTTP |
$1000.0 |
| 313 |
Stored XSS in Discounts section |
$1000.0 |
| 314 |
Stored XSS in private message |
$1000.0 |
| 315 |
Inappropriate URL parsing may cause security risk! |
$1000.0 |
| 316 |
H1514 Deanonymizing Exchange Marketplace private listings |
$1000.0 |
| 317 |
Get analytics token using only apps permission |
$1000.0 |
| 318 |
STAFF "No-Permissions" on the Store can retrieve the details Order via exchangeReceiptSend |
$1000.0 |
| 319 |
User sensitive information disclosure |
$1000.0 |
| 320 |
Bypass of image rewriting / tracking blocker via srcset |
$1000.0 |
| 321 |
CreatorID leaked from public content posted to SnapMaps |
$1000.0 |
| 322 |
Async search stores authorization headers in clear text |
$1000.0 |
| 323 |
Reflected XSS on https://www.uber.com |
$1000.0 |
| 324 |
Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com |
$1000.0 |
| 325 |
HTML Injection in Swing can disclose netNTLM hash or cause DoS |
$1000.0 |
| 326 |
Nextcloud Desktop Client RCE via malicious URI schemes |
$1000.0 |
| 327 |
CVE-2021-22898: TELNET stack contents disclosure |
$1000.0 |
| 328 |
CSRF on TikTok Ads Portal |
$1000.0 |
| 329 |
User deletion is not handled properly everywhere |
$1000.0 |
| 330 |
CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport |
$1000.0 |
| 331 |
[Lark Android] Vulnerability in exported activity WebView |
$1000.0 |
| 332 |
Bitmoji source code is accessible |
$1000.0 |
| 333 |
Loading YAML in Java client can lead to command execution |
$1000.0 |
| 334 |
Lack of URL normalization renders Blocked-Previews feature ineffectual |
$1000.0 |
| 335 |
User can pay using archived price by manipulating the request sent to POST /v1/payment_pages/for_plink |
$1000.0 |
| 336 |
Java: Regex injection |
$1000.0 |
| 337 |
XSS Payload on TikTok Seller Center endpoint |
$1000.0 |
| 338 |
Internal Employee informations Disclosure via TikTok Athena api |
$1000.0 |
| 339 |
Reddit talk promotion offers don't expire, allowing users to accept them after being demoted |
$1000.0 |
| 340 |
Stored XSS in the ticketing system |
$1000.0 |
| 341 |
Fully TaxJar account control and ability to disclose and modify business account settings Due to Broken Access Control in /current_user_data |
$1000.0 |
| 342 |
SSRF vulnerability can be exploited when a hijacked aggregated api server such as metrics-server returns 30X |
$1000.0 |
| 343 |
XSS on link and window.opener |
$1000.0 |
| 344 |
Open Redirect in Logout & Login |
$1000.0 |
| 345 |
The io.kubernetes.client.util.generic.dynamic.Dynamics contains a code execution vulnerability due to SnakeYAML |
$1000.0 |
| 346 |
Desktop client does not verify received singed certificate in end to end encryption |
$1000.0 |
| 347 |
inDriver Job - Admin Approval Bypass |
$1000.0 |
| 348 |
Takeover of hackerone.engineering via Github |
$1000.0 |
| 349 |
Dom XSS and open redirect in TikTok seller endpoint |
$1000.0 |
| 350 |
Stored XSS Via Ads Account Name |
$1000.0 |
| 351 |
Limited path traversal in Node.js SDK leads to PII disclosure |
$1000.0 |
| 352 |
Ability to by-pass second factor |
$1000.0 |
| 353 |
Exploitable live argument in onClick Function leads to Data Leakage of Inactive/Suspended Products |
$1000.0 |
| 354 |
Improper access control for users with expired password, giving the user full access through API and Git |
$950.0 |
| 355 |
HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute |
$900.0 |
| 356 |
unlock self-lock by brute force |
$900.0 |
| 357 |
SIGSEGV in array_copy - array.c:71 |
$800.0 |
| 358 |
kh_put_iv SEGFAULT - mruby 1.2.0 |
$800.0 |
| 359 |
heap-use-after-free in mrb_vm_exec - vm.c:1247 |
$800.0 |
| 360 |
Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks. |
$750.0 |
| 361 |
Public access to objects in AWS S3 bucket |
$750.0 |
| 362 |
Shared-channel BETA persists integration after unshare |
$750.0 |
| 363 |
Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name |
$750.0 |
| 364 |
GetReports works for hubs you don't have access to |
$750.0 |
| 365 |
resetreportedcount & updatetags doesn't verify appid param |
$750.0 |
| 366 |
Smuggle SocialClub's Facebook OAuth Code via Referer Leakage |
$750.0 |
| 367 |
code injection, steam chat client |
$750.0 |
| 368 |
XSS @ store.steampowered.com via agecheck path name |
$750.0 |
| 369 |
Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation |
$750.0 |
| 370 |
IDOR on stocky application-Low Stock-Varient-Settings-Columns |
$750.0 |
| 371 |
ajaxgetachievementsforgame is not guarded for unreleased apps |
$750.0 |
| 372 |
[steam client] Opening a specific steam:// url overwrites files at an arbitrary location |
$750.0 |
| 373 |
[CS 1.6] Map cycle abuse allows arbitrary file read/write |
$750.0 |
| 374 |
Trusted servers exchange can be triggered by attacker |
$750.0 |
| 375 |
Google Maps API key stored as plain text leading to DOS and financial damage |
$750.0 |
| 376 |
IP-in-IP protocol routes arbitrary traffic by default - CVE-2020-10136 |
$750.0 |
| 377 |
Drive-by arbitrary file deletion in the GDK via letter_opener_web gem |
$750.0 |
| 378 |
Possible to steal any protected files on Android |
$750.0 |
| 379 |
Subdomain Takeover of brand.zen.ly |
$750.0 |
| 380 |
[HTA2] Receiving████ access request on @wearehackerone.com email address |
$750.0 |
| 381 |
Lack of bruteforce protection for TOTP 2FA |
$750.0 |
| 382 |
Password and mail address stored unencrypted in memory - Rockstar Game Launcher |
$750.0 |
| 383 |
[CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (█████████.mil) |
$750.0 |
| 384 |
[CVE-2018-0296] Cisco VPN path traversal on the https://██████████ |
$750.0 |
| 385 |
[CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (████.███.mil) |
$750.0 |
| 386 |
ID4ME does not validate signature or expiration |
$750.0 |
| 387 |
[CVE-2018-0296] Cisco VPN path traversal on the https://1████████ (https://████████.███.████████/) |
$750.0 |
| 388 |
[CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (██████) |
$750.0 |
| 389 |
[CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (no hostname) |
$750.0 |
| 390 |
[CVE-2018-0296] Cisco VPN path traversal on the https://███ (████████████████) |
$750.0 |
| 391 |
Information Disclosure on stun.screenhero.com |
$700.0 |
| 392 |
CVE-2020-8177: curl overwrite local file with -J |
$700.0 |
| 393 |
CVE-2021-22922: Wrong content via metalink not discarded |
$700.0 |
| 394 |
CVE-2021-22923: Metalink download sends credentials |
$700.0 |
| 395 |
[IMP] - Blind XSS in the admin panel for reviewing comments |
$650.0 |
| 396 |
Guest users can create new test cases |
$650.0 |
| 397 |
HTML injection via insecure parameter [https://www.ubercarshare.com/] |
$650.0 |
| 398 |
Dependency Policy Bypass via process.binding |
$635.0 |
| 399 |
IDOR in "external status check" API leaks data about any status check on the instance |
$610.0 |
| 400 |
"External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request |
$610.0 |
| 401 |
File access controls incorrectly enforced for files shared via QuickLink - Unshared files can be accessed |
$600.0 |
| 402 |
Bumble API exposes read status of chat messages |
$600.0 |
| 403 |
Reporters can upload design to issues using the "Move to" feature |
$600.0 |
| 404 |
ReDoS in syntax highlighting due to Rouge |
$600.0 |
| 405 |
A malicious admin can be able to permanently disable a Owner(Admin) to access his account |
$600.0 |
| 406 |
XSS in linktr.ee - on link thumbnail adding |
$600.0 |
| 407 |
CRLF Injection in Nodejs ‘undici’ via host |
$600.0 |
| 408 |
Clickjacking Periscope.tv on Chrome |
$560.0 |
| 409 |
Improper session handling on web browsers |
$560.0 |
| 410 |
cookie injection allow dos attack to periscope.tv |
$560.0 |
| 411 |
iOS app crashed by specially crafted direct message reactions |
$560.0 |
| 412 |
lack of input validation that can lead Denial of Service (DOS) |
$560.0 |
| 413 |
Accepting error message on twitter sends you to attacker site |
$560.0 |
| 414 |
User input validation can lead to DOS |
$560.0 |
| 415 |
Denial of Service [Chrome] |
$560.0 |
| 416 |
Remote 0click exfiltration of Safari user's IP address |
$560.0 |
| 417 |
Link-shortener bypass (regression on fix for #1032610) |
$560.0 |
| 418 |
Chained open redirects and use of Ideographic Full Stop defeat Twitter's approach to blocking links |
$560.0 |
| 419 |
Improper santization of edit in list feature at twitter leads to delete any twitter user's list cover photo. |
$560.0 |
| 420 |
[www.zomato.com] CORS Misconfiguration, could lead to disclosure of sensitive information |
$550.0 |
| 421 |
CSRF in github integration |
$500.0 |
| 422 |
XSS on manually entering Postal codes |
$500.0 |
| 423 |
imagefilltoborder stackoverflow on truecolor images |
$500.0 |
| 424 |
Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers |
$500.0 |
| 425 |
Open Aws Amazon S3 Buckets |
$500.0 |
| 426 |
Out of bounds memory read in unserialize() |
$500.0 |
| 427 |
IDOR [partners.shopify.com] - User with ONLY Manage apps permission is able to get shops info and staff names from inside the shop |
$500.0 |
| 428 |
XSS in my.shopify.com in widget |
$500.0 |
| 429 |
Ability to post comments to a crew even after getting kicked out |
$500.0 |
| 430 |
HackerOne reports escalation to JIRA is CSRF vulnerable |
$500.0 |
| 431 |
Reflected XSS via Double Encoding |
$500.0 |
| 432 |
Two-factor authentication bypass on Grab Android App |
$500.0 |
| 433 |
Escape sequence injection vulnerability in WEBrick BasicAuth |
$500.0 |
| 434 |
stored xss in invited team member via email parameter |
$500.0 |
| 435 |
cURL / libcURL - CVE-2016-8624 invalid URL parsing with '#' |
$500.0 |
| 436 |
Unrestricted access to Eureka server on ██████ |
$500.0 |
| 437 |
Blind XXE on pu.vk.com |
$500.0 |
| 438 |
h1-202 leaderboard photo discloses local wifi password |
$500.0 |
| 439 |
Bypass CAPTCHA protection |
$500.0 |
| 440 |
Read Access to all comments on unauthorized forums' discussions! IDOR! |
$500.0 |
| 441 |
Internal SSRF bypass using slash commands at api.slack.com |
$500.0 |
| 442 |
Просмотр приложений любого пользователя / группы |
$500.0 |
| 443 |
Rate limit missing at room login |
$500.0 |
| 444 |
mod_userdir CRLF injection (CVE-2016-4975) |
$500.0 |
| 445 |
linkinfo - openbasedir bypass on Windows PHP |
$500.0 |
| 446 |
DOM Based XSS charting_library |
$500.0 |
| 447 |
Reflected XSS in https://eng.uberinternal.com and https://coeshift.corp.uber.internal/ |
$500.0 |
| 448 |
Email addresses exposed in getPersonBySlug API |
$500.0 |
| 449 |
HackerOne Integrations Design Issue |
$500.0 |
| 450 |
Insufficient validation of sides/modifiers quantity |
$500.0 |
| 451 |
CSRF in generating developer api_key |
$500.0 |
| 452 |
H1514 DOM XSS on checkout.shopify.com via postMessage handler on /:id/sandbox/google_maps |
$500.0 |
| 453 |
Permissive CORS policy trusting arbitrary extensions origin |
$500.0 |
| 454 |
CSRF on connecting Paypal as Payment Provider |
$500.0 |
| 455 |
Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON) |
$500.0 |
| 456 |
CSRF at https://chatstory.pixiv.net/imported |
$500.0 |
| 457 |
Path Traversal in App Proxy |
$500.0 |
| 458 |
XSS by file (Active Storage Proxying) |
$500.0 |
| 459 |
buffer overread in base64 code of the xmlrpc module |
$500.0 |
| 460 |
OOB read in php_strip_tags_ex |
$500.0 |
| 461 |
DoS on the Direct Messages |
$500.0 |
| 462 |
Delete directory using symlink when decompressing tar |
$500.0 |
| 463 |
csi-snapshot-controller crashes when processing VolumeSnapshot with non-existing PVC |
$500.0 |
| 464 |
Reflected XSS в /video |
$500.0 |
| 465 |
XSS reflected on [https://www.pixiv.net] |
$500.0 |
| 466 |
[m.vk.com] XSS на страницах /artist/ |
$500.0 |
| 467 |
XSS в названии звонка |
$500.0 |
| 468 |
Outdated Wordpress installation and plugins at www.uberxgermany.com create CSRF and XSS vulnerabilities |
$500.0 |
| 469 |
Thumbor misconfiguration at blogapi.uber.com can lead to DoS |
$500.0 |
| 470 |
Unsecured Dropwizard Admin Panel on display.uber-adsystem.com exposes sensitive server information |
$500.0 |
| 471 |
Lack of CSRF protection on uberps.com makes every form vulnerable to CSRF |
$500.0 |
| 472 |
Cleartext password exposure allows access to the desafio5estrelas.com admin panel |
$500.0 |
| 473 |
Path traversal in Tempfile on windows OS due to unsanitized backslashes |
$500.0 |
| 474 |
Stored XSS on apps.shopify.com |
$500.0 |
| 475 |
Round-trip instability in REXML |
$500.0 |
| 476 |
4 Subdomains Takeover on 2 domains ( muberscolombia.com & ubereats.pl ) |
$500.0 |
| 477 |
Stored XSS in Acronis Cyber Protect Console |
$500.0 |
| 478 |
Stored XSS in backup scanning plan name |
$500.0 |
| 479 |
Webview in LINE client for iOS will render application/octet-stream files as HTML |
$500.0 |
| 480 |
imap: StartTLS stripping attack (CVE-2016-0772). |
$500.0 |
| 481 |
your-store.myshopify.com preview link is leak on third party website lead to preview all action from store owner Without store Password. |
$500.0 |
| 482 |
OS Command Injection in 'rdoc' documentation generator |
$500.0 |
| 483 |
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c |
$500.0 |
| 484 |
Private application files can be uploaded to Slack via malicious uploader |
$500.0 |
| 485 |
Subdomain takeover of www█████████.affirm.com |
$500.0 |
| 486 |
IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in order_id parameter |
$500.0 |
| 487 |
Domain Takeover of Reddit.ru via DNS Hijacking |
$500.0 |
| 488 |
Image queue default key of 'None' and GraphQL unhandled type exception |
$500.0 |
| 489 |
critical server misconfiguration lead to access to any user sensitive data which include user email and password |
$500.0 |
| 490 |
BYPASSING COMMENTING ON RESTRICTED AUDIENCE VIDEOS |
$500.0 |
| 491 |
Stored XSS in Email Templates via link |
$500.0 |
| 492 |
IDOR to view order information of users and personal information |
$500.0 |
| 493 |
Reflected Xss On https://vk.com/search |
$500.0 |
| 494 |
XSS Reflected at https://sketch.pixiv.net/ Via next_url |
$500.0 |
| 495 |
Stored XSS in Question edit for product name (bypass #1416672) |
$500.0 |
| 496 |
stored XSS on AliExpress Review Importer/Products when delete product |
$500.0 |
| 497 |
Stored XSS in Question edit from product name |
$500.0 |
| 498 |
Reflected XSS in the shared note view on https://evernote.com |
$500.0 |
| 499 |
Stored XSS in "product type" field executed via product filters |
$500.0 |
| 500 |
Public Postman Api Collection Leaks Internal access to https://assets-paris-dev.codefi.network/ |
$500.0 |
| 501 |
AWS Load Balancer Controller can be used by an attacker to modify rules of any Security Group that they are able to tag |
$500.0 |
| 502 |
AWS Load Balancer Controller Managed Security Groups can be replaced by an unprivileged attacker |
$500.0 |
| 503 |
User can link non-public file attachments, leading to file disclose on edit by higher-privileged user |
$500.0 |
| 504 |
Bypassing Cache Deception Armor using .avif extension file |
$500.0 |
| 505 |
Enrolling to a CA that returns an empty response crashes the node process |
$500.0 |
| 506 |
many commands can be manipulated to delete identities or affiliations |
$500.0 |
| 507 |
Bypass Cloudflare WARP lock on iOS. |
$500.0 |
| 508 |
Sub-Domain Takeover at http://www.codefi.consensys.net/ |
$500.0 |
| 509 |
Unauthorized Canceling/Unsubscribe TaxJar account & Payment information DIsclosure |
$500.0 |
| 510 |
Host header injection that bypassed protection and allowed accessing multiple subdomains |
$500.0 |
| 511 |
CSV Injection at https://assets-paris-demo.codefi.network/ |
$500.0 |
| 512 |
Cookie exfiltration through XSS on the main search request of www.lahitapiola.fi |
$500.0 |
| 513 |
Verification process done using different documents without corresponding to user information / User information can be changed after verification |
$500.0 |
| 514 |
Download permissions can be changed by resharer |
$500.0 |
| 515 |
HTML Injection in the Invoice memos field |
$500.0 |
| 516 |
Extraction of Pages build scripts, config values, tokens, etc. via symlinks |
$500.0 |
| 517 |
CSRF protection on OIDC login is broken |
$500.0 |
| 518 |
Regression on dest parameter sanitization doesn't check scheme/websafe destinations |
$500.0 |
| 519 |
XSS on Brave Today through custom RSS feed |
$500.0 |
| 520 |
Federated share permissions can be increased by recipient |
$500.0 |
| 521 |
Brute force protection allows to send more requests than intended |
$500.0 |
| 522 |
Missing brute force protection on OAuth2 API controller |
$500.0 |
| 523 |
Stored XSS in plan name field (Acronis Cyber Protect) |
$500.0 |
| 524 |
Stored XSS in messages |
$500.0 |
| 525 |
IDOR - Leaking of team data (name, email, ID, member ID) via POST /api/v1/graphql FetchMemberships operation |
$500.0 |
| 526 |
Read-only users can restore old versions |
$500.0 |
| 527 |
Ability to identify actual private from sandboxed programs using link hackerone.com/$handle/terms_acceptance_data.csv |
$500.0 |
| 528 |
File sizes may be manipulated into negative numbers when uploading |
$500.0 |
| 529 |
Re-emergence of Security Vulnerability in Nextcloud Version 28 Previously Fixed in 25.0.4 |
$500.0 |
| 530 |
SSRF when configuring Website Backup on Acronis Cloud |
$500.0 |
| 531 |
Critical broken cookie signing on dagobah.flickr.com |
$479.0 |
| 532 |
Path traversal in ZIP extract routine on LINE Android |
$475.0 |
| 533 |
Stored XSS in chat topic due to insecure emoticon parsing on any message type |
$450.0 |
| 534 |
Server-Side Request Forgery on SAML Application - Import via URL |
$450.0 |
| 535 |
Yet another SSRF query for Go |
$450.0 |
| 536 |
Yet another SSRF query for Go |
$450.0 |
| 537 |
Blocked user can see live video |
$418.0 |
| 538 |
Open Redirect bypass and cookie leakage on www.lahitapiola.com |
$400.0 |
| 539 |
Single user DOS on selectedLanguage -cookie (yrityspalvelu.lahitapiola.fi) |
$400.0 |
| 540 |
Reflected XSS and Open Redirect (verkkopalvelu.lahitapiola.fi) |
$400.0 |
| 541 |
Single User DOS on SelectedLocale -cookie (verkkopalvelu.tapiola.fi) |
$400.0 |
| 542 |
DoS attacks utilizing camo.stream.highwebmedia.com |
$400.0 |
| 543 |
Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log |
$400.0 |
| 544 |
Web Cache Deception vulnerability on algolia.com leads to personal information leakage |
$400.0 |
| 545 |
Persistent user tracking is possible using window.caches, by avoiding Brave Shields |
$400.0 |
| 546 |
[HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2.██████/nssi/core/dot_stu_reg/Registration.aspx |
$375.0 |
| 547 |
SQL Injection /webApp/sijoitustalous_peruutus locId parameter (viestinta.lahitapiola.fi) |
$350.0 |
| 548 |
[IDOR] The authenticated user can restart website build or view build logs on any another Federalist account |
$350.0 |
| 549 |
Blind XSS - Report review - Admin panel |
$350.0 |
| 550 |
Reflected XSS in www.dota2.com |
$350.0 |
| 551 |
[chatws25.stream.highwebmedia.com] - Reflected XSS in c parameter |
$350.0 |
| 552 |
Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution |
$350.0 |
| 553 |
Subdomain takeover of fr1.vpn.zomans.com |
$350.0 |
| 554 |
Vulnerabilities in exported activity WebView |
$350.0 |
| 555 |
Bypass R2 payment screen |
$350.0 |
| 556 |
High server resource usage on captcha (viestinta.lahitapiola.fi) |
$315.0 |
| 557 |
xmlrpc.php FILE IS enable it will used for bruteforce attack and denial of service |
$315.0 |
| 558 |
The parameter in the POST query allows to control size of returned page which in turn can lead to the potential DOS attack |
$315.0 |
| 559 |
The user, who was deleted from Github Organization, still can access all functions of federalist, in case he didn't do logout |
$300.0 |
| 560 |
Double Stored Cross-Site scripting in the admin panel |
$300.0 |
| 561 |
Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers) |
$300.0 |
| 562 |
Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host |
$300.0 |
| 563 |
Просмотр любого видео из частной группы и кто загрузил |
$300.0 |
| 564 |
Общий CSRF токен для сообщений сообществ, или как подставить соседа-редактора |
$300.0 |
| 565 |
Subdomain takeover at segway.shipt.com |
$300.0 |
| 566 |
[chaturbate.com] - CSRF Vulnerability on image upload |
$300.0 |
| 567 |
CSRF in cancel group and private show requests |
$300.0 |
| 568 |
Self-Stored XSS - Chained with login/logout CSRF |
$300.0 |
| 569 |
Обходим 2FA и/или получаем access_token, если мы когда-либо были на аккаунте жертвы |
$300.0 |
| 570 |
Blind Stored XSS In "Report a Problem" on www.data.gov/issue/ |
$300.0 |
| 571 |
Slack token leaking in stackoverflow and devtimes |
$300.0 |
| 572 |
SSRF/XSPA in labs.data.gov/dashboard/validate |
$300.0 |
| 573 |
Account Takeover because of the mis-configuration on the Password Reset Page |
$300.0 |
| 574 |
SSRF in notifications.server configuration |
$300.0 |
| 575 |
XSS in https://mackeeper.com |
$300.0 |
| 576 |
XSS in https://affiliates.kromtech.com |
$300.0 |
| 577 |
RXSS on /landings/123.1/index.php (mackeeperapp.mackeeper.com) |
$300.0 |
| 578 |
Limited LFI |
$300.0 |
| 579 |
Blind SSRF on https://labs.data.gov/dashboard/Campaign/json_status/ Endpoint |
$300.0 |
| 580 |
Site-wide CSRF on Safari due to CORS misconfiguration (not localhost) |
$300.0 |
| 581 |
Attacker can generate cancelled transctions in a user's transaction history using only Steam ID |
$300.0 |
| 582 |
No rate Limit on Licenses Activation |
$300.0 |
| 583 |
Acronis True Image Local Privilege Escalation via insecure folder permissions |
$300.0 |
| 584 |
Google API key leaks and security misconfiguration leads Open Redirect Vulnerability |
$300.0 |
| 585 |
SSL certificate not validated when registering with a provider |
$300.0 |
| 586 |
CSRF leads to account deactivation of users |
$300.0 |
| 587 |
Баг с оплатой подписки |
$300.0 |
| 588 |
[https://app.recordedfuture.com] - Reflected XSS via username parameter |
$300.0 |
| 589 |
Attacker shall recieve order updates on whatsapp for users who have activated whatsapp notification |
$300.0 |
| 590 |
Host Header Injection leads to Open Redirect and Content Spoofing or Text Injection. |
$300.0 |
| 591 |
GitHub Security Lab (GHSL) Vulnerability Report: SQLInjection in FileContentProvider.kt (GHSL-2022-059) |
$300.0 |
| 592 |
Reflected XSS Via origCity Parameter (UPPER Case + WAF Protection Bypass) |
$300.0 |
| 593 |
HTML injection in title of reader view |
$300.0 |
| 594 |
Able to blocking users with 2fa from login into their accounts by just knowing the SteamID |
$300.0 |
| 595 |
Html injection on subscription email |
$300.0 |
| 596 |
IDOR and statistics leakage in Orders |
$289.0 |
| 597 |
Stored XSS on promo.indrive.com |
$284.0 |
| 598 |
CSRF Attack on (m.badoo.com)deleting account and erasing imported contacts |
$280.0 |
| 599 |
Vine - overwrite account associated with email via android application |
$280.0 |
| 600 |
Sensitive Information Disclosure https://cards-dev.twitter.com |
$280.0 |
| 601 |
ms5 debug page exposing internal info (internal IPs, headers) |
$280.0 |
| 602 |
[staging-engineering.gnip.com] Publicly accessible GIT directory |
$280.0 |
| 603 |
Reports Modal in app.mopub.com Disclose by any user |
$280.0 |
| 604 |
login csrf in analytics.mopub.com |
$280.0 |
| 605 |
CORS bypass on TikTok Ads Endpoint |
$257.0 |
| 606 |
Any authenticated user can download full list of users, including email |
$256.0 |
| 607 |
[spectacles.com] Bypassing quantity limit in orders |
$250.0 |
| 608 |
stored xss in comments : driver exam |
$250.0 |
| 609 |
Reflected XSS Vulnerability in www.lahitapiola.fi/cs/Satellite |
$250.0 |
| 610 |
Unrestricted access to https://██████.█████myteksi.net/ |
$250.0 |
| 611 |
Can read features from any user |
$250.0 |
| 612 |
Reflected XSS Vulnerability in https://www.lahitapiola.fi/cs/Satellite |
$250.0 |
| 613 |
Open redirect in securegatewayaccess.com / secure.chaturbate.com via prejoin_data parameter |
$250.0 |
| 614 |
Fastify uses allErrors: true ajv configuration by default which is susceptible to DoS |
$250.0 |
| 615 |
Linux client is vulnerable to directory traversal when downloading files |
$250.0 |
| 616 |
ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection) |
$250.0 |
| 617 |
Race Condition of Transfer data Credits to Organization Leads to Add Extra free Data Credits to the Organization |
$250.0 |
| 618 |
Subdomain Takeover Via via Dangling NS records on Amazon Route 53 http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io |
$250.0 |
| 619 |
True Image 2021 - LPE via XPC service communication |
$250.0 |
| 620 |
Lack of quarantine macOS attribute(com.apple.quarantine) leads multiple issues including RCE |
$250.0 |
| 621 |
HTTP Request Smuggling due to accepting space before colon |
$250.0 |
| 622 |
HTTP Request Smuggling due to ignoring chunk extensions |
$250.0 |
| 623 |
Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm |
$250.0 |
| 624 |
Unauthenticated SSRF in 3rd party module "cerdic/csstidy" |
$250.0 |
| 625 |
CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud |
$250.0 |
| 626 |
Database resource exhaustion for logged-in users via sharee recommendations with circles |
$250.0 |
| 627 |
SSRF via filter bypass due to lax checking on IPs |
$250.0 |
| 628 |
File Read Vulnerability allows Attackers to Compromise S3 buckets using Prow |
$250.0 |
| 629 |
Phishing/Malware site blocking on Brave iOS can be bypassed with trailing dot in hostname |
$250.0 |
| 630 |
Issuer not verified from obtained token in user_oidc |
$250.0 |
| 631 |
Event create can create attachments that link to other websites |
$250.0 |
| 632 |
DLL Hijacking when performing operations in Acronis Secure Zone partition leading to Privilege Escalation |
$250.0 |
| 633 |
Acronis Sync Agent Service - Untrusted DLL Search-Ordering lead to Privilege Escalation |
$250.0 |
| 634 |
Local Privilege Escalation when deleting a file from Quarantine |
$250.0 |
| 635 |
Large Amounts of Back-End Acronis Source Code is Publicly Accessible |
$250.0 |
| 636 |
DLL Hijacking when sending feedback and crash report leading to Privilege Escalation |
$250.0 |
| 637 |
DLL Hijacking when creating Rescue Media Builder leading to Privilege Escalation |
$250.0 |
| 638 |
TrueImage for Acronis True Image 2020 - Untrusted DLL Search-Ordering lead to Privilege Escalation as Administrative account |
$250.0 |
| 639 |
Local Privilege Escalation via Backup delete |
$250.0 |
| 640 |
Local Privilege Escalation when updating Acronis True Image |
$250.0 |
| 641 |
Local Privilege Escalation and Code Execution when restoring files from Quarantine |
$250.0 |
| 642 |
Brute force unsubscription on /webApp/unsub_sb (viestinta.lahitapiola.fi) |
$200.0 |
| 643 |
Написать от имени любого пользователя на его стене, если он перейдет по ссылке. https://vk.com/al_video.php |
$200.0 |
| 644 |
[parcel.grab.com] DOM XSS at /assets/bower_components/lodash/perf/ |
$200.0 |
| 645 |
Private Grab Messages on Android App can be accessed and cached by Search Engines |
$200.0 |
| 646 |
Создание ссылки от имени чужой страницы vk.cc |
$200.0 |
| 647 |
Torrent Viewer extension web service available on all interfaces |
$200.0 |
| 648 |
Получение предложенных фотографий паблику |
$200.0 |
| 649 |
Уязвимый класс WebView |
$200.0 |
| 650 |
Отправка подарков/стикерпаков не теряя голоса. |
$200.0 |
| 651 |
CSRF To Add New App In Developer Account And Bypassing Json Format |
$200.0 |
| 652 |
One Click Account takeover using Ouath CSRF bypass by adding Null byte %00 in state parameter on www.streamlabs.com |
$200.0 |
| 653 |
Moderator user has access to owner's support portal and tickets |
$200.0 |
| 654 |
Sensitive information disclosure to shared access user via streamlabs platform api |
$200.0 |
| 655 |
SSRF allows reading AWS EC2 metadata using "readapi" variable in Streamlabs Cloudbot |
$200.0 |
| 656 |
session takeover via open protocol redirection on streamlabs.com |
$200.0 |
| 657 |
XSS via X-Forwarded-Host header |
$200.0 |
| 658 |
Page has a link to google drive which has logos and a few customer phone recordings |
$200.0 |
| 659 |
RCE vulnerability in Hyperledger Fabric SDK for Java |
$200.0 |
| 660 |
Read-only administrator can change agent update settings |
$200.0 |
| 661 |
Multiple Reflected XSS /webApp/lahti (viestinta.lahitapiola.fi) |
$150.0 |
| 662 |
Source Code Disclosure (CGI) |
$150.0 |
| 663 |
HTML Injection in Owncloud |
$150.0 |
| 664 |
CSRF - Adding unlimited number of saved items via GET request |
$150.0 |
| 665 |
Get all instacart emails - missing rate limit on /accounts/register |
$150.0 |
| 666 |
Field Day With Protocol Handlers |
$150.0 |
| 667 |
Google Maps API key leaked during device pairing |
$150.0 |
| 668 |
Access control missing while viewing the attachments in the "All boards" |
$150.0 |
| 669 |
unauth mosquitto ( client emails, ips, license keys exposure ) |
$150.0 |
| 670 |
Secure view trivial to bypass |
$150.0 |
| 671 |
Open redirect on "Unsupported browser" warning |
$150.0 |
| 672 |
Weak Email Verification: Newly Registered Users Can Bypass Email Verification Step and Log In |
$150.0 |
| 673 |
Unvalidated redirect on team.badoo.com |
$140.0 |
| 674 |
Download of file with arbitrary extension via injection into attachment header |
$125.0 |
| 675 |
Access to local file system using javascript |
$100.0 |
| 676 |
Segmentfault at mrb_vm_exec |
$100.0 |
| 677 |
SMTP configuration vulnerability viestinta.lahitapiola.fi |
$100.0 |
| 678 |
[github.algolia.com] DOM Based XSS github-btn.html |
$100.0 |
| 679 |
SIGABRT in sym_validate_len - symbol.c:44 |
$100.0 |
| 680 |
XSS in instacart.com/store/partner_recipe |
$100.0 |
| 681 |
An “algobot”-s GitHub access token was leaked |
$100.0 |
| 682 |
Посмотреть видеоролики, которые пользователь когда-либо скидывал в ЛС. |
$100.0 |
| 683 |
Length extension attack leading to HTML injection |
$100.0 |
| 684 |
Просмотр Участников ЧАСТНОЙ встречи |
$100.0 |
| 685 |
Single user DOS on selectedLanuage -cookie at (verkkopalvelu.tapiola.fi) |
$100.0 |
| 686 |
Просмотр части номера телефона и отправка на него SMS, всего раз скомпроментировав аккаунт |
$100.0 |
| 687 |
CSRF logs the victim into attacker's account |
$100.0 |
| 688 |
CSRF на "ловлю гостей" и раскрытие аудиотрансляции в частной группе |
$100.0 |
| 689 |
Раскрытие информации о частной группе или приложении |
$100.0 |
| 690 |
Access control issue -- [Allow file system access not validated when using session auth] |
$100.0 |
| 691 |
Rate Limit workaround in the message of the phone number verification |
$100.0 |
| 692 |
Server-Side request forgery in New-Subscription feature of the calendar app |
$100.0 |
| 693 |
Share recipient can modify a share's expiration date |
$100.0 |
| 694 |
SSRF protection bypass |
$100.0 |
| 695 |
Organization Takeover via invitation API |
$100.0 |
| 696 |
Possible denial of service when entering a loooong password |
$100.0 |
| 697 |
Memory Leak in OCUtil.dll library in Desktop client can lead to DoS |
$100.0 |
| 698 |
Arbitrary code execution in desktop client via OpenSSL config |
$100.0 |
| 699 |
████. |
$100.0 |
| 700 |
Reflected XSS when renaming a file with a vulnerable name which results in an error |
$100.0 |
| 701 |
Session fixation on public talk links |
$100.0 |
| 702 |
index.php/apps/files_sharing/shareinfo endpoint is not properly protected |
$100.0 |
| 703 |
Bypass of privacy filter / tracking pixel blocker |
$100.0 |
| 704 |
IDOR on www.acronis.com API lead to steal private business user information |
$100.0 |
| 705 |
Subdomain takeover of main domain of https://www.cyberlynx.lu/ |
$100.0 |
| 706 |
admin password disclosure via log file |
$100.0 |
| 707 |
Specific Payload makes a Users Posts unavailable |
$100.0 |
| 708 |
Anonymous access control - Payments Status |
$100.0 |
| 709 |
Blind SSRF in social-plugins.line.me |
$100.0 |
| 710 |
Email Address Exposure via Gratipay Migration Tool |
$100.0 |
| 711 |
XSS in Acronis Cloud Manager Admin Portal |
$100.0 |
| 712 |
OAuth2 client_secret stored in plain text in the database |
$100.0 |
| 713 |
Bypass password confirmation via Context-dependent access control (CDCA) |
$100.0 |
| 714 |
Clickjacking at ylands.com |
$80.0 |
| 715 |
[website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html |
$50.0 |
| 716 |
unchecked unserialize usages in audit-trail-extension/audit-trail-extension.php |
$50.0 |
| 717 |
Escaping images directory in S3 bucket when saving new avatar, using Path Traversal in filename |
$50.0 |
| 718 |
Formula injection via CSV exports in WordCamp Talks plugin |
$50.0 |
| 719 |
Bruteforcing password reset tokens, could lead to account takeover |
$50.0 |
| 720 |
Non-Cloudflare IPs allowed to access origin servers |
$50.0 |
| 721 |
CSRF possible when SOP Bypass/UXSS is available |
$50.0 |
| 722 |
Disclosure of Users Information via Wordpress API (?rest_route) |
$50.0 |
| 723 |
User Information Disclosure via Json response |
$50.0 |
| 724 |
Wordpress Users Disclosure (/wp-json/wp/v2/users/) |
$50.0 |
| 725 |
Shared file link - password protection bypass under certain conditions |
$50.0 |
| 726 |
XSSI: Quick Navigation Interface - leak of private page/post titles |
$50.0 |
| 727 |
Talk / spreed: Disclosure of Room names and participants for password protected rooms |
$50.0 |
| 728 |
2FA Session not expires after the password reset |
$50.0 |
| 729 |
XSS in (Support Requests) : User Cases |
$50.0 |
| 730 |
Reflected XSS via "Error" parameter on https://admin.acronis.com/admin/su/ |
$50.0 |
| 731 |
Stored XSS in Document Title |
$50.0 |
| 732 |
Stored XSS in profile page |
$50.0 |
| 733 |
Subdomain takeover http://accessday.opn.ooo/ |
$50.0 |
| 734 |
Some limited confidential information can still be accessed after a user exits a private program |
$50.0 |
| 735 |
Weak Session ID Implementation - No Session change on Password change |
$40.0 |
| 736 |
Send email asynchronously |
$10.0 |
| 737 |
Prevent content spoofing on /~username/emails/verify.html |
$10.0 |
| 738 |
limit number of images in statement |
$1.0 |
| 739 |
fix bug in username restriction |
$0.0 |
| 740 |
URI Obfuscation |
$0.0 |
| 741 |
JavaScript URL Issues in the latest version of Brave Browser |
$0.0 |
| 742 |
Javascript confirm() crashes Brave on PC |
$0.0 |
| 743 |
XSS and HTML Injection https://sharjah.dubizzle.com/ |
$0.0 |
| 744 |
Reflected XSS at m.olx.ph |
$0.0 |
| 745 |
Denial of service attack(window object) on brave browser |
$0.0 |
| 746 |
Full Sub Domain Takeover at wx.zopim.net |
$0.0 |
| 747 |
Reflective XSS at m.olx.ph |
$0.0 |
| 748 |
[Thirdparty] Stored XSS in chat module - nextcloud server 9.0.51 installed in ubuntu 14.0.4 LTS |
$0.0 |
| 749 |
Denial of service(POP UP Recursion) on Brave browser |
$0.0 |
| 750 |
View liked twits of private account via publish.twitter.com |
$0.0 |
| 751 |
Information disclosure of user by email using buy widget |
$0.0 |
| 752 |
DOM based XSS in search functionality |
$0.0 |
| 753 |
Bypass the resend limit in Send Invites |
$0.0 |
| 754 |
Read Application Name , Subscribers Count |
$0.0 |
| 755 |
Reflected Cross site scripting |
$0.0 |
| 756 |
[kb.informatica.com] Unauthenticated emails and HTML injection in email messages |
$0.0 |
| 757 |
\OCA\DAV\CardDAV\ImageExportPlugin allows serving arbitrary data with user-defined or empty mimetype |
$0.0 |
| 758 |
Reflected XSS in Gallery App |
$0.0 |
| 759 |
Login Hints on Admin Panel |
$0.0 |
| 760 |
Cross-site scripting (reflected) |
$0.0 |
| 761 |
XSS and open redirect in verkkopalvelu.lahitapiola.fi |
$0.0 |
| 762 |
Open redirection protection bypass (/cs/Satellite) |
$0.0 |
| 763 |
Poodle attack SSLv3 Support (viestinta.lahitapiola.fi) |
$0.0 |
| 764 |
Certificate signed using SHA-1 |
$0.0 |
| 765 |
Access to Grafana Dashboard |
$0.0 |
| 766 |
Users can bookmark other user's messages |
$0.0 |
| 767 |
Stored XSS в личных сообщениях |
$0.0 |
| 768 |
XSS on postal codes |
$0.0 |
| 769 |
Reflected XSS on a Navy website |
$0.0 |
| 770 |
Information leakage on a Department of Defense website |
$0.0 |
| 771 |
Reflected XSS on an Army website |
$0.0 |
| 772 |
Reflected XSS on a Department of Defense website |
$0.0 |
| 773 |
Reflected XSS on a Department of Defense website |
$0.0 |
| 774 |
Directory Listing of all the resource files of olx.com.eg |
$0.0 |
| 775 |
Bad content-type in response header when getting document can lead to html injection |
$0.0 |
| 776 |
Leave inaccessible messaging system with a message (https://us1.badoo.com) |
$0.0 |
| 777 |
Missing restriction on string size in profile fields |
$0.0 |
| 778 |
SQL Injection on /webApp/omatalousuk (viestinta.lahitapiola.fi) |
$0.0 |
| 779 |
SQL Injection in sijoitustalous_peruutus (viestinta.lahitapiola.fi) |
$0.0 |
| 780 |
Users with guest access can post notes to private merge requests, issues, and snippets |
$0.0 |
| 781 |
User with guest access can access private merge requests |
$0.0 |
| 782 |
Every user can delete public deploy keys |
$0.0 |
| 783 |
Users can download old project exports due to unclaimed namespace |
$0.0 |
| 784 |
SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi) |
$0.0 |
| 785 |
Starbucks.com is reachable via ip address thus possible to link any doamin to Starbucks. |
$0.0 |
| 786 |
Stored xss in ALBUM DESCRIPTION |
$0.0 |
| 787 |
Clickjacking |
$0.0 |
| 788 |
cloudup Subdomain Takeover That resolves to Desk.com ( CNAME cloudup.desk.com ) |
$0.0 |
| 789 |
Stealing User emails by clickjacking cards.twitter.com/xxx/xxx |
$0.0 |
| 790 |
Enumeration in unsubscribe -function of /omatalousuk (viestinta.lahitapiola.fi) |
$0.0 |
| 791 |
CVE-2017-3730: Bad (EC)DHE parameters cause a client crash |
$0.0 |
| 792 |
Bypass permissions |
$0.0 |
| 793 |
Sql injection on /webApp/sijoituswebinaari (viestinta.lahitapiola.fi) |
$0.0 |
| 794 |
SQL Injection on /webApp/viivanalle (viestinta.lahitapiola.fi) |
$0.0 |
| 795 |
SQL Injection on /webApp/lapsuudenturva (viestinta.lahitapiola.fi) |
$0.0 |
| 796 |
CSRF exploit | Adding/Editing comment of wishlist items (teavana.com - Wishlist-Comments) |
$0.0 |
| 797 |
Reflected XSS by exploiting CSRF vulnerability on teavana.com wishlist comment module. (wishlist-comments) |
$0.0 |
| 798 |
Multiple vulnerabilities in http://blog.dubizzle.com/uae |
$0.0 |
| 799 |
[RDoc] XSS in project README files |
$0.0 |
| 800 |
[Textile] XSS in project README files |
$0.0 |
| 801 |
[reStructuredText] XSS in project README files |
$0.0 |
| 802 |
Exposed Access Control Data Backup Files on DoD Website |
$0.0 |
| 803 |
Personal information disclosure on a DoD website |
$0.0 |
| 804 |
SQL injection vulnerability on a DoD website |
$0.0 |
| 805 |
OPEN URL REDIRECT through PNG files |
$0.0 |
| 806 |
OpenSSL Padding Oracle Attack (CVE-2016-2107) on viestinta.lahitapiola.fi |
$0.0 |
| 807 |
No Security check at changing password and at adding mobile number which leads to account takeover and spam |
$0.0 |
| 808 |
[wave.informatica.com]- Subdomain missconfiguration |
$0.0 |
| 809 |
SQL Injection /webApp/cancel_iltakoulu regId parameter (viestinta.lahitapiola.fi) |
$0.0 |
| 810 |
Reflected XSS vector |
$0.0 |
| 811 |
Disclose any user's private email through API |
$0.0 |
| 812 |
Websites opened from reports can change url of report page |
$0.0 |
| 813 |
CSRF allows attacker to delete item from customer's "Postilaatikko" |
$0.0 |
| 814 |
test.zba.se is vulnerable to SSL POODLE |
$0.0 |
| 815 |
Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval |
$0.0 |
| 816 |
Denial of service (segfault) due to null pointer dereference in mrb_vm_exec |
$0.0 |
| 817 |
RTLO char allowed in chat |
$0.0 |
| 818 |
segafult in mruby's sprintf - mrb_str_format |
$0.0 |
| 819 |
SAP Server - default credentials enabled |
$0.0 |
| 820 |
URL Given leading to end users ending up in malicious sites |
$0.0 |
| 821 |
Reflective XSS at dubai.dubizzle.com |
$0.0 |
| 822 |
Reflected XSS and Open Redirect in several parameters (viestinta.lahitapiola.fi) |
$0.0 |
| 823 |
Reflected XSS on iltakoulu_varkaus (viestinta.lahitapiola.fi) |
$0.0 |
| 824 |
Reflected XSS on blockchain.info |
$0.0 |
| 825 |
Wordpress directories/files visible to internet |
$0.0 |
| 826 |
[newscdn.starbucks.com] CRLF Injection, XSS |
$0.0 |
| 827 |
CSRF bypass + XSS on verkkopalvelu.tapiola.fi |
$0.0 |
| 828 |
CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php' |
$0.0 |
| 829 |
Controlled address leak due to type confusion - ASLR bypass |
$0.0 |
| 830 |
Stored XSS in blog comments through Shopify API |
$0.0 |
| 831 |
Cross-site request forgery vulnerability on a DoD website |
$0.0 |
| 832 |
Differential "Show Raw File" feature exposes generated files to unauthorised users |
$0.0 |
| 833 |
HTML Injection/Load Images vulnerability on a DoD website |
$0.0 |
| 834 |
File upload vulnerability on a DoD website |
$0.0 |
| 835 |
Reflected XSS via #tags= while using a callback in newswire http://www.rockstargames.com/newswire |
$0.0 |
| 836 |
DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request |
$0.0 |
| 837 |
formassembly.com is vulnerable to padding-oracle attacks. |
$0.0 |
| 838 |
Android SDK - CREATE_REQUEST broascast is unprotected |
$0.0 |
| 839 |
express config leaking stacktrace |
$0.0 |
| 840 |
pam-ussh may be tricked into using another logged in user's ssh-agent |
$0.0 |
| 841 |
Nginx Version Disclosure |
$0.0 |
| 842 |
Stored passive XSS at scheduled posts (kitcrm.com) |
$0.0 |
| 843 |
Weak credentials for nutty.ubnt.com |
$0.0 |
| 844 |
[Subgroups] Unprivileged User Can Disclose Private Group Names |
$0.0 |
| 845 |
[nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html |
$0.0 |
| 846 |
[controlsyou.quora.com] 429 Too Many Requests Error-Page XSS |
$0.0 |
| 847 |
RCE (Remote Code Execution) Vulnerability on Ruby |
$0.0 |
| 848 |
Design Issues on ( ███ ) Lead to show ( IPS of Users ) |
$0.0 |
| 849 |
[Repository Import] Open Redirect via "continue[to]" parameter |
$0.0 |
| 850 |
Open redirect |
$0.0 |
| 851 |
SSRF in https://cards-dev.twitter.com/validator |
$0.0 |
| 852 |
Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter. |
$0.0 |
| 853 |
Cross-site scripting (XSS) vulnerability on a DoD website |
$0.0 |
| 854 |
HTTP trace method is enabled on gip.rocks |
$0.0 |
| 855 |
Unfiltered class attribute in markdown code |
$0.0 |
| 856 |
mrb_vm_exec - null ptr dereference |
$0.0 |
| 857 |
SIGSEGV - mrb_yield_with_class |
$0.0 |
| 858 |
Heap buffer overflow in mruby value_move |
$0.0 |
| 859 |
Harden resend throttling |
$0.0 |
| 860 |
CSRF token validation is missing |
$0.0 |
| 861 |
SIGSEGV - mrb_obj_value |
$0.0 |
| 862 |
bug reporting template encourages users to paste config file with passwords |
$0.0 |
| 863 |
Host header Injection |
$0.0 |
| 864 |
[https://jenkins.brew.sh] Jenkins in Debug Mode with Stack Traces Enabled |
$0.0 |
| 865 |
Stack Trace on jenkins.brew.sh |
$0.0 |
| 866 |
Administrator(s) Information disclosure via JSON on wordpress.org |
$0.0 |
| 867 |
IRC-Bot exposes information |
$0.0 |
| 868 |
The special code in editor has no Authority control and can lead to Information Disclosure |
$0.0 |
| 869 |
The email API to test email-server settings is unlimited and can be used as a email bomb |
$0.0 |
| 870 |
The mailbox verification API interface is unlimited and can be used as a mailbox bomb |
$0.0 |
| 871 |
[bot.brew.sh] Full Path Disclosure |
$0.0 |
| 872 |
Local file inclusion vulnerability on a DoD website |
$0.0 |
| 873 |
Remote file inclusion vulnerability on a DoD website |
$0.0 |
| 874 |
SQL injection vulnerability on a DoD website |
$0.0 |
| 875 |
Reflected XSS on a DoD website |
$0.0 |
| 876 |
Cross-Site Scripting (XSS) on a DoD website |
$0.0 |
| 877 |
[parc.informatica.com] Reflected Cross Site Scripting and Open Redirect |
$0.0 |
| 878 |
XSS via SVG file |
$0.0 |
| 879 |
CSRF to Connect third party Account |
$0.0 |
| 880 |
Existence of Folder path by guessing the path through response |
$0.0 |
| 881 |
DOM XSS on teavana.com via "pr_zip_location" parameter |
$0.0 |
| 882 |
There is an vulnerability in https://bridge.cspr.ng where an attacker can users directory |
$0.0 |
| 883 |
Subdomain takeover on https://cloudfront.ubnt.com/ due to non-used CloudFront DNS entry |
$0.0 |
| 884 |
[Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME |
$0.0 |
| 885 |
Gitlab.com is vulnerable to reverse tabnabbing via AsciiDoc links. (#3) |
$0.0 |
| 886 |
Gitlab.com is vulnerable to reverse tabnabbing. (#2) |
$0.0 |
| 887 |
Possible SSRF in email server settings(SMTP mode) |
$0.0 |
| 888 |
full path disclosure at hosted.weblate.org/admin/accounts/profile/ |
$0.0 |
| 889 |
No Rate Limitting at Change Password |
$0.0 |
| 890 |
Open redirect in Signing in via Social Sites |
$0.0 |
| 891 |
Registration captcha bypass |
$0.0 |
| 892 |
Open Redirect via "next" parameter in third-party authentication |
$0.0 |
| 893 |
Activation tokens are not expiring |
$0.0 |
| 894 |
CSV export filter bypass leads to formula injection. |
$0.0 |
| 895 |
Rate Limit Bypass on login Page |
$0.0 |
| 896 |
CSRF : Lock and Unlock Translation |
$0.0 |
| 897 |
No BruteForce Protection |
$0.0 |
| 898 |
XSS in the search bar of mercantile.wordpress.org |
$0.0 |
| 899 |
Dav sharing permissions issue |
$0.0 |
| 900 |
self xss in |
$0.0 |
| 901 |
Combined attacks leading to stealing user's account |
$0.0 |
| 902 |
Possible to unsubscribe from activities using CSRF @ mijn.werkenbijdefensie.nl |
$0.0 |
| 903 |
Possible to view and takeover other user's education and courses @ mijn.werkenbijdefensie.nl |
$0.0 |
| 904 |
read outside of buffer (heap buffer overflow) in S_regmatch - regexec.c:6057 |
$0.0 |
| 905 |
IDOR in editing courses |
$0.0 |
| 906 |
Weak password requirement on techsupport.teradici.com |
$0.0 |
| 907 |
Weak Password Policy on techsupport.teradici.com |
$0.0 |
| 908 |
Buffer overflow in HTTP parse_hostinfo(), parse_userinfo() and parse_scheme() |
$0.0 |
| 909 |
Subdomain takeover (sales.mixmax.com) |
$0.0 |
| 910 |
Possible Subdomain Takeover |
$0.0 |
| 911 |
Use of uninitialized memory in unserialize() |
$0.0 |
| 912 |
Reflected XSS on a DoD website |
$0.0 |
| 913 |
Login CSRF : Login Authentication Flaw |
$0.0 |
| 914 |
CSRF bypass ( Delate Source Translation From dictionaries ) in demo.weblate.org |
$0.0 |
| 915 |
CSRF: add item to victim's cart automatically (starbucks.com - updatecart) |
$0.0 |
| 916 |
phone number exposure for riders/drivers given email/uuid |
$0.0 |
| 917 |
CSRF - Changing the full name / adding a secondary email identity of an account via a GET request |
$0.0 |
| 918 |
Missing Rate Limiting protection leading to mass triggering of e-mails |
$0.0 |
| 919 |
Flash XSS on Buick_RotatingMasthead_JellyBeanSlider.swf |
$0.0 |
| 920 |
Share tokens for public calendars disclosed (NC-SA-2017-011) |
$0.0 |
| 921 |
An Automattic employee's GitHub personal access token exposed in Travis CI build logs |
$0.0 |
| 922 |
Open redirect while disconnecting authenticated account |
$0.0 |
| 923 |
Reflected XSS on teavana.com (Locale-Change) |
$0.0 |
| 924 |
change bank account numbers |
$0.0 |
| 925 |
[app.mixmax.com] Stored XSS on Adding new enhancement. |
$0.0 |
| 926 |
Attacker can trick other into logging in as themselves |
$0.0 |
| 927 |
HTTP - Basic Authentication on https://www.stellar.org/wp-login.php |
$0.0 |
| 928 |
Blind SQLi in a DoD Website |
$0.0 |
| 929 |
Open redirect / Reflected XSS payload in root that affects all your sites (store.starbucks.* / shop.starbucks.* / teavana.com) |
$0.0 |
| 930 |
CRLF Injection at vpn.bitstrips.com |
$0.0 |
| 931 |
Time Based SQL Injection vulnerability on a DoD website |
$0.0 |
| 932 |
SQL injection vulnerability on a DoD website |
$0.0 |
| 933 |
Cross-site request forgery (CSRF) vulnerability on a DoD website |
$0.0 |
| 934 |
Open redirects protection bypass |
$0.0 |
| 935 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 936 |
Blind SQLi vulnerability in a DoD Website |
$0.0 |
| 937 |
XSS in flashmediaelement.swf (business-blog.zomato.com) |
$0.0 |
| 938 |
OLX is vulnerable to clickjaking |
$0.0 |
| 939 |
Server Version Of https://www.olx.ph/ |
$0.0 |
| 940 |
SQL injection vulnerability in a DoD website |
$0.0 |
| 941 |
Possible User Session Hijack using Invalid HTTPS certificate on inside.gratipay.com domain |
$0.0 |
| 942 |
Reflected XSS in Zomato Mobile - category parameter |
$0.0 |
| 943 |
Stored XSS in *.myshopify.com |
$0.0 |
| 944 |
http://lists.parrotsec.org vulnerable to MITM |
$0.0 |
| 945 |
xss found in zomato |
$0.0 |
| 946 |
CSRF To Like/Unlike Photos |
$0.0 |
| 947 |
Bypassing captcha in registration on Hosted site |
$0.0 |
| 948 |
JSON CSRF on POST Heartbeats API |
$0.0 |
| 949 |
CRLF Injection on openvpn.svc.ubnt.com |
$0.0 |
| 950 |
SQL injection vulnerability on a DoD website |
$0.0 |
| 951 |
SQL Injection vulnerability in a DoD website |
$0.0 |
| 952 |
Time Based SQL Injection vulnerability on a DoD website |
$0.0 |
| 953 |
Arbitary file download vulnerability on a DoD website |
$0.0 |
| 954 |
Arbitary file download vulnerability on a DoD website |
$0.0 |
| 955 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 956 |
[alpha.informatica.com] Expensive DOMXSS |
$0.0 |
| 957 |
Apache HTTP Request Parsing Whitespace Defects |
$0.0 |
| 958 |
SQL Exception thrown during product import |
$0.0 |
| 959 |
SAUCE Access_key and User_name leaked in Travis CI build logs |
$0.0 |
| 960 |
Stored XSS in Headline TextControl element in Express forms [ concrete5 8.1.0 ] |
$0.0 |
| 961 |
Missing link to 2FA recovery code |
$0.0 |
| 962 |
mailbomb through invite feature on chrome addon |
$0.0 |
| 963 |
XSS in http://www.rockstargames.com/theballadofgaytony/js/jquery.base.js |
$0.0 |
| 964 |
Infrastructure - Photon - SSRF |
$0.0 |
| 965 |
Token leakage by referrer |
$0.0 |
| 966 |
CSV injection in gitlab.com via issues export feature. |
$0.0 |
| 967 |
[EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users |
$0.0 |
| 968 |
Password reset links should expire after being used, instead of at specific time |
$0.0 |
| 969 |
Hyper Link Injection In email and Space Characters Allowed at Password Field. |
$0.0 |
| 970 |
Reflected XSS in openapi.starbucks.com /searchasyoutype/v1/search?x-api-key= |
$0.0 |
| 971 |
Reflected XSS at https://da.wordpress.org/themes/?s= via "s=" parameter |
$0.0 |
| 972 |
XXE on sms-be-vip.twitter.com in SXMP Processor |
$0.0 |
| 973 |
Open redirect on https://werkenbijdefensie.nl/ |
$0.0 |
| 974 |
[connect.teavana.com] Open Redirect and abuse of connect.teavana.com |
$0.0 |
| 975 |
Stored XSS in Pages SEO dialog Name field (concrete5 8.1.0) |
$0.0 |
| 976 |
Throttling Bypass - ws1.dashlane.com |
$0.0 |
| 977 |
Big XSS vulnerability! |
$0.0 |
| 978 |
Enhancement: email confirmation for 2FA recovery |
$0.0 |
| 979 |
Missing link to TOTP manual enroll option |
$0.0 |
| 980 |
Bypassing Access control, changing owner's name in a private leaderboard |
$0.0 |
| 981 |
Full Api Access and Run All Functions via Starbucks App |
$0.0 |
| 982 |
[Privilege Escalation] Authenticated users can manipulate others fullname without their knowledge |
$0.0 |
| 983 |
[Privilege Escalation] Authenticated users can manipulate others fullname without their knowledge [Team Vector] |
$0.0 |
| 984 |
Address bar spoofing in Brave browser via. window close warnings |
$0.0 |
| 985 |
Clickjacking or URL Masking |
$0.0 |
| 986 |
Brave: Admin Panel Access |
$0.0 |
| 987 |
ap_find_token() Buffer Overread |
$0.0 |
| 988 |
heap-use-after-free in Sass::SharedPtr::incRefCount() |
$0.0 |
| 989 |
2FA user enumeration via password reset |
$0.0 |
| 990 |
Unable to register in starbucks app |
$0.0 |
| 991 |
SQL Injection vulnerability in a DoD website |
$0.0 |
| 992 |
SQL Injection vulnerability in a DoD website |
$0.0 |
| 993 |
SQL Injection vulnerability in a DoD website |
$0.0 |
| 994 |
Insecure Direct Object Reference (IDOR) vulnerability in a DoD website |
$0.0 |
| 995 |
Password Reset page Session Fixation |
$0.0 |
| 996 |
DOM Based XSS In mercantile.wordpress.org |
$0.0 |
| 997 |
Possibility of DOS Through logging System |
$0.0 |
| 998 |
Password reset access control |
$0.0 |
| 999 |
Stored XSS at Moneybird |
$0.0 |
| 1000 |
Dom based xss affecting all pages from https://www.grab.com/. |
$0.0 |
| 1001 |
RCE/LFI on test Jenkins instance due to improper authentication flow |
$0.0 |
| 1002 |
dom based xss in https://www.rockstargames.com/GTAOnline/ |
$0.0 |
| 1003 |
Gratipay rails secret token (secret_key_base) publicly exposed in GitHub |
$0.0 |
| 1004 |
XSS on http://irc.parrotsec.org |
$0.0 |
| 1005 |
dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass) |
$0.0 |
| 1006 |
flash injection in http://www.rockstargames.com/IV/imgPlayer/imageEmbed.swf |
$0.0 |
| 1007 |
Create Api Key is not working |
$0.0 |
| 1008 |
The websocket traffic is not secure enough |
$0.0 |
| 1009 |
[dev-unifi-go.ubnt.com] Insecure CORS, Stealing Cookies |
$0.0 |
| 1010 |
S3 ACL misconfiguration |
$0.0 |
| 1011 |
api.vk.com отдаёт в ответ HTML авторизированную страницу vk.com |
$0.0 |
| 1012 |
[Quora Android] Possible to steal arbitrary files from mobile device |
$0.0 |
| 1013 |
Improper error message |
$0.0 |
| 1014 |
federalist.18f.gov vulnerable to Sweet32 attack |
$0.0 |
| 1015 |
Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg] |
$0.0 |
| 1016 |
Image lib - unescaped file path |
$0.0 |
| 1017 |
Potential code injection in fun delete_directory |
$0.0 |
| 1018 |
[Cross Domain Referrer Leakage] Password Reset Token Leaking to Third party Sites. |
$0.0 |
| 1019 |
Stored XSS Deleting Menu Links in the Shopify Admin |
$0.0 |
| 1020 |
Timing attack woocommerce, simplify commerce gateway |
$0.0 |
| 1021 |
Object Injection in Woocommerce / Handle PDT Responses from PayPal |
$0.0 |
| 1022 |
Comments Denial of Service in socialclub.rockstargames.com |
$0.0 |
| 1023 |
woocommerce - prevent_caching() bug / bypass |
$0.0 |
| 1024 |
Use-after-free in XML::LibXML::Node::replaceChild |
$0.0 |
| 1025 |
IDOR unsubscribe Anyone from NextClouds Newsletters by knowing their Email |
$0.0 |
| 1026 |
https://secure.gravatar.com |
$0.0 |
| 1027 |
Stored XSS with CRLF injection via post message to user feed |
$0.0 |
| 1028 |
Race Conditions in OAuth 2 API implementations |
$0.0 |
| 1029 |
Раскрытие имени файла приватных документов |
$0.0 |
| 1030 |
Reflected XSS - gratipay.com |
$0.0 |
| 1031 |
sprintf combined format string attack |
$0.0 |
| 1032 |
app.mixmax.com Information Discloure on cal.mixmax.com and Not Signing out after Removing information grant access from Google |
$0.0 |
| 1033 |
Reflected XSS in reddeadredemption Site located at www.rockstargames.com/reddeadredemption |
$0.0 |
| 1034 |
Reflected XSS in /Videos/ via calling a callback http://www.rockstargames.com/videos/#/?lb= |
$0.0 |
| 1035 |
CSRF in Report Lost or Stolen Page https://www.starbucks.com/account/card |
$0.0 |
| 1036 |
Users with member privilege are able to see emails and membership information of other users |
$0.0 |
| 1037 |
Password reset token leak on third party website via Referer header |
$0.0 |
| 1038 |
No Rate Limit (Leads to huge email flooding/email bombing) |
$0.0 |
| 1039 |
protect against tabnabbing in statement |
$0.0 |
| 1040 |
XSS on Nanostation Loco M2 Airmax |
$0.0 |
| 1041 |
Add movie or series CSRF |
$0.0 |
| 1042 |
Allowance of Meta/Null characters |
$0.0 |
| 1043 |
Subdomain Takeover via Unclaimed WordPress site |
$0.0 |
| 1044 |
CSRF-Token leak by request forgery |
$0.0 |
| 1045 |
Legal Robot AWS S3 Bucket Directory Listing |
$0.0 |
| 1046 |
Possible to join any class without coache's knowledge & Little Information Disclosure |
$0.0 |
| 1047 |
[mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection |
$0.0 |
| 1048 |
HTML injection-WordCamp Talks plugin |
$0.0 |
| 1049 |
Paragonie Airship Admin CSRF on Extensions Pages |
$0.0 |
| 1050 |
Improper access control lead To delete anyone comment |
$0.0 |
| 1051 |
Cross Site WebSocket Hijacking |
$0.0 |
| 1052 |
Unvalidated / Open Redirect |
$0.0 |
| 1053 |
Homograph fix Bypass |
$0.0 |
| 1054 |
Open Redirect through POST Request |
$0.0 |
| 1055 |
[Markdown] Stored XSS via character encoding parser bypass |
$0.0 |
| 1056 |
Enforce minimum master password complexity |
$0.0 |
| 1057 |
Open Redirect |
$0.0 |
| 1058 |
Potential server misconfiguration leads to disclosure of vendor/ directory |
$0.0 |
| 1059 |
Crashes/Buffer at 0x2C0086,name=PBrowser::Msg_Destroy |
$0.0 |
| 1060 |
Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML |
$0.0 |
| 1061 |
IDNs displayed in unicode |
$0.0 |
| 1062 |
Report Private Links Leaks to Google Analytics via Query String Param |
$0.0 |
| 1063 |
[www.zomato.com/dubai/gold] CRITICAL - Allowing arbitrary amount to become a GOLD Member |
$0.0 |
| 1064 |
CSV Injection https://hub.grab.com |
$0.0 |
| 1065 |
User enumeration via forgot password error message |
$0.0 |
| 1066 |
No Confirmation or Notification During Email Change which can leads to account takeover |
$0.0 |
| 1067 |
No notification on Password Change |
$0.0 |
| 1068 |
Organization Admin Privilege Escalation To Owner |
$0.0 |
| 1069 |
Reflective XSS |
$0.0 |
| 1070 |
Sensitive information is publicly available |
$0.0 |
| 1071 |
XSS when Shared |
$0.0 |
| 1072 |
Adding or removing a new non-preferred payout method does not trigger an e-mail or account notification |
$0.0 |
| 1073 |
CSRF to change Account Security Keys on secure.login.gov |
$0.0 |
| 1074 |
OS Command Execution on User's PC via CSV Injection |
$0.0 |
| 1075 |
Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse |
$0.0 |
| 1076 |
CSV injection in gratipay.com via payment history export feature. |
$0.0 |
| 1077 |
[IRCCloud Android] XSS in ImageViewerActivity |
$0.0 |
| 1078 |
[IRCCloud Android] Opening arbitrary URLs/XSS in SAMLAuthActivity |
$0.0 |
| 1079 |
No Email Verification |
$0.0 |
| 1080 |
Stored XSS in content when Graph is created via API |
$0.0 |
| 1081 |
Unauthenticated hidden groups disclosure via Ajax groups search |
$0.0 |
| 1082 |
Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE. |
$0.0 |
| 1083 |
SSRF vulnerability in gitlab.com via project import. |
$0.0 |
| 1084 |
Click jacking in delete image of user in Yelp |
$0.0 |
| 1085 |
[app.simplenote.com] Stored XSS via Markdown SVG filter bypass |
$0.0 |
| 1086 |
Program profile metrics endpoint contains mean time to triage, even when turned off |
$0.0 |
| 1087 |
[werkenbijmcdonalds.nl] Unsafe-inline in "script-src" results in "bootstrapping" or passing data to JavaScript from HTML pages. |
$0.0 |
| 1088 |
Open Redirection while saving User account Settings |
$0.0 |
| 1089 |
Stored XSS On Wordpress Infogram plugin |
$0.0 |
| 1090 |
CSRF in generating a new Personal Key |
$0.0 |
| 1091 |
2FA bypass - confirmation tokens don't expire |
$0.0 |
| 1092 |
Authenticated Cross-site Scripting in Template Name |
$0.0 |
| 1093 |
Reverse Tabnabbing Vulnerability in Outgoing Links |
$0.0 |
| 1094 |
Stored XSS in the Custom Logo link (non-Basic plan required) |
$0.0 |
| 1095 |
IDOR on Program Visibilty (Revealed / Concealed) against other team members |
$0.0 |
| 1096 |
Persistent XSS in share button |
$0.0 |
| 1097 |
Stored XSS Using Media |
$0.0 |
| 1098 |
SSRF via git Repo by URL Abuse |
$0.0 |
| 1099 |
Validation message in Bounty award endpoint can be used to determine program balances |
$0.0 |
| 1100 |
Unrestricted file upload - cloudacademy.informatica.com |
$0.0 |
| 1101 |
[public-api.wordpress.com] Stored XSS via Crafted Developer App Description |
$0.0 |
| 1102 |
Stored Cross-Site scripting in the infographics using links |
$0.0 |
| 1103 |
Stored Cross-Site scripting in the infographics using Data Objects links |
$0.0 |
| 1104 |
Validation bypass for Active Record and Active Model |
$0.0 |
| 1105 |
Server Side Request Forgery on JSON Feed |
$0.0 |
| 1106 |
Able To Check The Exact Bounty Balance of any Bug Bounty Program |
$0.0 |
| 1107 |
Interger overflow in eval trigger write out of bound |
$0.0 |
| 1108 |
New team invitation functionality allows extend team without upgrade |
$0.0 |
| 1109 |
No Rate limit on Password Reset Function |
$0.0 |
| 1110 |
Non Critical Code Quality Bug / Self XSS on Map Editor |
$0.0 |
| 1111 |
PHPMYADMIN Setup is accessible without authentication on https://lml.lahitapiola.fi/ |
$0.0 |
| 1112 |
[marketplace.informatica.com]-Reflected XSS |
$0.0 |
| 1113 |
Cross-origin resource sharing misconfig | steal user information |
$0.0 |
| 1114 |
Unauthenticated Reflected XSS in admin dashboard |
$0.0 |
| 1115 |
dom based xss in *.zendesk.com/external/zenbox/ |
$0.0 |
| 1116 |
The Microsoft Store Uber App Does Not Implement Server-side Token Revocation |
$0.0 |
| 1117 |
It's possible to view configuration and/or source code on uchat.awscorp.uberinternal.com without |
$0.0 |
| 1118 |
Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication |
$0.0 |
| 1119 |
High server resource usage on captcha (viestinta.lahitapiola.fi) |
$0.0 |
| 1120 |
User Profiles Leak PII in HTML Document for Mobile Browser User Agents |
$0.0 |
| 1121 |
Stored XSS via Send crew invite |
$0.0 |
| 1122 |
XSS работающая по всему сайту, где есть упоминания |
$0.0 |
| 1123 |
Missing Password Confirmation at a Critical Function (Payout Method) |
$0.0 |
| 1124 |
[serve-here] Static Web Server Directory Traversal via Crafted GET Request |
$0.0 |
| 1125 |
[featurebook] Specification Server Directory Traversal via Crafted Browser Request |
$0.0 |
| 1126 |
Stored XSS on urbandictionary.com |
$0.0 |
| 1127 |
XSS Stored |
$0.0 |
| 1128 |
Submitted reports state logs leakage |
$0.0 |
| 1129 |
Information disclosure when trying to delete an expense's attachment on m.mavenlink.com |
$0.0 |
| 1130 |
SQL injection in partner id field on https://www.teavana.com (Sign-up form) |
$0.0 |
| 1131 |
[lactate] Static Web Server Directory Traversal via Crafted GET Request |
$0.0 |
| 1132 |
[augustine] Static Web Server Directory Traversal via Crafted GET Request |
$0.0 |
| 1133 |
Lack of Sanitization and Insufficient Authentication |
$0.0 |
| 1134 |
Add arbitrary value in reset password cookie |
$0.0 |
| 1135 |
Lack of validation before assigning custom domain names leading to abuse of GitLab pages service |
$0.0 |
| 1136 |
Stored XSS in WordPress |
$0.0 |
| 1137 |
DOM-based Cross-Site Scripting in redirect url checkout |
$0.0 |
| 1138 |
[app.mavenlink.com] IDOR to view sensitive information |
$0.0 |
| 1139 |
Cookie bomb |
$0.0 |
| 1140 |
XSS at https://app.goodhire.com/member/GH.aspx |
$0.0 |
| 1141 |
[gem server] Stored XSS via crafted JavaScript URL inclusion in Gemspec |
$0.0 |
| 1142 |
Verbose error message reveals internal system hostnames, protols and used ports (yrityspalvelu.tapiola.fi) |
$0.0 |
| 1143 |
Persistent DOM-based XSS in https://help.twitter.com via localStorage |
$0.0 |
| 1144 |
myshopify.com domain takeover |
$0.0 |
| 1145 |
Registration enabled on ███grab.com |
$0.0 |
| 1146 |
[uppy] Stored XSS due to crafted SVG file |
$0.0 |
| 1147 |
Reflected XSS+CSRF on secure.lahitapiola.fi |
$0.0 |
| 1148 |
[growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite |
$0.0 |
| 1149 |
SSH server compatible with several vulnerable cryptographic algorithms |
$0.0 |
| 1150 |
wpjobmanager - unserialize of user input |
$0.0 |
| 1151 |
Access to Private Photos of Apps in App section(IDOR) |
$0.0 |
| 1152 |
code.wordpress.net subdomain Takeover |
$0.0 |
| 1153 |
Email Spoofing |
$0.0 |
| 1154 |
Security misconfiguration "weak passwords". |
$0.0 |
| 1155 |
Information disclosure through search engines (password reset token) |
$0.0 |
| 1156 |
Corrupt RPC responses from remote daemon nodes can lead to transaction tracing |
$0.0 |
| 1157 |
DOM Based XSS in mycrypto.com |
$0.0 |
| 1158 |
Installer can modify other gems if gem name is specially crafted |
$0.0 |
| 1159 |
XSS vulnerability in sanitize-method when parsing link's href |
$0.0 |
| 1160 |
Extra program metrics disclosed via /PROGRAM_NAME json response |
$0.0 |
| 1161 |
controlled buffer under-read in pack_unpack_internal() |
$0.0 |
| 1162 |
Unicorn worker pool exhaustion by continuously updating payout preferences |
$0.0 |
| 1163 |
protobufjs is vulnerable to ReDoS when parsing crafted invalid *.proto files |
$0.0 |
| 1164 |
clickjacking в /lead_forms_app.php |
$0.0 |
| 1165 |
Reflected XSS { support.mycrypto.com } |
$0.0 |
| 1166 |
[crud-file-server] Path Traversal allows to read arbitrary file from the server |
$0.0 |
| 1167 |
[airbnb.com] XSS via Cookie flash |
$0.0 |
| 1168 |
Remote Code Execution in the Import Channel function |
$0.0 |
| 1169 |
Reflected XSS on https://www.zomato.com |
$0.0 |
| 1170 |
XSS *.myshopify.com/collections/vendors?q= |
$0.0 |
| 1171 |
atob allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below |
$0.0 |
| 1172 |
Malicious file upload (secure.lahitapiola.fi) |
$0.0 |
| 1173 |
Your support community suffers from angularjs injection and must be fixed immediately [CRITICAL] |
$0.0 |
| 1174 |
Exposed authentication (/cs/Satellite) |
$0.0 |
| 1175 |
Prototype pollution attack (merge-objects) |
$0.0 |
| 1176 |
Clickjacking: Delete Account, Change privacy settings, Rate business, follow/unfollow (IE) |
$0.0 |
| 1177 |
Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature |
$0.0 |
| 1178 |
CSRF token fixation and potential account takeover |
$0.0 |
| 1179 |
SocialClub's Facebook OAuth Theft through Warehouse XSS. |
$0.0 |
| 1180 |
Airship: Persistent XSS via Comment |
$0.0 |
| 1181 |
IDOR in treat subscriptions |
$0.0 |
| 1182 |
[www.zomato.com] Getting a complimentary dessert [Zomato Treats] on ordering a Meal at no cost |
$0.0 |
| 1183 |
Wordpress.com REST API oauth bypass via Cross Site Flashing |
$0.0 |
| 1184 |
concat-with-sourcemaps allocates uninitialized Buffers when number is passed as a separator |
$0.0 |
| 1185 |
SSRF vulnerability in gitlab.com webhook |
$0.0 |
| 1186 |
Client-side Template Injection in Search, user email/token leak and maybe sandbox escape |
$0.0 |
| 1187 |
Replace other user files in Inbox messages |
$0.0 |
| 1188 |
Improper access control on adding a Register to an Outlet |
$0.0 |
| 1189 |
Potential to abuse pricing errors in saved carts |
$0.0 |
| 1190 |
DoS through cache poisoning using invalid HTTP parameters |
$0.0 |
| 1191 |
No authentication on email address for password reset functionality/ https://platform.thecoalition.com/forgot-password |
$0.0 |
| 1192 |
[vulners.com] nginx alias_traversal |
$0.0 |
| 1193 |
Session cookie missing SecureFlag on git.edoverflow.com. |
$0.0 |
| 1194 |
MySQL username and password leaked in developer.valvesoftware.com via source code dislosure |
$0.0 |
| 1195 |
Program metrics disclosed response_efficiency_percentage via /program_name json response despite the team decided not to show on their profile |
$0.0 |
| 1196 |
Application Vulnerable to CSRF - Remove Invited user |
$0.0 |
| 1197 |
Link filter protection bypass |
$0.0 |
| 1198 |
stringstream allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below |
$0.0 |
| 1199 |
byte allocates uninitialized buffers and reads data from them past the initialized length |
$0.0 |
| 1200 |
sql does not properly escape parameters when building SQL queries, resulting in potential SQLi |
$0.0 |
| 1201 |
ability to install paid themes for free |
$0.0 |
| 1202 |
CVE-2017-1000101: cURL: URL globbing out of bounds read |
$0.0 |
| 1203 |
Api token exposed in Reverb.com's public github repository |
$0.0 |
| 1204 |
No Password Verification on Changing Email Address Cause Account takeover |
$0.0 |
| 1205 |
SSRF in Exchange leads to ROOT access in all instances |
$0.0 |
| 1206 |
Missing SPF Records. |
$0.0 |
| 1207 |
Missing SPF record for the in scope domain |
$0.0 |
| 1208 |
Unfiltered input allows for XSS in "Playtime Item Grants" fields |
$0.0 |
| 1209 |
Aapp name leakage on economy history page |
$0.0 |
| 1210 |
[sexstatic] HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name |
$0.0 |
| 1211 |
Command injection in 'pdf-image' |
$0.0 |
| 1212 |
Heap Buffer Overflow (READ: 1786) in exif_iif_add_value |
$0.0 |
| 1213 |
Origin IP found, Cloudflare bypassed |
$0.0 |
| 1214 |
Exploiting JSONP callback on /username/charts.json endpoint leads to information disclosure despite user's privacy settings |
$0.0 |
| 1215 |
Race Condition : Exploiting the loyalty claim https://xxx.vendhq.com/loyalty/claim/email/xxxxx url and gain x amount of loyalty bonus/cash |
$0.0 |
| 1216 |
Directory traversal at https://msg.algolia.com |
$0.0 |
| 1217 |
[public] Stored XSS in the filename when directories listing |
$0.0 |
| 1218 |
burp does not validate the common name of the presented collaborator server certificate |
$0.0 |
| 1219 |
[Informational] Possible SQL Injection in inc/ajax-actions-frontend.php |
$0.0 |
| 1220 |
Subdomain Takeover - https://competition.shopify.com/ |
$0.0 |
| 1221 |
Reflected XSS (myynti.lahitapiolarahoitus.fi) |
$0.0 |
| 1222 |
The session token in the URL |
$0.0 |
| 1223 |
F5 BIG-IP Cookie Remote Information Disclosure |
$0.0 |
| 1224 |
SUBDOMAIN TAKEOVER [http://dev.rbk.money/] |
$0.0 |
| 1225 |
ImageMagick GIF coder vulnerability leading to memory disclosure |
$0.0 |
| 1226 |
Bypass blocked profile protection on aircrm.ubnt.com |
$0.0 |
| 1227 |
[buttle] HTML Injection in filename leads to XSS when directory listing is displayed in the browser |
$0.0 |
| 1228 |
[bruteser] Path Traversal allows to read content of arbitrary file |
$0.0 |
| 1229 |
Stored Cross Site Scripting |
$0.0 |
| 1230 |
Arbitrary local code execution via DLL hijacking from executable installer |
$0.0 |
| 1231 |
[out-of-scope] toxiproxy: Lack of CSRF protection allows an attacker to gain access to internal Shopify network |
$0.0 |
| 1232 |
[m-server] Path Traversal allows to display content of arbitrary file(s) from the server |
$0.0 |
| 1233 |
[m-server] HTML Injection in filenames displayed as directory listing in the browser allows to embed iframe with malicious JavaScript code |
$0.0 |
| 1234 |
[statics-server] XSS via injected iframe in file name when statics-server displays directory index in the browser |
$0.0 |
| 1235 |
Two Factor Authentication Bypass |
$0.0 |
| 1236 |
Persistent XSS - Selecting users as allowed merge request approvers |
$0.0 |
| 1237 |
Potensial SSRF via Git repository URL |
$0.0 |
| 1238 |
HTTP parameter pollution from outdated Greenhouse.io JS dependency |
$0.0 |
| 1239 |
[markdown-pdf] Local file reading |
$0.0 |
| 1240 |
OAuth2 Access Token and App Password Security Vulnerability |
$0.0 |
| 1241 |
Able to reset other user's password in https://card.starbucks.com.sg/ |
$0.0 |
| 1242 |
Preview bar: Incomplete message origin validation results in XSS |
$0.0 |
| 1243 |
Team object exposes amount of participants in a private program to non-invited users |
$0.0 |
| 1244 |
monerod can be disabled by a well-timed TCP reset packet |
$0.0 |
| 1245 |
Gem signature forgery |
$0.0 |
| 1246 |
Content spoofing and potential Cross-Site Scripting vulnerability on www.hackerone.com |
$0.0 |
| 1247 |
Private program policy page still accessible after user left the program |
$0.0 |
| 1248 |
test report |
$0.0 |
| 1249 |
SSRF on infawiki.informatica.com and infawikitest.informatica.com |
$0.0 |
| 1250 |
Information / sensitive data disclosure on some endpoints |
$0.0 |
| 1251 |
Improper authentication on registration |
$0.0 |
| 1252 |
Information Leak - GitHub - Endpoint Configuration Details |
$0.0 |
| 1253 |
Remote code execution by hijacking an unclaimed S3 bucket in Rocket.Chat's installation script. |
$0.0 |
| 1254 |
Buffer overflows in demo parsing |
$0.0 |
| 1255 |
[mercantile.wordpress.org] Reflected XSS |
$0.0 |
| 1256 |
Possible Subdomain Takeover |
$0.0 |
| 1257 |
heap-buffer-overflow (READ of size 48) in exif_read_data() |
$0.0 |
| 1258 |
CVE-2018-12882: heap-use-after-free in PHP 7.2 through 7.2.6, possible 7.2.7 |
$0.0 |
| 1259 |
[exceljs] Possible XSS via cell value when worksheet is displayed in browser |
$0.0 |
| 1260 |
[informatica.com]- Information Disclosure |
$0.0 |
| 1261 |
Обход функций закрытого профиля, получения возможности комментировать закрытые подарки и просматривать их |
$0.0 |
| 1262 |
ВИП подарки бесплатные без подключения ВИП услуги |
$0.0 |
| 1263 |
Stored 'undefined' Cross-site Scripting |
$0.0 |
| 1264 |
SignUp With Fake Email |
$0.0 |
| 1265 |
Command Injection is ps Package |
$0.0 |
| 1266 |
XSS in main search, use class tag to imitate Reverb.com core functionality, create false login window |
$0.0 |
| 1267 |
XSS in buying and selling pages, can created spoofed content (false login message) |
$0.0 |
| 1268 |
Disclosure of all uploads to Cloudinary via hardcoded api secret in Android app |
$0.0 |
| 1269 |
Reflected XSS |
$0.0 |
| 1270 |
F5 BigIP Backend Cookie Disclosure |
$0.0 |
| 1271 |
Stealing Users OAUTH Tokens via redirect_uri |
$0.0 |
| 1272 |
Bypass of request line length limit to DoS via cache poisoning |
$0.0 |
| 1273 |
Cache poisoning using NULL bytes and long URLs |
$0.0 |
| 1274 |
POST XSS in https://www.khanacademy.org.tr/ via page_search_query parameter |
$0.0 |
| 1275 |
Reflected XSS on ssl-ccstatic.highwebmedia.com via player.swf |
$0.0 |
| 1276 |
Stored XSS against all Chaturbate users using an application name |
$0.0 |
| 1277 |
Blind SSRF on image proxy camo.stream.highwebmedia.com |
$0.0 |
| 1278 |
Web cache deception attack - expose token information |
$0.0 |
| 1279 |
Forget password link not expiring after email change. |
$0.0 |
| 1280 |
Users may still able to view chat room panel of password protected rooms |
$0.0 |
| 1281 |
Persistent XSS - Deleting a project (No Longer Vulnerable in 10.7) |
$0.0 |
| 1282 |
Backup Source Code Detected |
$0.0 |
| 1283 |
Navigation to protocol handler URL from the opened page displayed as a request from this page. |
$0.0 |
| 1284 |
Torrent extension: Cross-origin downloading + "URL spoofing" + CSP-blocked XSS |
$0.0 |
| 1285 |
XSS (stored) Wizard is saving executable code |
$0.0 |
| 1286 |
Reflected Swf XSS In ( plugins.svn.wordpress.org ) |
$0.0 |
| 1287 |
Prototype pollution attack (defaults-deep / constructor.prototype) |
$0.0 |
| 1288 |
Persistent XSS via malicious license file |
$0.0 |
| 1289 |
Session ID is accessible via XSS |
$0.0 |
| 1290 |
Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS |
$0.0 |
| 1291 |
URL spoofing in Brave for macOS |
$0.0 |
| 1292 |
URL spoofing using protocol handlers |
$0.0 |
| 1293 |
Email Spoofing Possible on djangoproject.com Email Domain |
$0.0 |
| 1294 |
possibility to create account without username |
$0.0 |
| 1295 |
Navigation to restricted origins via "Open in new tab" |
$0.0 |
| 1296 |
SSRF on jira.mariadb.org |
$0.0 |
| 1297 |
Command Injection Vulnerability in libnmap Package |
$0.0 |
| 1298 |
DVR default username and password |
$0.0 |
| 1299 |
Email Spoofing Possible on torproject.org Email Domain |
$0.0 |
| 1300 |
[serve] XSS via HTML tag injection in directory lisiting page |
$0.0 |
| 1301 |
[serve] Stored XSS in the filename when directories listing |
$0.0 |
| 1302 |
[ux.shopify.com] Subdomain takeover |
$0.0 |
| 1303 |
OpenSSL::X509::Name Equality Check Does Not Work, Patch included |
$0.0 |
| 1304 |
Sidekiq web UI (Ruby background processing) accessible unauthenticated via https://gift-test.starbucks.co.jp/sidekiq/busy |
$0.0 |
| 1305 |
Code Injection Vulnerability in morgan Package |
$0.0 |
| 1306 |
DoS for HTTP/2 connections by crafted requests (CVE-2018-1333) |
$0.0 |
| 1307 |
Hacker can bypass 2FA requirement and reporter blacklist through embedded submission form |
$0.0 |
| 1308 |
Расшифровка всех типов шифрованных ID |
$0.0 |
| 1309 |
[tianma-static] Stored xss on filename |
$0.0 |
| 1310 |
XSS [flow] - on www.paypal.com/paypalme/my/landing (requires user interaction) |
$0.0 |
| 1311 |
Admin bar: Incomplete message origin validation results in XSS |
$0.0 |
| 1312 |
App messaging can be hijacked by third-party websites |
$0.0 |
| 1313 |
Disclosure of Github Issues |
$0.0 |
| 1314 |
Possible Take Over Subdomain For Inbound Emails |
$0.0 |
| 1315 |
Reflected Cross-Site Scripting in Serendipity (serendipity.SetCookie) |
$0.0 |
| 1316 |
Reflected xss in Serendipity's /index.php |
$0.0 |
| 1317 |
Open redirect on https://blog.fuzzing-project.org |
$0.0 |
| 1318 |
Multiple Bugs in api.data.gov/signup endpoint leads to send custom messages to Anyone |
$0.0 |
| 1319 |
No rate limiting on https://biz.uber.com/confirm allowed an attacker to join arbitrary business.uber.com accounts |
$0.0 |
| 1320 |
Incorrect Permission Assignment for Critical Resource |
$0.0 |
| 1321 |
Prototype pollution attack (mergify) |
$0.0 |
| 1322 |
List any file in the folder by using path traversal |
$0.0 |
| 1323 |
Heap Use After Free in unserialize() |
$0.0 |
| 1324 |
Out of Bounds Memory Read in unserialize() |
$0.0 |
| 1325 |
Heap Use After Free Read in unserialize() |
$0.0 |
| 1326 |
The POODLE attack (SSLv3 supported) at status.slack.com |
$0.0 |
| 1327 |
Prototype pollution attack in just-extend |
$0.0 |
| 1328 |
Attacker can claim credentials for private program that has a published external program |
$0.0 |
| 1329 |
Prototype pollution attack in node.extend |
$0.0 |
| 1330 |
Unauthorized users may be able to view almost all informations related to Private projects. |
$0.0 |
| 1331 |
Admin Macro Description Stored XSS |
$0.0 |
| 1332 |
Imperfect CSRF To Overwrite Server Config at /go/admin/restful/configuration/file/POST/xml |
$0.0 |
| 1333 |
Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS |
$0.0 |
| 1334 |
reflected XSS avito.ru |
$0.0 |
| 1335 |
Stored XSS in '' Section and WAF Bypass |
$0.0 |
| 1336 |
Github wikis are editable by anyone |
$0.0 |
| 1337 |
Cross site scripting (content-sniffing) |
$0.0 |
| 1338 |
Github wiki is editable by anyone |
$0.0 |
| 1339 |
Banner Grabbing - Apache Server Version Disclousure |
$0.0 |
| 1340 |
Brave allows flash to follow 307 redirects to other origins with arbitrary content-types |
$0.0 |
| 1341 |
Ability to login to the Nexus Repo Manager from https://nexus.imgur.com/ |
$0.0 |
| 1342 |
Apache Version Disclosure Through Directory Indexing |
$0.0 |
| 1343 |
Search Page Reflected XSS on sharjah.dubizzle.com through unencoded output of GET parameter in JavaScript |
$0.0 |
| 1344 |
Prototype pollution attack (lutils-merge) |
$0.0 |
| 1345 |
SPF Records (SMTP protection not used) |
$0.0 |
| 1346 |
Reflected XSS in lert.uber.com |
$0.0 |
| 1347 |
IDOR on partners.uber.com allows for a driver to override administrator documents |
$0.0 |
| 1348 |
Able to bypass information requirements before launching a Chat. |
$0.0 |
| 1349 |
Kaspersky Password Manager is vulnerable to HTML injection in the browser action pop-up via user name |
$0.0 |
| 1350 |
Open Directory |
$0.0 |
| 1351 |
blog.praca.olx.pl database credentials exposure |
$0.0 |
| 1352 |
Race condition in performing retest allows duplicated payments |
$0.0 |
| 1353 |
Reflected Xss bypass Content-Type: text/plain |
$0.0 |
| 1354 |
Unpacker improperly validates symlinks, allowing gems writes to arbitrary locations |
$0.0 |
| 1355 |
@wearehackerone.com is vulnerable to namespace attacks due to hackerone.com not being RFC2142 compliant. |
$0.0 |
| 1356 |
Creating Unlimited Fake Accounts. |
$0.0 |
| 1357 |
Malicious callback url can be set while creating application in identity |
$0.0 |
| 1358 |
Stored XSS in the guide's GameplayVersion (www.dota2.com) |
$0.0 |
| 1359 |
Reflected XSS on help.steampowered.com |
$0.0 |
| 1360 |
Form Replay in customer information form |
$0.0 |
| 1361 |
Account takeover due to CSRF in "Account details" option on █████████ |
$0.0 |
| 1362 |
Persistent CSV injection |
$0.0 |
| 1363 |
Line feed injection in get request leads AWS S3 Bucket information disclosure |
$0.0 |
| 1364 |
[auth2.zomato.com] Reflected XSS at oauth2/fallbacks/error | ORY Hydra an OAuth 2.0 and OpenID Connect Provider |
$0.0 |
| 1365 |
Information Exposure Through an Error Message at news.starbucks.com |
$0.0 |
| 1366 |
Prototype pollution attack (upmerge) |
$0.0 |
| 1367 |
CRLF injection on https://buildbot.mariadb.org |
$0.0 |
| 1368 |
[PayPal Android] Remote theft of user session using push_notification_webview deeplink |
$0.0 |
| 1369 |
[Venmo Android] Remote theft of user session |
$0.0 |
| 1370 |
Password Change not notified when changed from settings |
$0.0 |
| 1371 |
Tracking of users on third-party websites using the Twitter cookie, due to a flaw in authenticating image requests |
$0.0 |
| 1372 |
[downloads.mariadb.org] CRLF injection in case of encoded query mark |
$0.0 |
| 1373 |
Reflected XSS in the npm module express-cart. |
$0.0 |
| 1374 |
Credientals Over GET method in plain Text |
$0.0 |
| 1375 |
Facebook OAuth Code Theft through referer leakage on support.rockstargames.com |
$0.0 |
| 1376 |
There is vulnebility Click Here TO fix |
$0.0 |
| 1377 |
CRLF injection at https://mariadb.org/. |
$0.0 |
| 1378 |
DoS for remote nodes using Slow Loris attack |
$0.0 |
| 1379 |
SSRF in api.slack.com, using slash commands and bypassing the protections. |
$0.0 |
| 1380 |
Bypass of the SSRF protection in Event Subscriptions parameter. |
$0.0 |
| 1381 |
API request signature can be reused with other parameters/data than the original in certain cases |
$0.0 |
| 1382 |
CSRF Add user templates |
$0.0 |
| 1383 |
CSRF and probable account takeover on https://www.niche.co |
$0.0 |
| 1384 |
CSRF on https://www.niche.co leads to "account disconnection" |
$0.0 |
| 1385 |
Stored XSS on imgur profile |
$0.0 |
| 1386 |
Bypassing the fix of #503922 |
$0.0 |
| 1387 |
Email enumeration of users |
$0.0 |
| 1388 |
Stealing Facebook OAuth Code Through Screenshot viewer |
$0.0 |
| 1389 |
Reflected Cross site Scripting (XSS) on www.starbucks.com |
$0.0 |
| 1390 |
Privilege Escalation by abusing non-existent path. (Windows) |
$0.0 |
| 1391 |
[www.zomato.com] Availing Zomato Gold membership for free by tampering plan id(s) |
$0.0 |
| 1392 |
the login blocking mechanism does not work correctly |
$0.0 |
| 1393 |
Authenticated Cross-Site-Request-Forgery |
$0.0 |
| 1394 |
Unprotected Api EndPoints |
$0.0 |
| 1395 |
CSP : Inline scripts can be inserted |
$0.0 |
| 1396 |
Web Cache Deception Attack (XSS) |
$0.0 |
| 1397 |
Security headers missed on https://acme-validation.jamieweb.net/ |
$0.0 |
| 1398 |
EdgeSwitch Command Injection |
$0.0 |
| 1399 |
Login as root without password on EdgeSwitchX |
$0.0 |
| 1400 |
DLL Hijacking in Burp Suite Pro 2.0.19 Installer |
$0.0 |
| 1401 |
Prototype pollution attack through jQuery $.extend |
$0.0 |
| 1402 |
Regular Expression Denial of Service (ReDoS) |
$0.0 |
| 1403 |
[statics-server] Path Traversal due to lack of provided path sanitization |
$0.0 |
| 1404 |
Media parsing in canvas is at least vulnerable to Denial of Service through multiple vulnerabilities |
$0.0 |
| 1405 |
[servey] Path Traversal allows to retrieve content of any file with extension from remote server |
$0.0 |
| 1406 |
Prototype pollution attack (smart-extend) |
$0.0 |
| 1407 |
typeorm does not properly escape parameters when building SQL queries, resulting in potential SQLi |
$0.0 |
| 1408 |
Corrupted Authorization header can cause logs not to be ingested properly in ████████ |
$0.0 |
| 1409 |
Removing a user from a private group doesn't remove him from group's project, if his project's role was changed |
$0.0 |
| 1410 |
[FG-VD-19-022] Wordpress WooCommerce Cross-Site Scripting Vulnerability Notification |
$0.0 |
| 1411 |
[harp] File access even when they have been set to be ignored. |
$0.0 |
| 1412 |
[harp] Path traversal using symlink |
$0.0 |
| 1413 |
Hogging up all the resources on hackerone.com |
$0.0 |
| 1414 |
H1514 Wholesale customer without checkout permission can complete purchases |
$0.0 |
| 1415 |
Stored XSS on www.starbucks.com.sg/careers/career-center/career-landing-* |
$0.0 |
| 1416 |
H1514 Simple phishing using auto-created modal with weak URL-pattern check in incontext_app_link |
$0.0 |
| 1417 |
XSS inside HTML Link Tag |
$0.0 |
| 1418 |
SSRF in CI after first run |
$0.0 |
| 1419 |
securitytemplate.site domain hijack |
$0.0 |
| 1420 |
c3p0 may be exploited by a Billion Laughs Attack when loading XML configuration |
$0.0 |
| 1421 |
RingCT malformed tx prevents target from being able to sweep balance |
$0.0 |
| 1422 |
open-url command allows opening unlimited number of tabs pointing to arbitrary URLs |
$0.0 |
| 1423 |
Reflected Cross Site Scripting (XSS) |
$0.0 |
| 1424 |
Open AWS S3 bucket leaks all Images uploaded to Zomato chat |
$0.0 |
| 1425 |
XSS in Bootbox |
$0.0 |
| 1426 |
DOM based XSS in the WooCommerce plugin |
$0.0 |
| 1427 |
Command injection by setting a custom search engine |
$0.0 |
| 1428 |
Missing Rate Limit in Forgot Password can Lead to email address leakage of all smule accounts |
$0.0 |
| 1429 |
Reflected XSS in https://www.starbucks.co.jp/store/search/ |
$0.0 |
| 1430 |
https://mathfacts.khanacademy.org/ includes code from unprivileged localhost port |
$0.0 |
| 1431 |
Cross Site Scripting at https://app.oberlo.com/ |
$0.0 |
| 1432 |
Wordpress VIP leaks email of the test a/c |
$0.0 |
| 1433 |
Stored - XSS |
$0.0 |
| 1434 |
Subdomain takeover on dev-admin.periscope.tv |
$0.0 |
| 1435 |
Full Path Disclosure |
$0.0 |
| 1436 |
Open Redirect on ███ |
$0.0 |
| 1437 |
Insufficient DKIM record with RSA 512-bit key used on WordPress.com |
$0.0 |
| 1438 |
Insufficient sanitizing can lead to arbitrary commands execution |
$0.0 |
| 1439 |
No SearchEngine sanatizing can lead to command injection |
$0.0 |
| 1440 |
H1514 Bypass Wholesale account signup restrictions |
$0.0 |
| 1441 |
Open redirect on https://hq-api.upserve.com/ |
$0.0 |
| 1442 |
Email abuse and Referral Abuse |
$0.0 |
| 1443 |
Multiple Subdomain Takeovers: fly.staging.shipt.com, fly.us-west-2.staging.shipt.com, fly.us-east-1.staging.shipt.com |
$0.0 |
| 1444 |
Vulnerable W3 Total Cache plugin version in use on nextcloud.com |
$0.0 |
| 1445 |
IDOR in changing shared file name |
$0.0 |
| 1446 |
Captcha bypass for the most important function - At en.instagram-brand.com |
$0.0 |
| 1447 |
Retrieval and alteration of exposed media on Android Oreo |
$0.0 |
| 1448 |
Predictable Random Number Generator |
$0.0 |
| 1449 |
Team member with Program permission only can escalate to Admin permission |
$0.0 |
| 1450 |
Stored XSS/HTML injection in autocomplete suggestions for sharing |
$0.0 |
| 1451 |
[takeapeek] XSS via HTML tag injection in directory lisiting page |
$0.0 |
| 1452 |
Stored XSS @ /engage/<project_slug> |
$0.0 |
| 1453 |
Monero can leak unitialized memory |
$0.0 |
| 1454 |
Remote Daemon RPC Attack |
$0.0 |
| 1455 |
[domokeeper] Unintended Require |
$0.0 |
| 1456 |
Custom Field Attributes may be created and updated for customers with Custom Field Trial enabled |
$0.0 |
| 1457 |
Stored XSS via Create Project (Add new translation project) |
$0.0 |
| 1458 |
HTML injection and information disclosure in support panel |
$0.0 |
| 1459 |
multiple vulnerabilities on your mautic server |
$0.0 |
| 1460 |
Lack of proper paymentProfileUUID validation allows any number of free rides without any outstanding balance |
$0.0 |
| 1461 |
No Valid SPF Records. |
$0.0 |
| 1462 |
BUG XSS IN "ADD IMAGES" |
$0.0 |
| 1463 |
Web cache poisoning leads to disclosure of CSRF token and sensitive information |
$0.0 |
| 1464 |
Private information exposed through GraphQL filters |
$0.0 |
| 1465 |
[min-http-server] Stored XSS in the filename when directories listing |
$0.0 |
| 1466 |
[http-file-server] Stored XSS in the filename when directories listing |
$0.0 |
| 1467 |
Stored XSS in Macro Editing - Introduced by Admins to affect Admins |
$0.0 |
| 1468 |
Github wikis are editable by anyone https://github.com/paragonie/password_lock/wiki |
$0.0 |
| 1469 |
Improper Session management can cause account takeover[https://micropurchase.18f.gov] |
$0.0 |
| 1470 |
subdomain take over at recommendation.algolia.com |
$0.0 |
| 1471 |
Github Token Leaked publicly for https://github.com/mopub |
$0.0 |
| 1472 |
[kb.informatica.com] Dom Based xss |
$0.0 |
| 1473 |
SSRF In Get Video Contents |
$0.0 |
| 1474 |
Previously created sessions continue being valid after MFA activation |
$0.0 |
| 1475 |
xmlrpc.php file enabled - data.gov |
$0.0 |
| 1476 |
[larvitbase-api] Unintended Require |
$0.0 |
| 1477 |
Reflected File Download (RFD) in download video |
$0.0 |
| 1478 |
Stack overflow affecting "ext" field on stylers.xml configuration file |
$0.0 |
| 1479 |
Passcode Protection in Android Devices Can be Bypassed. |
$0.0 |
| 1480 |
[public] Path traversal using symlink |
$0.0 |
| 1481 |
URl redirection |
$0.0 |
| 1482 |
Reflected XSS: Taxonomy Converter via tax parameter |
$0.0 |
| 1483 |
Certificate warnings and similar UI elements in Web protection of Anti-Virus products family are susceptible to clickjacking |
$0.0 |
| 1484 |
Reflected XSS / Markup Injection in index.php/svg/core/logo/logo parameter color |
$0.0 |
| 1485 |
Missing DNSSEC |
$0.0 |
| 1486 |
[larvitbase-www] Unintended Require |
$0.0 |
| 1487 |
Xss on community.imgur.com |
$0.0 |
| 1488 |
Web protection component in Anti-Virus products family ignores HSTS security policy |
$0.0 |
| 1489 |
CVE-2019-0196: mod_http2 with scoreboard Use-After-Free (Read) |
$0.0 |
| 1490 |
web cache deception in https://tradus.com lead to name/user_id enumeration and other info |
$0.0 |
| 1491 |
[https-proxy-agent] Socket returned without TLS upgrade on non-200 CONNECT response, allowing request data to be sent over unencrypted connection |
$0.0 |
| 1492 |
CSS injection via BB code tag "█████" |
$0.0 |
| 1493 |
Bypassing push rules via MRs created by Email |
$0.0 |
| 1494 |
CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) |
$0.0 |
| 1495 |
libtiff 4.0.6 segfault / read outside of buffer (CVE-2016-9297) |
$0.0 |
| 1496 |
libtiff 4.0.6 heap bufer overflow / out of bounds read (CVE-2016-9273) |
$0.0 |
| 1497 |
StoreFront API allows for a brute force attack on customer login by not timing out ALL attempts |
$0.0 |
| 1498 |
[Found Origin IP's Lead To Access To Grafana Instance , PgHero Instance [ Can SQL Injection ] |
$0.0 |
| 1499 |
Unauthenticated read and write access to ALL endpoints of a store is possible for removed staff members who had "Apps" permission |
$0.0 |
| 1500 |
Bypass report #416983 - Removed Staff members who had "Apps" permission can still modify flow app connections |
$0.0 |
| 1501 |
Manipulation of exam results at Semrush.Academy |
$0.0 |
| 1502 |
[FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II |
$0.0 |
| 1503 |
Crash (DoS) when parsing a hostile TIFF |
$0.0 |
| 1504 |
Memory corruption when parsing a hostile PHAR archive |
$0.0 |
| 1505 |
Format string implementation vulnerability, resulting in code execution |
$0.0 |
| 1506 |
Use After Free in PHP7 unserialize() |
$0.0 |
| 1507 |
Use-after-free in unserialize() |
$0.0 |
| 1508 |
Use-after-free in ArrayObject Deserialization |
$0.0 |
| 1509 |
Type Confusion in Object Deserialization |
$0.0 |
| 1510 |
Use After Free in unserialize() |
$0.0 |
| 1511 |
Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization |
$0.0 |
| 1512 |
Use-after-free in PHP7's unserialize() |
$0.0 |
| 1513 |
Two vulnerability in GNU binutils |
$0.0 |
| 1514 |
PHP INI Parsing Stack Buffer Overflow Vulnerability |
$0.0 |
| 1515 |
Multiple issues in Libxml2 (2.9.2 - 2.9.5) |
$0.0 |
| 1516 |
memory corruption while parsing HTTP response |
$0.0 |
| 1517 |
Out-Of-Bounds Read in timelib_meridian() |
$0.0 |
| 1518 |
PHP WDDX Deserialization Heap OOB Read in timelib_meridian() |
$0.0 |
| 1519 |
PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy) |
$0.0 |
| 1520 |
mod_http2, read-after-free in h2 connection shutdown (CVE-2019-10082) |
$0.0 |
| 1521 |
Stored XSS in localhost:* via integrated torrent downloader |
$0.0 |
| 1522 |
A reflected XSS in python/Lib/DocXMLRPCServer.py |
$0.0 |
| 1523 |
Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c |
$0.0 |
| 1524 |
Stored XSS vulnerability in comments on *.wordpress.com |
$0.0 |
| 1525 |
Any user with access to program can resume and suspend HackerOne Gateway |
$0.0 |
| 1526 |
Command Injection in npm module name passed as an argument to pm2.install() function |
$0.0 |
| 1527 |
Command Injection due to lack of sanitisation of tar.gz filename passed as an argument to pm2.install() function |
$0.0 |
| 1528 |
Enable 2FA without verifying the email |
$0.0 |
| 1529 |
Reporter, external users, collaborators can mark sent swag awarded to reporter as unsent |
$0.0 |
| 1530 |
SMTP user enumeration via mail.zendesk.com |
$0.0 |
| 1531 |
Referer issue in Kartpay.com |
$0.0 |
| 1532 |
Open Redirect in the Path of vendhq.com |
$0.0 |
| 1533 |
Lack of CSRF header validation at https://g-mail.grammarly.com/profile |
$0.0 |
| 1534 |
Open redirect open.rocket.chat/file-upload/ID/filename.svg |
$0.0 |
| 1535 |
Active Mixed Content over HTTPS |
$0.0 |
| 1536 |
Code injection in https://www.semrush.com |
$0.0 |
| 1537 |
H1514 Stored XSS on Wholesale sales channel allows cross-organization data leakage |
$0.0 |
| 1538 |
Assertion `len == 1' failed, process aborted while streaming ouput from remote server |
$0.0 |
| 1539 |
Reflected XSS on m.olx.co.id via ad_type parameter |
$0.0 |
| 1540 |
Reflected XSS on www.olx.co.id via ad_type parameter |
$0.0 |
| 1541 |
H1514 Ability to MiTM Shopify PoS Session to Takeover Communications |
$0.0 |
| 1542 |
H1514 Extract information about other sites (new sites) through Affiliate/Referral pages |
$0.0 |
| 1543 |
mod_remoteip stack buffer overflow and NULL pointer dereference |
$0.0 |
| 1544 |
H1514 Stored XSS in Return Magic App portal content |
$0.0 |
| 1545 |
Removed staff members who had "Manage shops" permission can still create development stores |
$0.0 |
| 1546 |
Session is not expire after logout |
$0.0 |
| 1547 |
Searching from Hacktivity returns hits for words in limited disclosure reports that are not visible |
$0.0 |
| 1548 |
CSS Injection to disable app & potential message exfil |
$0.0 |
| 1549 |
XSS On Nextcloud Integrated with zimbra drive |
$0.0 |
| 1550 |
NULL Pointer Dereference while unserialize php object |
$0.0 |
| 1551 |
Invalid read when wddx decodes empty boolean element |
$0.0 |
| 1552 |
Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412) |
$0.0 |
| 1553 |
Roundcube virtualmin privilege escalation (CVE-2017-8114) |
$0.0 |
| 1554 |
Reflected XSS in https://www.starbucks.com/account/create/redeem/MCP131XSR via xtl_amount, xtl_coupon_code, xtl_amount_type parameters |
$0.0 |
| 1555 |
Exploiting Network and Timing Side-Channels to Break Monero Receiver Anonymity |
$0.0 |
| 1556 |
"Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons |
$0.0 |
| 1557 |
CVE-2019-13132 - libzmq 4.1 series is vulnerable |
$0.0 |
| 1558 |
Thailand - a small number of SMB CCTV footage backup servers were accessible without authentication. |
$0.0 |
| 1559 |
Unauthorized command execution in Web protection component of Anti-Virus products family [IE] |
$0.0 |
| 1560 |
Unauthorized command execution in Web protection component of Anti-Virus products family |
$0.0 |
| 1561 |
Unauthorized command execution in Web protection component of Anti-Virus products family [FF, Chrome] |
$0.0 |
| 1562 |
Kaspersky Password Manager allows websites to access user's address data |
$0.0 |
| 1563 |
Web protection component in Anti-Virus products family uses predictable links for certificate warnings |
$0.0 |
| 1564 |
Kaspersky Protection extension for Google Chrome is vulnerable to abuse its features |
$0.0 |
| 1565 |
Nextcloud domain and name of every user leaked to lookup server |
$0.0 |
| 1566 |
Disclosure of payment_transactions for programs via GraphQL query |
$0.0 |
| 1567 |
Unquoted Service Path in "Rockstar Game Library Service" |
$0.0 |
| 1568 |
Out-of-date Version (Apache) |
$0.0 |
| 1569 |
Attackers can control which security questions they are presented (████████) |
$0.0 |
| 1570 |
Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████ |
$0.0 |
| 1571 |
Video player on ███ allows arbitrary remote videos to be played |
$0.0 |
| 1572 |
SQL injection found in US Navy Website (http://███/) |
$0.0 |
| 1573 |
Open FTP on ███ |
$0.0 |
| 1574 |
HTML Injection on ████ |
$0.0 |
| 1575 |
Critical information disclosure at https://█████████ |
$0.0 |
| 1576 |
Illegal account registration in ████████ |
$0.0 |
| 1577 |
Access to job creation web page on http://████████ |
$0.0 |
| 1578 |
Content-Injection/XSS ████ |
$0.0 |
| 1579 |
SSRF in ███████ |
$0.0 |
| 1580 |
SQL injection on https://███████ |
$0.0 |
| 1581 |
Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html |
$0.0 |
| 1582 |
Multiple cryptographic vulnerabilities in login page on ███████ |
$0.0 |
| 1583 |
Exposed ███████ Administrative Interface (ColdFusion 11) |
$0.0 |
| 1584 |
Two Error-Based SQLi in courses.aspx on ██████████ |
$0.0 |
| 1585 |
Insecure Direct Object Reference on in-scope .mil website |
$0.0 |
| 1586 |
Sensitive Email disclosure Due to Insecure Reactivate Account field |
$0.0 |
| 1587 |
Exposed FTP Credentials on ███████ |
$0.0 |
| 1588 |
Admin Salt Leakage on DoD site. |
$0.0 |
| 1589 |
Blind SQL Injection on DoD Site |
$0.0 |
| 1590 |
CRLF Injection on ███████ |
$0.0 |
| 1591 |
Able to view Backend Database dur to improper authentication |
$0.0 |
| 1592 |
WebLogic Server Side Request Forgery |
$0.0 |
| 1593 |
SharePoint exposed web services |
$0.0 |
| 1594 |
SharePoint exposed web services |
$0.0 |
| 1595 |
SSRF vulnerability on ██████████ leaks internal IP and various sensitive information |
$0.0 |
| 1596 |
LDAP Injection at ██████ |
$0.0 |
| 1597 |
Corda Server XSS ████████ |
$0.0 |
| 1598 |
Partial PII leakage due to public set gitlab |
$0.0 |
| 1599 |
█████ - DOM-based XSS |
$0.0 |
| 1600 |
█████ - DOM-based XSS |
$0.0 |
| 1601 |
Server-Side Request Forgery (SSRF) |
$0.0 |
| 1602 |
XSS on www.██████ alerts and a number of other pages |
$0.0 |
| 1603 |
[███] SQL injection & Reflected XSS |
$0.0 |
| 1604 |
[█████] Get all tickets (IDOR) |
$0.0 |
| 1605 |
[████████] Reflected XSS |
$0.0 |
| 1606 |
Email PII disclosure due to Insecure Password Reset field |
$0.0 |
| 1607 |
██████████ bruteforceable RIC Codes allowing information on contracts |
$0.0 |
| 1608 |
[███████] Reflected GET XSS (/mission.php?...&missionDate=*) |
$0.0 |
| 1609 |
[██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action |
$0.0 |
| 1610 |
[████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) |
$0.0 |
| 1611 |
[█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action |
$0.0 |
| 1612 |
[█████] — DOM-based XSS on endpoint /?s= |
$0.0 |
| 1613 |
http://████/data.json showing users sensitive information via json file |
$0.0 |
| 1614 |
GraphQL query "namespace" leaks data |
$0.0 |
| 1615 |
Password Reset Link not expiring after changing the email Leads To Account Takeover |
$0.0 |
| 1616 |
Path traversal in https://www.npmjs.com/package/http_server via symlink |
$0.0 |
| 1617 |
Unauthenticated reflected XSS in preview_as_user function |
$0.0 |
| 1618 |
Information Disclosure when /invitations/.json is not yet accepted |
$0.0 |
| 1619 |
Failure to Invalid Session after Password Change |
$0.0 |
| 1620 |
CSS injection in avito.ru via IE11 |
$0.0 |
| 1621 |
Persistent XSS on favorite via filename |
$0.0 |
| 1622 |
India - An Insecure Direct Object Reference (IDOR) allowed unauthorized access to view card index number and monetary balance |
$0.0 |
| 1623 |
Reflected XSS on card.starbucks.com.sg/unsub.php via the 'ct' Parameter |
$0.0 |
| 1624 |
Reflected XSS on card.starbucks.com.sg/unsubRevert.php via the 'ct' Parameter |
$0.0 |
| 1625 |
Container scanning and Dependency scanning report leaked to unauthorized users |
$0.0 |
| 1626 |
rgb2hex is vulnerable to ReDoS when parsing crafted invalid colors |
$0.0 |
| 1627 |
ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages |
$0.0 |
| 1628 |
De-anonymization Attack: Cross Site Information Leakage |
$0.0 |
| 1629 |
Lack of input validation and sanitization in react-autolinker-wrapper library causes XSS |
$0.0 |
| 1630 |
Shopify Stocky App OAuth Misconfiguration |
$0.0 |
| 1631 |
Stored XSS in https://app.mopub.com |
$0.0 |
| 1632 |
SSRF in /cabinet/stripeapi/v1/siteInfoLookup?url=XXX |
$0.0 |
| 1633 |
OLD SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE |
$0.0 |
| 1634 |
Password token leak via Host header |
$0.0 |
| 1635 |
Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors |
$0.0 |
| 1636 |
Uncontrolled Resource Consumption in any Markdown field using Mermaid |
$0.0 |
| 1637 |
No length on password |
$0.0 |
| 1638 |
subdomain takeover at status0.stripo.email |
$0.0 |
| 1639 |
CRLF injection |
$0.0 |
| 1640 |
stripo.email reflected xss |
$0.0 |
| 1641 |
Clickjacking vkpay |
$0.0 |
| 1642 |
[webpack-bundle-analyzer] Cross-site Scripting |
$0.0 |
| 1643 |
[seeftl] Stored XSS when directory listing via filename. |
$0.0 |
| 1644 |
protected Tweet settings overwritten by other settings |
$0.0 |
| 1645 |
Add store to new partner account without confirming email address. |
$0.0 |
| 1646 |
RXSS to Stored XSS - forums.pubg.com | URL parameter |
$0.0 |
| 1647 |
Use Github pack with Coda employee github account (search code of Coda's private repositories) |
$0.0 |
| 1648 |
Reflected + Stored XSS - https://discussion.evernote.com |
$0.0 |
| 1649 |
xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS) |
$0.0 |
| 1650 |
Clickjacking on my.stripo.email for MailChimp credentials |
$0.0 |
| 1651 |
Access to ██████████████ due to weak credentials |
$0.0 |
| 1652 |
Unrestricted file upload in www.semrush.com > /my_reports/api/v1/upload/image |
$0.0 |
| 1653 |
CRLF Injection in legacy url API (url.parse().hostname) |
$0.0 |
| 1654 |
[meta-git] RCE via insecure command formatting |
$0.0 |
| 1655 |
[npm-git-publish] RCE via insecure command formatting |
$0.0 |
| 1656 |
[node-red] Stored XSS within Flow's - "Name" field |
$0.0 |
| 1657 |
Http request splitting |
$0.0 |
| 1658 |
Port and service scanning on localhost due to improper URL validation. |
$0.0 |
| 1659 |
url.parse() hostname spoofing via javascript: URIs |
$0.0 |
| 1660 |
Exposed debug.log file leads to information disclosure |
$0.0 |
| 1661 |
DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389 |
$0.0 |
| 1662 |
Open redirect |
$0.0 |
| 1663 |
open Firebase Database: msdict-dev.firebaseio.com |
$0.0 |
| 1664 |
Reflected XSS on www/delivery/afr.php |
$0.0 |
| 1665 |
Ubuntu/Debian installation method allows key poisoning and code execution for network attacker |
$0.0 |
| 1666 |
Stored XSS | api.mapbox.com | IE 11 | Styles name |
$0.0 |
| 1667 |
xss in /users/[id]/set_tier endpoint |
$0.0 |
| 1668 |
Prototype pollution in dot-prop |
$0.0 |
| 1669 |
Information disclosure through Server side resource forgery |
$0.0 |
| 1670 |
Wordpress unzip_file path traversal |
$0.0 |
| 1671 |
subdomain takeover at status-stage0.stripo.email |
$0.0 |
| 1672 |
stripo blog search SQL Injection |
$0.0 |
| 1673 |
Command Injection vulnerability in kill-port-process package |
$0.0 |
| 1674 |
Stored XSS in template comments. |
$0.0 |
| 1675 |
File-drop content is visible through the gallery app |
$0.0 |
| 1676 |
Update App Store: Django account high jacking vulnerability |
$0.0 |
| 1677 |
Username enumeration via Openssh 7.6 |
$0.0 |
| 1678 |
my.stripo.emai email verification bypassed and also create email templates |
$0.0 |
| 1679 |
No Rate Limiting on /reset-password-request/ endpoint |
$0.0 |
| 1680 |
Upload directory of Mtn.ci |
$0.0 |
| 1681 |
Upload directory of Mtn.co.sz has listing enabled |
$0.0 |
| 1682 |
H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products |
$0.0 |
| 1683 |
Bypass to report #280389 [Thinking The issue is not fixed Yet] |
$0.0 |
| 1684 |
No Rate Limit On Forgot Password Page Of NordVPN |
$0.0 |
| 1685 |
csrf bypass using flash file + 307 redirect method at plugins endpoint |
$0.0 |
| 1686 |
2-factor authentication can be disabled when logged in without confirming account password |
$0.0 |
| 1687 |
No rate limiting for confirmation email lead to email flooding |
$0.0 |
| 1688 |
CVE-2017-8779 exploit on open rpcbind port could lead to remote DoS |
$0.0 |
| 1689 |
Reflected xss on 8x8.com subdomain |
$0.0 |
| 1690 |
Sensitive information disclosure |
$0.0 |
| 1691 |
Pull Request #12949 - Security Implications without CVE assignment |
$0.0 |
| 1692 |
Fix for CVE-2018-12122 can be bypassed via keep-alive requests |
$0.0 |
| 1693 |
Filesystem Writes via yarn install via symlinks and tar transforms inside a crafted malicious package |
$0.0 |
| 1694 |
Potential leak of server side software at repogohi.nordvpn.com |
$0.0 |
| 1695 |
[reveal.js] XSS by calling arbitrary method via postMessage |
$0.0 |
| 1696 |
Steam chat - trade offer presentation vulnerability |
$0.0 |
| 1697 |
GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame |
$0.0 |
| 1698 |
Email Spoofing |
$0.0 |
| 1699 |
Cross Site Request Forgery in auth in https://auth.ratelimited.me/ |
$0.0 |
| 1700 |
CORS Misconfiguration on nordvpn.com leading to Private Information Disclosure,Account takeover |
$0.0 |
| 1701 |
Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information |
$0.0 |
| 1702 |
Html Injection and Possible XSS in main nordvpn.com domain |
$0.0 |
| 1703 |
Email address is not validated, No Rate Limit and RCE On Forgot Password Page Of affiliates.nordvpn.com |
$0.0 |
| 1704 |
Race condition (TOCTOU) in NordVPN can result in local privilege escalation |
$0.0 |
| 1705 |
Admin panel of https://www.stellar.org/wp-admin/ |
$0.0 |
| 1706 |
brute force attack allowed on admin page https://www.stellar.org/wp-admin/ |
$0.0 |
| 1707 |
Direct URL access to PDF files |
$0.0 |
| 1708 |
Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com |
$0.0 |
| 1709 |
No Rate Limit On Forgot Password Page Of affiliates.nordvpn.com |
$0.0 |
| 1710 |
No Rate Limit On forgot Password Leading To Massive Email Flooding |
$0.0 |
| 1711 |
Malformed .WAV triggers an Access Violation on GoldSRC (hl.exe) |
$0.0 |
| 1712 |
NO username used in authenthication to www.mopub.com leading to direct password submission which has unlimited submission rate. |
$0.0 |
| 1713 |
Ad Builder Display Ads Path Traversal |
$0.0 |
| 1714 |
IDOR in semrush academy |
$0.0 |
| 1715 |
scripts loader DOS vulnerability |
$0.0 |
| 1716 |
Debug information disclosure on oauth-redirector.services.greenhouse.io |
$0.0 |
| 1717 |
SSRF on local storage of iOS mobile |
$0.0 |
| 1718 |
Bypass configured 2FA provider with another provider that can be set up at login |
$0.0 |
| 1719 |
xmlrpc.php is enabled - Nextcloud |
$0.0 |
| 1720 |
User with read-only access to a share can gain write access to sub-folders in the share |
$0.0 |
| 1721 |
WordPress vulnerable to multiple attacks at https://nextcloud.com |
$0.0 |
| 1722 |
Event privacy level does not work in Thunderbird |
$0.0 |
| 1723 |
Missing SPF flags for customerupdates.nextcloud.com |
$0.0 |
| 1724 |
Unauthenticated 'display name' information leak on enumeration of login names |
$0.0 |
| 1725 |
WebDAV Empty Property search leads to full CPU usage |
$0.0 |
| 1726 |
Access to all files of remote user through shared file |
$0.0 |
| 1727 |
**minor issue ** -Nextcloud 10.0 session issue with desktop client and android client |
$0.0 |
| 1728 |
Nextcloud 10.0 privilege escalation issue - Normal user can mask external storage shared by admin |
$0.0 |
| 1729 |
UI Redressing (Clickjacking) vulnerability |
$0.0 |
| 1730 |
HTTP Request Smuggling |
$0.0 |
| 1731 |
Server-Side Request Forgery (SSRF) in Ghost CMS |
$0.0 |
| 1732 |
Only the file extensions are checked, not the MIME types as configured |
$0.0 |
| 1733 |
[htmr] DOM-based XSS |
$0.0 |
| 1734 |
DOM XSS on app.starbucks.com via ReturnUrl |
$0.0 |
| 1735 |
athome.starbucks.com - URL parameter tampering of review forms permitted possible content injection |
$0.0 |
| 1736 |
Singapore - IDOR in campaign.starbucks.com.sg |
$0.0 |
| 1737 |
load scripts DOS vulnerability |
$0.0 |
| 1738 |
Reflected XSS in https://blocked.myndr.net |
$0.0 |
| 1739 |
Unauthenticated users can obtain information about Checklist objects with unclaimed ChecklistCheck objects |
$0.0 |
| 1740 |
Hidden scheduled partner events are propagated to Steam clients in CMsgClientClanState |
$0.0 |
| 1741 |
Improper email address verifiation while saving Account Details |
$0.0 |
| 1742 |
HTTP SMUGGLING EXPOSED HMAC/DOS |
$0.0 |
| 1743 |
CWE-094 ScriptEngine in java |
$0.0 |
| 1744 |
XPath Injection query in java |
$0.0 |
| 1745 |
Reflected XSS through multiple inputs in the issue collector on Jira |
$0.0 |
| 1746 |
profile-picture name parameter with large value lead to DoS for other users and programs on the platform |
$0.0 |
| 1747 |
Strored Xss on https://my.stripo.email/ ( multiple inputs) |
$0.0 |
| 1748 |
XSRF Token is Not being validated when sending emails test request which lead to CSRF attack using the flash file + 307 redirect technique |
$0.0 |
| 1749 |
[www.drive2.ru] CSRF through FCTX token bypass |
$0.0 |
| 1750 |
SSRF via 3d.cs.money/pasteLinkToImage |
$0.0 |
| 1751 |
Unrestricted File Upload on https://app.lemlist.com |
$0.0 |
| 1752 |
Lets Encrypt Certificates affected by CAA Rechecking Incident |
$0.0 |
| 1753 |
API Keys Hardcoded in Github repository |
$0.0 |
| 1754 |
UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities. |
$0.0 |
| 1755 |
IDOR in marketing calendar tool |
$0.0 |
| 1756 |
Information Disclosure FrontPage Configuration Information /_vti_inf.html in https://www.mtn.co.za/ |
$0.0 |
| 1757 |
Information Disclosure Microsoft IIS Server service.cnf in a mtn website |
$0.0 |
| 1758 |
[crm.unikrn.com] Open Redirect |
$0.0 |
| 1759 |
Open Redirect filter bypass through '' character via URL parameter |
$0.0 |
| 1760 |
Subdomain takeover on mta1a1.spmail.uber.com |
$0.0 |
| 1761 |
DOM XSS at www.forescout.com in Microsoft Edge and IE Browser |
$0.0 |
| 1762 |
SSRF in Export template to ActiveCampaign |
$0.0 |
| 1763 |
Unauthenticated request allows changing hostname |
$0.0 |
| 1764 |
User can delete data in shared folders he's not autorized to access |
$0.0 |
| 1765 |
OTP bypass - Unintended disclosure of OTP to client allows attacker to manage users' subscriptions |
$0.0 |
| 1766 |
Insecure Storage and Overly Permissive API Keys in Android App |
$0.0 |
| 1767 |
Unrestricted File Upload on https://my.stripo.email and https://stripo.email |
$0.0 |
| 1768 |
Unrestricted access to any "connected pack" on docs |
$0.0 |
| 1769 |
API - Amazon S3 bucket misconfiguration |
$0.0 |
| 1770 |
Reflected XSS via XML Namespace URI on https://go.mapbox.com/index.php/soap/ |
$0.0 |
| 1771 |
Denial of service to WP-JSON API by cache poisoning the CORS allow origin header |
$0.0 |
| 1772 |
CPP: Out of order Linux permission dropping without checking return codes |
$0.0 |
| 1773 |
Go/CWE-643: XPath Injection Query in Go |
$0.0 |
| 1774 |
CPP: Out of order Linux permission dropping without checking return codes |
$0.0 |
| 1775 |
I can subscribe and unsubscribe any user with the same token for as many times as i want |
$0.0 |
| 1776 |
India - OTP bypass on Phone number verification for account creation |
$0.0 |
| 1777 |
[www.stripo.email] You can override the speed limit by adding the X-Forwarded-For header. |
$0.0 |
| 1778 |
Signup with any email and enable 2FA without verifying email |
$0.0 |
| 1779 |
[git-promise] RCE via insecure command formatting |
$0.0 |
| 1780 |
[Total.js] Path traversal vulnerability allows to read files outside public directory |
$0.0 |
| 1781 |
Insecure redirect rule results in bypassing ban redirect on certain pages |
$0.0 |
| 1782 |
Crash Node.js process from handlebars using a small and simple source |
$0.0 |
| 1783 |
Malformed string sent through FireServer leads to server freezing/hanging |
$0.0 |
| 1784 |
Unsafe cors sharing of admin users |
$0.0 |
| 1785 |
Potential stored Cross-Site Scripting vulnerability in Support Backend |
$0.0 |
| 1786 |
Account verification bypass on translate.kromtech.com |
$0.0 |
| 1787 |
Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd |
$0.0 |
| 1788 |
frame injection on bittorrent.com |
$0.0 |
| 1789 |
CRLF Injection in urllib |
$0.0 |
| 1790 |
character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error |
$0.0 |
| 1791 |
Sourcemaps and Unminified Source Code Exposed on Pages |
$0.0 |
| 1792 |
Stored XSS in assets.txmblr.com |
$0.0 |
| 1793 |
GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend |
$0.0 |
| 1794 |
XSS on remote.bittorrent.com |
$0.0 |
| 1795 |
.git file accessible on remote.bittorrent.com |
$0.0 |
| 1796 |
xss on bittorrent.com |
$0.0 |
| 1797 |
CSRF on https://apps.topcoder.com/wiki/users general and email preferences |
$0.0 |
| 1798 |
CSRF on https://apps.topcoder.com/wiki/users/editmyprofile.action |
$0.0 |
| 1799 |
CSRF on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action |
$0.0 |
| 1800 |
Post Based Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action |
$0.0 |
| 1801 |
Reflected XSS on error page on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action |
$0.0 |
| 1802 |
Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action |
$0.0 |
| 1803 |
Reflected XSS on https://apps.topcoder.com/wiki/pages/createpage.action |
$0.0 |
| 1804 |
Reflected XSS on https://apps.topcoder.com/wiki/ |
$0.0 |
| 1805 |
Reflected XSS on https://apps.topcoder.com/wiki/page/ |
$0.0 |
| 1806 |
IDOR on deleting drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action via discardDraftId parameter |
$0.0 |
| 1807 |
Idor on the DELETE /comments/ |
$0.0 |
| 1808 |
Missing resource identifier encoding may lead to security vulnerabilities |
$0.0 |
| 1809 |
File Upload Restriction Bypass |
$0.0 |
| 1810 |
Firewall rules for ████████ can be bypassed to leak site authors |
$0.0 |
| 1811 |
[https://███] Local File Inclusion via graph.php |
$0.0 |
| 1812 |
Internal IP Address Disclosed |
$0.0 |
| 1813 |
SQL Injection - https://███/█████████/MSI.portal |
$0.0 |
| 1814 |
Bypassing CORS Misconfiguration Leads to Sensitive Exposure |
$0.0 |
| 1815 |
Improper Neutralization of Input During Web Page Generation |
$0.0 |
| 1816 |
Padding Oracle ms10-070 in the a DoD website (https://██████/) |
$0.0 |
| 1817 |
Unencrypted __VIEWSTATE parameter in a DoD website |
$0.0 |
| 1818 |
Application level DoS via xmlrpc.php |
$0.0 |
| 1819 |
No ACL on S3 Bucket in [https://www.██████████/] |
$0.0 |
| 1820 |
Sensitive Information Leaking Through DARPA Website. [█████████] |
$0.0 |
| 1821 |
[████████] — XSS on /███████_flight/images via advanced_val parameter |
$0.0 |
| 1822 |
[██████████] — Directory traversal via /aerosol-bin/███████/display_directory_████_t.cgi |
$0.0 |
| 1823 |
IDOR at https://account.mackeeper.com/at/load-reports/profile/<profile_id> leaks information about devices/licenses |
$0.0 |
| 1824 |
Bypass front server restrictions and access to forbidden files and directories through X-Rewrite-Url/X-original-url header on account.mackeeper.com |
$0.0 |
| 1825 |
SharePoint exposed web services in a subdomain |
$0.0 |
| 1826 |
ActionController::Parameters .each returns an unsafe hash |
$0.0 |
| 1827 |
ActiveStorage direct upload fails to sign content-length header for S3 service |
$0.0 |
| 1828 |
Reflected XSS at https://www.paypal.com/ppcreditapply/da/us |
$0.0 |
| 1829 |
Pixel flood attack cause the javascript heap out of memory |
$0.0 |
| 1830 |
Privilege Escalation in BuddyPress core allows Moderate to Administrator |
$0.0 |
| 1831 |
CSRF in Profile Fields allows deleting any field in BuddyPress |
$0.0 |
| 1832 |
Allow authenticated users can edit, trash,and add new in BuddyPress Emails function |
$0.0 |
| 1833 |
Improper Access Control in Buddypress core allows reply,delete any user's activity |
$0.0 |
| 1834 |
User data not anonymized is sent to analytics server |
$0.0 |
| 1835 |
Vulnerabilities chain leading to privilege escalation |
$0.0 |
| 1836 |
Reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/ |
$0.0 |
| 1837 |
Lack of HTTPS in service communications |
$0.0 |
| 1838 |
Incorrect control of the trial period |
$0.0 |
| 1839 |
XSS Reflected |
$0.0 |
| 1840 |
Self XSS combine CSRF at https://████████/index.php |
$0.0 |
| 1841 |
No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service |
$0.0 |
| 1842 |
SSRF in img.lemlist.com that leads to Localhost Port Scanning |
$0.0 |
| 1843 |
OS Command Injection on Jison [all-parser-ports] |
$0.0 |
| 1844 |
Path traversal in command line client |
$0.0 |
| 1845 |
Cleartext Transmission of Sensitive Information Leads to administrator access |
$0.0 |
| 1846 |
Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7 |
$0.0 |
| 1847 |
Mail does not verify IMAP/SMTP host connected via TLS |
$0.0 |
| 1848 |
[crypto-js] Insecure entropy source - Math.random() |
$0.0 |
| 1849 |
gagliardetto: Query to detect incorrect conversion between numeric types |
$0.0 |
| 1850 |
Unauthorized access to metadata of undisclosed reports that were retested |
$0.0 |
| 1851 |
Xss (cross site scripting) on http://axa.dxi.eu/ |
$0.0 |
| 1852 |
Reflected XSS on http://axa.dxi.eu |
$0.0 |
| 1853 |
XSS (Cross site scripting) on https://apimgr.8x8.com |
$0.0 |
| 1854 |
xmlrpc.php file enabled |
$0.0 |
| 1855 |
Reflected XSS and HTML Injectionon a DoD website |
$0.0 |
| 1856 |
Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE |
$0.0 |
| 1857 |
CSRF - Modify Company Info |
$0.0 |
| 1858 |
DOM XSS on https://www.rockstargames.com/GTAOnline/feedback |
$0.0 |
| 1859 |
CSRF - Close Account |
$0.0 |
| 1860 |
Image Injection on www.rockstargames.com/screenshot-viewer/responsive/image may allow facebook oauth token theft. |
$0.0 |
| 1861 |
CSRF Vulnerability on https://signin.rockstargames.com/tpa/facebook/link/ |
$0.0 |
| 1862 |
User with removed manage shops permissions is still able to make changes to a shop |
$0.0 |
| 1863 |
Stored XSS on demo app link |
$0.0 |
| 1864 |
Open redirect affecting m.rockstargames.com/ |
$0.0 |
| 1865 |
xss on https://www.rockstargames.com/GTAOnline/jp/screens/ |
$0.0 |
| 1866 |
Dom based xss on https://www.rockstargames.com/ via returnUrl parameter |
$0.0 |
| 1867 |
Race condition vulnerability on "This Rocks" button. |
$0.0 |
| 1868 |
Attacker may be able to bounce enough emails which suspend HackerOne's SES service and cause a DoS of HackerOne's email service |
$0.0 |
| 1869 |
Cross site scripting - XSRF Token |
$0.0 |
| 1870 |
Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486) |
$0.0 |
| 1871 |
Reflected DOM XSS on www.starbucks.co.uk |
$0.0 |
| 1872 |
Default credentials for the temporary POC site alipoc.stg.starbucks.com.cn permitted WAF bypass and RCE |
$0.0 |
| 1873 |
OAuth redirect_uri bypass using IDN homograph attack resulting in user's access token leakage |
$0.0 |
| 1874 |
Post based XSS (Cross site scripting) on https://apimgr.8x8.com |
$0.0 |
| 1875 |
Publicly accessible .svn repository - aastraconf.packet8.net |
$0.0 |
| 1876 |
[Security Vulnerability Rocket.chat] HTML Injection into Email via Signup |
$0.0 |
| 1877 |
Image Injection/XSS vulnerability affecting https://www.rockstargames.com/newswire/article |
$0.0 |
| 1878 |
Image Injection vulnerability in www.rockstargames.com/IV/screens/1280x720Image.html |
$0.0 |
| 1879 |
Image Injection vulnerability affecting www.rockstargames.com/careers may lead to Facebook OAuth Theft |
$0.0 |
| 1880 |
Dom based XSS on www.rockstargames.com/GTAOnline/features/freemode |
$0.0 |
| 1881 |
Referer Leakage Vulnerability in socialclub.rockstargames.com/crew/ leads to FB'S OAuth token theft. |
$0.0 |
| 1882 |
DOM based XSS on /GTAOnline/tw/starterpack/ |
$0.0 |
| 1883 |
Image injection /br/games/info may lead to phishing attacks or FB OAuth theft. |
$0.0 |
| 1884 |
Image Injection on /bully/anniversaryedition may lead to FB's OAuth Token Theft. |
$0.0 |
| 1885 |
DOM based XSS on /GTAOnline/de/news/article via "returnUrl" parameter |
$0.0 |
| 1886 |
Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft. |
$0.0 |
| 1887 |
Image Injection Vulnerability on /bully/screens |
$0.0 |
| 1888 |
Dom based xss on /reddeadredemption2/br/videos |
$0.0 |
| 1889 |
Referer Leakge in language changer may lead to FB token theft. |
$0.0 |
| 1890 |
Image Injection on /bully/anniversaryedition may lead to OAuth token theft. |
$0.0 |
| 1891 |
Image injection on /screenshot-viewer/responsive/image ( FIX BYPASS) |
$0.0 |
| 1892 |
image injection /screenshot-viewer/responsive/image (ANOTHER FIX BYPASS) |
$0.0 |
| 1893 |
Flash injection vulnerability on /IV/imgPlayer/imageEmbed.swf |
$0.0 |
| 1894 |
xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php |
$0.0 |
| 1895 |
DOM XSS on duckduckgo.com search |
$0.0 |
| 1896 |
CRLF injection agentcrm.8x8.com |
$0.0 |
| 1897 |
Authenticated Stored Cross-site Scripting in bbPress |
$0.0 |
| 1898 |
Read-only user can delete higher privileged members using open DELETE /api/memberships/ endpoint |
$0.0 |
| 1899 |
[www.stripo.email] You can bypass the speed limit by changing the IP. |
$0.0 |
| 1900 |
Local File Disclosure (+XSS+CSRF) in AirOS 6.2.0 devices |
$0.0 |
| 1901 |
暴力破解用户密码没有速率控制 |
$0.0 |
| 1902 |
Stored XSS at https://app.smtp2go.com/settings/users/ |
$0.0 |
| 1903 |
multiple email usage -my.stripo.email- |
$0.0 |
| 1904 |
Open redirect - user interaction needed (verkkopalvelu.lahitapiola.fi/e2/..) - based on #179328 |
$0.0 |
| 1905 |
[Java] CWE-295 - Incorrect Hostname Verification - MitM |
$0.0 |
| 1906 |
Stored XSS on Company Logo |
$0.0 |
| 1907 |
Bypass voting restriction due to HTTP Header Injection |
$0.0 |
| 1908 |
CSRF Account Deletion on ███ Website |
$0.0 |
| 1909 |
Non-admin users can trigger writes to memcached by entering a malicious server as a share URL |
$0.0 |
| 1910 |
[tumblr.com] 69< Firefox Only XSS Reflected |
$0.0 |
| 1911 |
[javascript] CWE-020: CodeQL query to detect missing origin validation in cross-origin communication via postMessage |
$0.0 |
| 1912 |
[www.werkenbijderet.nl] There is no rate limit for vacature-alert endpoints |
$0.0 |
| 1913 |
[www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service. |
$0.0 |
| 1914 |
Integer Overflow (CVE_2017_7529) |
$0.0 |
| 1915 |
SharePoint Web Services Exposed to Anonymous Access Users |
$0.0 |
| 1916 |
(CORS) Cross-origin resource sharing misconfiguration |
$0.0 |
| 1917 |
Accessible Restricted directory on [bcm-bcaw.mtn.cm] |
$0.0 |
| 1918 |
GraphQL AdminGenerateSessionPayload is leaked to staff with no permission |
$0.0 |
| 1919 |
CSRF on comment post |
$0.0 |
| 1920 |
Edit Policy restriction does not prevent comments. |
$0.0 |
| 1921 |
No Rate Limit On Reset Password |
$0.0 |
| 1922 |
[express-cart] Wide CSRF in application |
$0.0 |
| 1923 |
Remote Code Execution (Reverse Shell) - File Manager |
$0.0 |
| 1924 |
stored xss in app.lemlist.com |
$0.0 |
| 1925 |
stored xss via Campaign Name. |
$0.0 |
| 1926 |
Node disk DOS by writing to container /etc/hosts |
$0.0 |
| 1927 |
Singapore - Unrestricted File Upload Leads to XSS on campaign.starbucks.com.sg/api/upload |
$0.0 |
| 1928 |
No Rate Limiting On Phone Number Login Leads to Login Bypass |
$0.0 |
| 1929 |
Business Logic Flaw - A non premium user can change/update retailers to get cashback on all the retailers associated with Curve |
$0.0 |
| 1930 |
Grammarly Keyboard for Android "Authorization Code with PKCE" flow implementation vulnerability that allows account takeover |
$0.0 |
| 1931 |
Untrusted users able to run pending migrations in production |
$0.0 |
| 1932 |
Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify |
$0.0 |
| 1933 |
Send arbitrary PUT requests when user clicks on a link |
$0.0 |
| 1934 |
DOM-Based XSS in tumblr.com |
$0.0 |
| 1935 |
Wordpress Users Disclosure (/wp-json/wp/v2/users/) on data.gov |
$0.0 |
| 1936 |
Missing rate limit in signup Form |
$0.0 |
| 1937 |
Bypass Too Many Requests Sign Up |
$0.0 |
| 1938 |
HTML Injection leads to XSS on███ |
$0.0 |
| 1939 |
Reflected XSS on https://███████/ |
$0.0 |
| 1940 |
Reflected XSS on ███████ page |
$0.0 |
| 1941 |
Arbitrary code execution via untrusted schemas in is-my-json-valid |
$0.0 |
| 1942 |
XSS on Videos IA |
$0.0 |
| 1943 |
curl overwrites local file with -J option if file non-readable, but file writable. |
$0.0 |
| 1944 |
Get-based SSRF limited to HTTP protocol on https://resizer.line-apps.com/form |
$0.0 |
| 1945 |
IDOR at https://cpanel.hostinger.com/billing/change-order-period |
$0.0 |
| 1946 |
Unrestricted file upload leads to Stored XSS |
$0.0 |
| 1947 |
http://cpanel.hostinger.com/demo exposes Notifications and PII info |
$0.0 |
| 1948 |
Stored XSS in blob viewer |
$0.0 |
| 1949 |
Time-base SQL Injection in Search Users |
$0.0 |
| 1950 |
XSS in image metadata field |
$0.0 |
| 1951 |
User can Subscribe a plan that is hidden by manipulating the value of "subscription" parameter at [ https://app.dropcontact.io/app/checkout/] |
$0.0 |
| 1952 |
Server-Side Request Forgery in "icons.bitwarden.net" |
$0.0 |
| 1953 |
Golang : Improvements to Golang SSRF query |
$0.0 |
| 1954 |
Missing memory corruption protection on Windows release built |
$0.0 |
| 1955 |
Denial-of- service By Cache Poisoning The Cross-Origin Resource Sharing Misconfiguration Allow Origin Header |
$0.0 |
| 1956 |
HTML injection in email content |
$0.0 |
| 1957 |
Unrestricted File Upload in Chat Window |
$0.0 |
| 1958 |
XSS in desktop client via invalid server address on login form |
$0.0 |
| 1959 |
RTLO character allowed in shared files |
$0.0 |
| 1960 |
SSRF In plantuml (on plantuml.pre.gitlab.com) |
$0.0 |
| 1961 |
Session not invalidated after password reset |
$0.0 |
| 1962 |
Reflected XSS in ".mendix.com/openid/" |
$0.0 |
| 1963 |
Stored XSS in Post Preview as Contributor |
$0.0 |
| 1964 |
access permission is not revoked even if the email has been deleted or changed on the partner account -partners.shopify- |
$0.0 |
| 1965 |
Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters |
$0.0 |
| 1966 |
I.D.O.R TO EDIT ALL USER'S CREDIT CARD INFORMATION+(Partial credit card info disclosure) |
$0.0 |
| 1967 |
Denial of Service when entring an Array in email at seetings |
$0.0 |
| 1968 |
Missing SPF Records |
$0.0 |
| 1969 |
API key is not validated for C.R.M integration [Pipedrive] of LOGGED IN USER, A user can use another USER'S API key for this operation. |
$0.0 |
| 1970 |
DOM XSS on duckduckgo.com search |
$0.0 |
| 1971 |
[javascript] CWE-117: CodeQL query to detect Log Injection |
$0.0 |
| 1972 |
Registering with email [ +70 Chars ] Lead to Disclose some informations [Django Debug Mode ] |
$0.0 |
| 1973 |
CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse. |
$0.0 |
| 1974 |
User registration using public domain email like gmail in place of professional email. |
$0.0 |
| 1975 |
No Valid SPF Records |
$0.0 |
| 1976 |
increased privileges on staff account |
$0.0 |
| 1977 |
Subdomain takeover in help.tictail.com pointing to Zendesk (a Shopify acquisition) |
$0.0 |
| 1978 |
Prototype pollution attack (lodash) |
$0.0 |
| 1979 |
The authenticity_token can be reversed and used to forge valid per_form_csrf_tokens for arbitrary routes |
$0.0 |
| 1980 |
CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files |
$0.0 |
| 1981 |
XSS via unicode characters in upload filename |
$0.0 |
| 1982 |
Clickjacking lead to remove review |
$0.0 |
| 1983 |
CRLF injection on www.starbucks.com |
$0.0 |
| 1984 |
Stored XSS in Post title (PoC) |
$0.0 |
| 1985 |
Reflected XSS on ███████ |
$0.0 |
| 1986 |
Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd |
$0.0 |
| 1987 |
Reflected-XSS on https://www.topcoder.com/tc via pt parameter |
$0.0 |
| 1988 |
XSS on https://fax.pbx.itsendless.org/ (CVE-2017-18024) |
$0.0 |
| 1989 |
[bugs.fuzzing-project.org] HTML Injection via 'custom_field_7[]' parameter in '/view_all_set.php' |
$0.0 |
| 1990 |
No CSRF Protection in Resend Confirmation Email feature leads to Sending Unwanted Email in Victim's Inbox without knowing Victim's email address |
$0.0 |
| 1991 |
SSRF into Shared Runner, by replacing dockerd with malicious server in Executor |
$0.0 |
| 1992 |
Possible denial of service when entering a loooong password |
$0.0 |
| 1993 |
[@knutkirkhorn/free-space] - Command Injection through Lack of Sanitization |
$0.0 |
| 1994 |
Reflected Xss |
$0.0 |
| 1995 |
DOM Based XSS at docs.8x8.com |
$0.0 |
| 1996 |
China - IDOR on Reservation Staging/Non Production Site - https://reservation.stg.starbucks.com.cn |
$0.0 |
| 1997 |
[git-lib] RCE via insecure command formatting |
$0.0 |
| 1998 |
Reflected xss on 8x8.vc |
$0.0 |
| 1999 |
[gity] RCE via insecure command formatting |
$0.0 |
| 2000 |
[commit-msg] RCE via insecure command formatting |
$0.0 |
| 2001 |
[snekserve] Stored XSS via filenames HTML formatted |
$0.0 |
| 2002 |
Unauthenticated HTML Injection Stored - ContactUs form |
$0.0 |
| 2003 |
Re-Sharing allows increase of privileges |
$0.0 |
| 2004 |
Bypass restrict of member subscription to use custom background in https://3d.cs.money without prime subscription |
$0.0 |
| 2005 |
IDOR in https://3d.cs.money/ |
$0.0 |
| 2006 |
Public and secret api key leaked in JavaScript source |
$0.0 |
| 2007 |
Email flooding using user invitation feature in biz.yelp.com due to lack of rate limiting |
$0.0 |
| 2008 |
Cross Site Scripting (XSS) – Reflected |
$0.0 |
| 2009 |
Reflected XSS in https://www.█████/ |
$0.0 |
| 2010 |
Reflected XSS in https://www.██████/ |
$0.0 |
| 2011 |
DOM XSS on https://www.███████ |
$0.0 |
| 2012 |
[cs.money] Open Redirect Leads to Account Takeover |
$0.0 |
| 2013 |
Application DOS via specially crafted payload on 3d.cs.money |
$0.0 |
| 2014 |
Stored XSS on add project |
$0.0 |
| 2015 |
Missing rate limit for current password field (Password Change) Account Takeover |
$0.0 |
| 2016 |
Transferring a public group to a private group doesn't remove code from the Elastichsearch API search result |
$0.0 |
| 2017 |
Elasticsearch leaks data through the notes scope |
$0.0 |
| 2018 |
Uninitialized read in gdImageCreateFromXbm |
$0.0 |
| 2019 |
Windows only: arbitrary file read vulnerability in openssl s_server |
$0.0 |
| 2020 |
Long filenames cause OOM and temp files are not cleaned |
$0.0 |
| 2021 |
PHP 7.3.3: Heap-use-after-free (READ of size 8) in match_at() |
$0.0 |
| 2022 |
Reset password cookie leads to account takeover |
$0.0 |
| 2023 |
Out-of-Bound Read in urldecode() [CVE-2020-7067] |
$0.0 |
| 2024 |
..; bypass leading to tomcat scripts [Unauthenticated] |
$0.0 |
| 2025 |
SSL cookie without secure flag set |
$0.0 |
| 2026 |
[freespace] Command Injection due to Lack of Sanitization |
$0.0 |
| 2027 |
Rate limits too low for email 2FA |
$0.0 |
| 2028 |
Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179 |
$0.0 |
| 2029 |
Private RSA key and Server key exposed on the GitHub repository |
$0.0 |
| 2030 |
Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us |
$0.0 |
| 2031 |
Twitter Media Studio Source Information Disclosure With Analyst Role |
$0.0 |
| 2032 |
XSS via referrer parameter |
$0.0 |
| 2033 |
X-Forward-For Header allows to bypass access restrictions |
$0.0 |
| 2034 |
[http-live-simulator] Application-level DoS |
$0.0 |
| 2035 |
[nested-property] Prototype Pollution |
$0.0 |
| 2036 |
PIN for passwordless WebAuthn is asked for but not verified |
$0.0 |
| 2037 |
[ts-dot-prop] Prototype Pollution |
$0.0 |
| 2038 |
[expressjs-ip-control] Whitelist IP bypass leads to authorization bypass and sensitive info disclosure |
$0.0 |
| 2039 |
Open Redirect on https://go.bitwala.com/ |
$0.0 |
| 2040 |
Compromise of node can lead to compromise of pods on other nodes |
$0.0 |
| 2041 |
Compromise of auth via subset/superset namespace names. |
$0.0 |
| 2042 |
stored XSS in hey.com message content |
$0.0 |
| 2043 |
Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests |
$0.0 |
| 2044 |
Todos are not redacted when membership changes - Access to (confidential) issues and merge requests |
$0.0 |
| 2045 |
Reflected XSS in https://███████ via search parameter |
$0.0 |
| 2046 |
Access to Unclassified / FOUO Advanced Motion Platform of █████████.mil |
$0.0 |
| 2047 |
403 Forbidden Bypass at www.██████.mil |
$0.0 |
| 2048 |
PII Leak (such as CAC User ID) at https://████████/pages/login.aspx |
$0.0 |
| 2049 |
No rate limiting for confirmation email lead to huge Mass mailings |
$0.0 |
| 2050 |
SMTP interaction theft via MITM |
$0.0 |
| 2051 |
Data race conditions reported by helgrind when performing parallel DNS queries in libcurl |
$0.0 |
| 2052 |
Downgrade encryption scheme and break integrity through known-plaintext attack |
$0.0 |
| 2053 |
Отправка произвольных запросов к API с правами любого установленного у пользователя iframe/miniapp |
$0.0 |
| 2054 |
Use After Free in GC with Certain Destructors |
$0.0 |
| 2055 |
Use after free vulnerability in phar_parse_zipfile |
$0.0 |
| 2056 |
PHP builded for Windows with TS support does not resolve relalative paths with drive letter correctly |
$0.0 |
| 2057 |
DirectoryIterator class silently truncates after a null byte |
$0.0 |
| 2058 |
Null Pointer Dereference in PHP Session Upload Progress |
$0.0 |
| 2059 |
Out-of-bounds Read in php_strip_tags_ex |
$0.0 |
| 2060 |
PHP link() silently truncates after a null byte on Windows |
$0.0 |
| 2061 |
[CVE-2020-10543] Buffer overflow caused by a crafted regular expression |
$0.0 |
| 2062 |
Race condition on my.stripo.email at /cabinet/stripeapi/v1/projects/298427/emails/folders uri |
$0.0 |
| 2063 |
XSS DI BIODATA |
$0.0 |
| 2064 |
[node-downloader-helper] Path traversal via Content-Disposition header |
$0.0 |
| 2065 |
CORS misconfiguration leads to users information disclosure at https://studyroom.line.me |
$0.0 |
| 2066 |
Improper confidentiality protection of server-side encryption keys |
$0.0 |
| 2067 |
CVE-2019-5481: krb5: double-free in read_data() after realloc() fail |
$0.0 |
| 2068 |
CVE-2019-5482: Heap buffer overflow in TFTP when using small blksize |
$0.0 |
| 2069 |
Stored XSS in Application menu via Home Page Url |
$0.0 |
| 2070 |
Improper access control to messages of Social app |
$0.0 |
| 2071 |
Social App does not validate server certificates for outgoing connections |
$0.0 |
| 2072 |
Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media |
$0.0 |
| 2073 |
Captcha checker "pd-captcha_form_SURVEYID" cookie is accepting any value |
$0.0 |
| 2074 |
Reflected XSS at /category/ on a Atavis theme |
$0.0 |
| 2075 |
Reflected XSS on a Atavist theme |
$0.0 |
| 2076 |
IDOR at 'media_code' when addings media to questions |
$0.0 |
| 2077 |
Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal |
$0.0 |
| 2078 |
Permanent DoS with one click. |
$0.0 |
| 2079 |
Privilege Escalation in Point Of Sale Application from POS Manage Staff Role to potentially Store Owner |
$0.0 |
| 2080 |
Self xss in product reviews |
$0.0 |
| 2081 |
CVE-2020-14179 on https://jira.theendlessweb.com/secure/QueryComponent!Default.jspa leads to information disclosure |
$0.0 |
| 2082 |
Unauthorized access to private project security dashboard |
$0.0 |
| 2083 |
XSS on Issue reference numbers |
$0.0 |
| 2084 |
CORS misconfiguration which leads to the disclosure |
$0.0 |
| 2085 |
XSS Reflect to POST █████ |
$0.0 |
| 2086 |
{███} It is posible download all information and files via S3 Bucket Misconfiguration |
$0.0 |
| 2087 |
Reflected XSS on https://████/ (Bypass of #1002977) |
$0.0 |
| 2088 |
SharePoint Web Services Exposed to Anonymous Access |
$0.0 |
| 2089 |
SharePoint Web Services Exposed to Anonymous Access |
$0.0 |
| 2090 |
CSRF on developer.zendesk.com via Cache Deception |
$0.0 |
| 2091 |
IDOR on notes to HTML injection |
$0.0 |
| 2092 |
[api.tumblr.com] Denial of Service by cookies manipulation |
$0.0 |
| 2093 |
CVE-2019-11250 remains in effect. |
$0.0 |
| 2094 |
secret leaks in vsphere cloud controller manager log |
$0.0 |
| 2095 |
No rate limiting for subscribe email + lead to Cross origin misconfiguration |
$0.0 |
| 2096 |
PII Leak of USCG Designated Examiner List at https://www.███ |
$0.0 |
| 2097 |
CSRF to Stored HTML injection at https://www.█████ |
$0.0 |
| 2098 |
SSL expired subdomain leads to API swap with main and flagged cookies. Unable to log device ids and certain session tokens. |
$0.0 |
| 2099 |
Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo |
$0.0 |
| 2100 |
CVE-2020-8169: Partial password leak over DNS on HTTP redirect |
$0.0 |
| 2101 |
CVE-2020-8286: Inferior OCSP verification |
$0.0 |
| 2102 |
Default behavior of Fastifys versioned routes can be used for cache poisoning when Fastify is used in combination with a http cache / CDN |
$0.0 |
| 2103 |
Broken validation of user Id for JWT Token |
$0.0 |
| 2104 |
Multiple Vulnerabilities in (*www.yoti.com) - Leads to Leakage user admin Sensitive Exposure |
$0.0 |
| 2105 |
No rate limiting for confirmation email lead to huge Mass mailings |
$0.0 |
| 2106 |
Bypass subscription |
$0.0 |
| 2107 |
Arbitrary change of blog's background image via CSRF |
$0.0 |
| 2108 |
Reflected XSS at https://www.glassdoor.com/ via the 'numSuggestions' parameter |
$0.0 |
| 2109 |
CSRF on https://apps.topcoder.com/wiki/pages/doattachfile.action |
$0.0 |
| 2110 |
CSRF on https://apps.topcoder.com/wiki/users/editmyprofilepicture.action |
$0.0 |
| 2111 |
Premium Email Address Check Bypass - Hey |
$0.0 |
| 2112 |
vidyard api auth_token exposed |
$0.0 |
| 2113 |
https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529 |
$0.0 |
| 2114 |
DOMPurify bypass |
$0.0 |
| 2115 |
Bypass Tracking Blocker Protection Using Slashes Without Protocol On The Image Source. |
$0.0 |
| 2116 |
Multiple Cross-Site Scripting vulnerability via the language parameter |
$0.0 |
| 2117 |
DMARC and SPF records |
$0.0 |
| 2118 |
Java: Add SSRF query for Java |
$0.0 |
| 2119 |
[javascript] CWE-614: CodeQL query to detect if cookies are sent without the flag secure being set |
$0.0 |
| 2120 |
Java : add fastjson detection. Improve RemoteFlowSource class, support SpringMvc |
$0.0 |
| 2121 |
CSRF for deleting videos |
$0.0 |
| 2122 |
Stored XSS at Template Editor in "Section Name" Field of Block element 'Accordion'. |
$0.0 |
| 2123 |
Stored XSS at "Conditions " through "My Custom Rule" Field at [https://my.stripo.email/cabinet/#/template-editor/] in Template Editor. |
$0.0 |
| 2124 |
Identify unique user ID of all the profiles |
$0.0 |
| 2125 |
XSS in Email Input [intensedebate.com] |
$0.0 |
| 2126 |
CSRF in changing users donation_settings [https://streamlabs.com/api/v6/viewer-portal/viewer-settings/donation_settings] |
$0.0 |
| 2127 |
Internal API endpoint is accesible for everyone |
$0.0 |
| 2128 |
Cross Site Scripting using Email parameter in Ads endpoint 1 |
$0.0 |
| 2129 |
Possible (we need to wait for some time) takeover of subdomain badootech.badoo.com which is pointing to Medium servers |
$0.0 |
| 2130 |
Cross Site Scripting using Email parameter in Ads endpoint 2 |
$0.0 |
| 2131 |
Read-only application can publish/delete fleets |
$0.0 |
| 2132 |
No rate limiting - Create Plug-ins |
$0.0 |
| 2133 |
No rate limiting - Create data |
$0.0 |
| 2134 |
Stored XSS on oslo.io in notifications via project name change |
$0.0 |
| 2135 |
Being able to change account contents even after password change |
$0.0 |
| 2136 |
csi-snapshot-controller crashes when processing VolumeSnapshot with non-existing PVC |
$0.0 |
| 2137 |
CVE-2020-8285: FTP wildcard stack overflow |
$0.0 |
| 2138 |
Rate limit function bypass can leads to occur huge critical problem into website. |
$0.0 |
| 2139 |
Able to leak private email of any user given his/her username via graphql |
$0.0 |
| 2140 |
Bypass extension check leads to stored XSS at https://s2.booth.pm |
$0.0 |
| 2141 |
Обход приватности у фотографий/документов |
$0.0 |
| 2142 |
Open Redirect Vulnerability on TikTok Ads Portal |
$0.0 |
| 2143 |
GraphQL introspection query works through unauthenticated WebSocket |
$0.0 |
| 2144 |
No rate limit in email subscription |
$0.0 |
| 2145 |
SQL Injection intensedebate.com |
$0.0 |
| 2146 |
Improper Input Validation on User's Location on PUT /WhoService/putLocation Could Affect Availability/Falsify Users |
$0.0 |
| 2147 |
Incorrect IPv6 literal parsing leads to validated connection to unexpected https server. |
$0.0 |
| 2148 |
Double-free of trailers_buf' on Curl_http_compile_trailers()` failure |
$0.0 |
| 2149 |
PHP info page disclosure |
$0.0 |
| 2150 |
POST based RXSS on https://█████ via frm_email parameter |
$0.0 |
| 2151 |
Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179 |
$0.0 |
| 2152 |
Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179 |
$0.0 |
| 2153 |
System Error Reveals Sensitive SQL Call Data |
$0.0 |
| 2154 |
PII Information Leak at https://████████.mil/ |
$0.0 |
| 2155 |
Bypass of #1047119: Missing Rate Limit while creating Plug-Ins at https://my.stripo.email/cabinet/plugins/ |
$0.0 |
| 2156 |
[dy-server2] - stored Cross-Site Scripting |
$0.0 |
| 2157 |
Session Hijack via Self-XSS |
$0.0 |
| 2158 |
Reflected XSS on /www/delivery/afr.php (bypass of report #775693) |
$0.0 |
| 2159 |
Open redirect in ck.php and lg.php |
$0.0 |
| 2160 |
loing in to marketplace panel on enablement.informatica.com |
$0.0 |
| 2161 |
[nextcloud.com] Control character allowed in Submit Question |
$0.0 |
| 2162 |
Unrestricted Upload of File with Dangerous Type |
$0.0 |
| 2163 |
Information Disclosure of Advertiser Account on TikTok Ads Portal |
$0.0 |
| 2164 |
Manipulating response leads to free access to Streamlabs Prime |
$0.0 |
| 2165 |
Potential DDoS when posting long data into workflow validation rules |
$0.0 |
| 2166 |
Poll loop/hang on incomplete HTTP header |
$0.0 |
| 2167 |
Golang : Add MongoDb NoSQL injection sinks |
$0.0 |
| 2168 |
[intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id} |
$0.0 |
| 2169 |
Net::SMTP with tls allows forged certificates as long as the hostname matches |
$0.0 |
| 2170 |
Possible RCE through Windows Custom Protocol on Windows client |
$0.0 |
| 2171 |
Reflected XSS on https://█████████html?url |
$0.0 |
| 2172 |
Old Session Does Not Expires After Password Change |
$0.0 |
| 2173 |
Reflected XSS www.█████ search form |
$0.0 |
| 2174 |
Reflected XSS on /admin/userlog-index.php |
$0.0 |
| 2175 |
Reflected XSS on /admin/stats.php |
$0.0 |
| 2176 |
Permanent DoS at https://happy.tools/ when inviting a user |
$0.0 |
| 2177 |
Reflected XSS in https://www.intensedebate.com/js/getCommentLink.php |
$0.0 |
| 2178 |
Reflected XSS on https://█████████/ |
$0.0 |
| 2179 |
Sensitive Information Leaking Through DoD Owned Website https://www.█████.mil |
$0.0 |
| 2180 |
Access Control: Inject tasks into other users decks |
$0.0 |
| 2181 |
DOM-Based XSS in tumblr.com |
$0.0 |
| 2182 |
Libcurl ocasionally sends HTTPS traffic to port 443 rather than specified port 8080 |
$0.0 |
| 2183 |
Able to upload backgrounds before entering 2FA |
$0.0 |
| 2184 |
IDOR at https://fast.trychameleon.com/observe/v2/profiles/ via uid parameter discloses users' PII data |
$0.0 |
| 2185 |
XSS on kubernetes-csi.github.io (mdBook) |
$0.0 |
| 2186 |
DoS for GCSArtifact.RealAll |
$0.0 |
| 2187 |
Low privileged user can create high privileged user's KITCRM authorization token and can read and write message to KIT |
$0.0 |
| 2188 |
assets/vendor.js file exposing sentry.io token and DNS and application id . |
$0.0 |
| 2189 |
Reflected XSS In https://███████ |
$0.0 |
| 2190 |
PII Leak of ████████ Personal at https://www.█████████ |
$0.0 |
| 2191 |
Register with non accepted email types on https://███████ |
$0.0 |
| 2192 |
Bypassed a fix to gain access to PII of more than 100 Officers |
$0.0 |
| 2193 |
Reflect XSS and CSP Bypass on https://www.paypal.com/businesswallet/currencyConverter/ |
$0.0 |
| 2194 |
[Java] CWE-295: Disabled certificate validation in JXBrowser |
$0.0 |
| 2195 |
Regular expression denial of service in ActiveRecord's PostgreSQL Money type |
$0.0 |
| 2196 |
XSS в обработчике ссылок |
$0.0 |
| 2197 |
[sub.wordpress.com] - XSS when adjust block Poll - Confirmation Message - On submission:Redirect to another webpage - Redirect address:[xss_payload] |
$0.0 |
| 2198 |
Open Redirect on Login Page of Stocky App |
$0.0 |
| 2199 |
Bypass Password Authentication to Update the Password |
$0.0 |
| 2200 |
Html injection on ██████.informatica.com via search.html?q=1 |
$0.0 |
| 2201 |
[Bypass #870709] Unauthorised access to pagespeed global admin at https://webtools.paloalto.com/ |
$0.0 |
| 2202 |
ArcGIS Rest Service linked to unsecured survey data |
$0.0 |
| 2203 |
Remote hacker can download all the files of master branch in public projects where everything is members only. |
$0.0 |
| 2204 |
[golang] Division by zero query |
$0.0 |
| 2205 |
email verification bypass |
$0.0 |
| 2206 |
CVE 2020 14179 on jira instance |
$0.0 |
| 2207 |
Second Order XSS via █████ |
$0.0 |
| 2208 |
Knowledge Base Articles are Globally Modifiable via ██████ |
$0.0 |
| 2209 |
Stored xss in larksuite internal helpdesk and other user's helpdesk. |
$0.0 |
| 2210 |
DNS Setup allows sending mail on behalf of other customers |
$0.0 |
| 2211 |
Stored XSS in Satisfaction Surveys via "Ask Reason for Dissatisfaction" option |
$0.0 |
| 2212 |
RDR2 game service method allows adding any player to a new Posse without consent |
$0.0 |
| 2213 |
[experience.uber.com] Node.js source code disclosure & anonymous access to internal Uber documents, templates and tools |
$0.0 |
| 2214 |
Stored XSS via Create a Fetish section. |
$0.0 |
| 2215 |
stack trace exposed on https://receipts.uber.com/ |
$0.0 |
| 2216 |
Stealing app credentials by reflected xss on Lark Suite |
$0.0 |
| 2217 |
Improper generating of access link at go.larksuite.com leads to access to other organizations/users' private data |
$0.0 |
| 2218 |
Config override using non-validated query parameter allows at least reflected XSS by injecting configuration into state |
$0.0 |
| 2219 |
Memory Dump and Env Disclosure via Spring Boot Actuator |
$0.0 |
| 2220 |
User with single department permission can view applicant list of all department's |
$0.0 |
| 2221 |
Formula Injection vulnerability in CSV export feature |
$0.0 |
| 2222 |
Java : Add a query to detect Spring View Manipulation Vulnerability |
$0.0 |
| 2223 |
Java : Add query to detect Apache Struts enabled Development mode |
$0.0 |
| 2224 |
Sensitive information of helpdesk is being leaked. |
$0.0 |
| 2225 |
Stored XSS via Angular Expression injection via Subject while starting conversation with other users. |
$0.0 |
| 2226 |
Proxy-Authorization header carried to a new host on a redirect |
$0.0 |
| 2227 |
GraphQL Query leads to sensitive information disclosure |
$0.0 |
| 2228 |
Insecure file upload in xiaoai.mi.com Lead to Stored XSS |
$0.0 |
| 2229 |
Stored XSS in the banner block description |
$0.0 |
| 2230 |
HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC] |
$0.0 |
| 2231 |
IDOR leads to Leakage an ██████████ Login Information |
$0.0 |
| 2232 |
RXSS - https://███/ |
$0.0 |
| 2233 |
Reflected XSS on https://█████ |
$0.0 |
| 2234 |
reflected xss @ www.█████████ |
$0.0 |
| 2235 |
Informations disclosure - Access to some checkout informations |
$0.0 |
| 2236 |
2 Subdomains Takeover at readfu.com |
$0.0 |
| 2237 |
Unrestricted file upload vulnerability in IMCE |
$0.0 |
| 2238 |
Reflected XSS on /admin/campaign-zone-zones.php |
$0.0 |
| 2239 |
Reflected XSS on /admin/stats.php |
$0.0 |
| 2240 |
Messages disclosure via search feature of other users group(Cross-Tenant). |
$0.0 |
| 2241 |
Stored Cross-Site Scripting vulnerability in example Custom Digital Agreement |
$0.0 |
| 2242 |
Reflected XSS on Lark Suite |
$0.0 |
| 2243 |
CSRF to Cross-site Scripting (XSS) |
$0.0 |
| 2244 |
CSRF to Cross-site Scripting (XSS) |
$0.0 |
| 2245 |
Self XSS + CSRF Leads to Reflected XSS in https://████/ |
$0.0 |
| 2246 |
Misconfigured AWS S3 bucket leaks senstive data such of admin, Prdouction,beta, localhost and many more directories.... |
$0.0 |
| 2247 |
Reflected XSS at https://████████/███/... |
$0.0 |
| 2248 |
Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos |
$0.0 |
| 2249 |
Java : Add query for detecting Log Injection vulenrabilities |
$0.0 |
| 2250 |
Java : Add query for detecting Log Injection vulenrabilities |
$0.0 |
| 2251 |
Java: CWE-346 Queries to detect remote source flow to CORS Headers |
$0.0 |
| 2252 |
Java: CWE-652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
$0.0 |
| 2253 |
fs.realpath.native on darwin may cause buffer overflow |
$0.0 |
| 2254 |
Account Confirmation bypass leads to acess some fucntionality |
$0.0 |
| 2255 |
Origin IP found, Cloudflare bypassed |
$0.0 |
| 2256 |
[OPEN S3 BUCKET] All uploaded files are public. |
$0.0 |
| 2257 |
[Fixed] KIS for macOS is vulnerable to AV bypass due to improper client authorization on XPC service |
$0.0 |
| 2258 |
Kubelet follows symlinks as root in /var/log from the /logs server endpoint |
$0.0 |
| 2259 |
API Server DoS (crash?) if many large resources (~1MB each) are concurrently/repeatedly sent to an external Validating WebHook endpoint |
$0.0 |
| 2260 |
Reflected XSS on ███ |
$0.0 |
| 2261 |
Reflected XSS in https://██████████ via "████████" parameter |
$0.0 |
| 2262 |
Reflected XSS on ███████ |
$0.0 |
| 2263 |
Reflected XSS on █████████ |
$0.0 |
| 2264 |
Website vulnerable to POODLE (SSLv3) with expired certificate |
$0.0 |
| 2265 |
IDOR on https://██████ via POST UID enables database scraping |
$0.0 |
| 2266 |
Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site |
$0.0 |
| 2267 |
[h1-2102] [Yaworski's Broskis] Low privilege user can read POS PINs via graphql and elevate his privilege |
$0.0 |
| 2268 |
[h1-2102] Partner's team member with no permission can retrieve services financial data |
$0.0 |
| 2269 |
XSS at https://exchangemarketplace.com/blogsearch |
$0.0 |
| 2270 |
XSS at https://www.glassdoor.com/Salary/* via filter.jobTitleExact |
$0.0 |
| 2271 |
Stored XSS at Module Name |
$0.0 |
| 2272 |
porcupiney.hairs : Java/Android - Insecure Loading of a Dex File |
$0.0 |
| 2273 |
Dom XSS Rootkit on [https://www.glassdoor.com/] |
$0.0 |
| 2274 |
[XSS] Reflected XSS via POST request in (editJobAlert.htm) file |
$0.0 |
| 2275 |
Reflected XSS at https://www.glassdoor.co.in/Job/pratt-whitney-jobs-SRCH_KE0,13.htm?initiatedFromCountryPicker=true&countryRedirect=true |
$0.0 |
| 2276 |
Reflected XSS at https://www.glassdoor.co.in/Interview/BlackRock-Interview-Questions-E9331.htm via filter.jobTitleExact parameter |
$0.0 |
| 2277 |
Reflected XSS at https://www.glassdoor.com/Interview/Accenturme-Interview-Questions-E9931.htm via filter.jobTitleFTS parameter |
$0.0 |
| 2278 |
Reflected XSS at https://www.glassdoor.co.in/FAQ/Microsoft-Question-FAQ200086-E1651.htm?countryRedirect=true via PATH |
$0.0 |
| 2279 |
CSRF in https://███ |
$0.0 |
| 2280 |
'net/ftp': Uncontrolled Resource Consumption (Memory/CPU) |
$0.0 |
| 2281 |
Broken Link Hijacking on Twitter link |
$0.0 |
| 2282 |
PI leakage By Brute Forcing and Phone number deleting without using password |
$0.0 |
| 2283 |
IDOR at training.smartpay.gsa.gov/reports/quizzes-taken-by-user |
$0.0 |
| 2284 |
Sharing products with Mail allows phishing attacks due to misconfiguration. |
$0.0 |
| 2285 |
No error thrown when IDOR attempted while editing address |
$0.0 |
| 2286 |
Unexpected federated shares added via public link |
$0.0 |
| 2287 |
SSRF with information disclosure |
$0.0 |
| 2288 |
Very long names on demo.openmage.org could redirect victim users to malicious url redirects via email contacts. |
$0.0 |
| 2289 |
IDOR leads to leak analytics of any restaurant |
$0.0 |
| 2290 |
HTML Injection with XSS possible |
$0.0 |
| 2291 |
Brew bootstrap process is insecure |
$0.0 |
| 2292 |
Unsafe deserialization leads to token leakage in PayPal & PayPal for Business [Android] |
$0.0 |
| 2293 |
Stored open redirect in about page |
$0.0 |
| 2294 |
Improper access control in place for "member only" groups via root.YUI_config.flickr.api.site_key |
$0.0 |
| 2295 |
Java: JSONP Injection |
$0.0 |
| 2296 |
SHA512 incorrect on most/many releases |
$0.0 |
| 2297 |
Host Header Injection |
$0.0 |
| 2298 |
Default Nextcloud allows http federated shares |
$0.0 |
| 2299 |
Members Personal Information Leak Due to IDOR |
$0.0 |
| 2300 |
DOM Based XSS on https://████ via backURL param |
$0.0 |
| 2301 |
XSS via X-Forwarded-Host header |
$0.0 |
| 2302 |
Moodle XSS on evolve.glovoapp.com |
$0.0 |
| 2303 |
Corss-Tenant IDOR on Business allowing escalation privilege, invitation takeover, and edition of any other Businesses' employees |
$0.0 |
| 2304 |
Unrestricted File Upload Results in Cross-Site Scripting Attacks |
$0.0 |
| 2305 |
private passenger information is exposed to the Uber Driver app during ride dispatch ("Ping") events |
$0.0 |
| 2306 |
Authenticated XXE |
$0.0 |
| 2307 |
Previously created sessions continue being valid after MFA activation |
$0.0 |
| 2308 |
Several domains on kaspersky.com are vulnerable to Web Cache Deception attack |
$0.0 |
| 2309 |
[Java]: CWE-601 Spring url redirection detect |
$0.0 |
| 2310 |
[Java] CWE-078: Add JSch lib OS Command Injection sink |
$0.0 |
| 2311 |
Reflected XSS on mtnhottseat.mtn.com.gh |
$0.0 |
| 2312 |
Reflected XSS on gamesclub.mtn.com.g |
$0.0 |
| 2313 |
SMAP bypass |
$0.0 |
| 2314 |
Git Config |
$0.0 |
| 2315 |
Bypass apiserver proxy filter |
$0.0 |
| 2316 |
IDOR leads to See analytics of Loyalty Program in any restaurant. |
$0.0 |
| 2317 |
Subdomain takeover of www2.growasyouplan.com |
$0.0 |
| 2318 |
Create alias does not validate account id |
$0.0 |
| 2319 |
Take over a mail account due missing validation of account id |
$0.0 |
| 2320 |
Reflected XSS on /admin/stats.php |
$0.0 |
| 2321 |
XSS STORED AT socialclub.rockstargames.com (add friend request from profile attacker) |
$0.0 |
| 2322 |
Reflected XSS on https://██████ |
$0.0 |
| 2323 |
Reflected XSS through clickjacking at https://████ |
$0.0 |
| 2324 |
Reflected XSS at www.███████ at /██████████ via the ████████ parameter |
$0.0 |
| 2325 |
Reflected XSS |
$0.0 |
| 2326 |
Blind SQL iNJECTION |
$0.0 |
| 2327 |
CVE-2019-3403 on https://████/rest/api/2/user/picker?query= |
$0.0 |
| 2328 |
Insufficient Session Expiration on Adobe Connect | https://█████████ |
$0.0 |
| 2329 |
Header modification results in disclosure of Slack infra metadata to unauthorized parties |
$0.0 |
| 2330 |
CORS Misconfiguration, could lead to disclosure of sensitive information |
$0.0 |
| 2331 |
SQL injection in https://www.acronis.cz/ via the log parameter |
$0.0 |
| 2332 |
Hackerone is not properly deleting user id |
$0.0 |
| 2333 |
XSS by MathML at Active Storage |
$0.0 |
| 2334 |
Elmah.axd is publicly accessible leaking Error Log |
$0.0 |
| 2335 |
Reflected XSS through ClickJacking |
$0.0 |
| 2336 |
Clickjacking on profile page leading to unauthorized changes |
$0.0 |
| 2337 |
Federated shares are not password protected |
$0.0 |
| 2338 |
Account Takeover on unverified emails in File Sync & Share |
$0.0 |
| 2339 |
Web cache poisoning at www.acronis.com |
$0.0 |
| 2340 |
Remote Code Execution through "Files_antivirus" plugin |
$0.0 |
| 2341 |
Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation |
$0.0 |
| 2342 |
Reflected XSS on cz.acronis.com/dekujeme-za-odber-novinek-produktu-disk-director with ability to creating an admin user in WordPress |
$0.0 |
| 2343 |
Local File Disclosure /Delete On [us-az-vpn.acronis.com] |
$0.0 |
| 2344 |
[Java] BeanShell Injection |
$0.0 |
| 2345 |
[Java]: CWE-502 Add UnsafeDeserialization sinks |
$0.0 |
| 2346 |
anti_ransomware_service.exe REST API does not require authentication |
$0.0 |
| 2347 |
Local Privilege Escalation in anti_ransomware_service.exe via quarantine |
$0.0 |
| 2348 |
Denial of Service in anti_ransomware_service.exe via logs files |
$0.0 |
| 2349 |
Stored XSS in IE11 on hackerone.com via custom fields |
$0.0 |
| 2350 |
Exposed data of credit card details to hacker or attacker. |
$0.0 |
| 2351 |
Open URL Redirection |
$0.0 |
| 2352 |
[█████████] Reflected Cross-Site Scripting Vulnerability |
$0.0 |
| 2353 |
[www.███] Reflected Cross-Site Scripting |
$0.0 |
| 2354 |
CSRF Based XSS @ https://██████████ |
$0.0 |
| 2355 |
Self stored Xss + Login Csrf |
$0.0 |
| 2356 |
Reflected XSS at [████████] |
$0.0 |
| 2357 |
Reflected XSS on https://help.glassdoor.com/GD_HC_EmbeddedChatVF |
$0.0 |
| 2358 |
Node Installer Local Privilege Escalation |
$0.0 |
| 2359 |
OOB read in libuv |
$0.0 |
| 2360 |
Theft of arbitrary files in LINE Lite client for Android |
$0.0 |
| 2361 |
No Rate Limit On Forgot Password Page |
$0.0 |
| 2362 |
Exposed Prometheus instance at prometheus.qa.r3.com |
$0.0 |
| 2363 |
Stored-XSS on wiki pages |
$0.0 |
| 2364 |
[Bypass fixed #664038 and #519059] Application settings change settings that have been set by the user |
$0.0 |
| 2365 |
[Java]: CWE 295 - Insecure TrustManager - MiTM |
$0.0 |
| 2366 |
[Java] JShell Injection |
$0.0 |
| 2367 |
[Java]: CWE 295 - Insecure TrustManager - MiTM |
$0.0 |
| 2368 |
[go]: Add query for detecting CORS misconfiguration |
$0.0 |
| 2369 |
Leak arbitrary file under nextcloud android client privacy directory |
$0.0 |
| 2370 |
OS Command Injection in '/lib/un.rb -- Utilities to replace common UNIX commands in Makefiles etc' |
$0.0 |
| 2371 |
Multiple server ssh usernames leaked in your github repository |
$0.0 |
| 2372 |
pam_ussh does not properly validate the SSH certificate authority |
$0.0 |
| 2373 |
Account takeover through multistage CSRF at https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer and ../AutoChoice/changePwOktaAnswer |
$0.0 |
| 2374 |
Canonical Snapcraft vulnerable to remote code execution under certain conditions |
$0.0 |
| 2375 |
Buffer Overflow in smblib.c |
$0.0 |
| 2376 |
Cross site scripting |
$0.0 |
| 2377 |
xss reflected on https://███████- (███ parameters) |
$0.0 |
| 2378 |
xss on https://███████(█████████ parameter) |
$0.0 |
| 2379 |
XSS Reflected on https://███ (███ parameter) |
$0.0 |
| 2380 |
Reflected XSS - https://███ |
$0.0 |
| 2381 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
| 2382 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
| 2383 |
SQL injection my method -1 OR 321=6 AND 000159=000159 |
$0.0 |
| 2384 |
Bypassing Content-Security-Policy leads to open-redirect and iframe xss |
$0.0 |
| 2385 |
DNS Misconfiguration (Subdomain Takeover) - █████████.8x8.com |
$0.0 |
| 2386 |
[Java] CWE-601: Add Spring URL Redirect ResponseEntity sink |
$0.0 |
| 2387 |
[Java] CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
$0.0 |
| 2388 |
Bypass Rate Limits on app.snapchat.com API Endpoint via X-Forwarded-For Header |
$0.0 |
| 2389 |
Mishandling of hackerone clear background checks resulting in disclosure of other hacker's information |
$0.0 |
| 2390 |
CVE-2020-3452 - unauthenticated file read on anyconnect.routematch.com |
$0.0 |
| 2391 |
Webauthn tokens are not removed on user deletion |
$0.0 |
| 2392 |
Password reset token leak on third party website via Referer header |
$0.0 |
| 2393 |
Reflected XSS on play.mtn.co.za |
$0.0 |
| 2394 |
No rate limit in otp code sending |
$0.0 |
| 2395 |
Possible LDAP username and password disclosed on Github |
$0.0 |
| 2396 |
Reflected XSS on delivery.glovoapp.com |
$0.0 |
| 2397 |
Clipboard DOM-based XSS |
$0.0 |
| 2398 |
Reflected XSS on https://www.glassdoor.com/job-listing/spotlight |
$0.0 |
| 2399 |
Email verification bypassed during sing up (████████) |
$0.0 |
| 2400 |
[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol! |
$0.0 |
| 2401 |
S3 bucket listing/download |
$0.0 |
| 2402 |
XSS due to CVE-2020-3580 [███.mil] |
$0.0 |
| 2403 |
CUI labled and ████ and ██████ Restricted ██████ intelligence |
$0.0 |
| 2404 |
XSS on ███ |
$0.0 |
| 2405 |
[Python] CWE-943: Add NoSQL Injection Query |
$0.0 |
| 2406 |
[CVE-2021-29156] LDAP Injection at https://██████ |
$0.0 |
| 2407 |
Sensitive information on '████████' |
$0.0 |
| 2408 |
Sensitive information on ██████████ |
$0.0 |
| 2409 |
https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability) |
$0.0 |
| 2410 |
CUI labled and ████ Restricted pdf on █████ |
$0.0 |
| 2411 |
1-byte heap buffer overflow in DNS resolver |
$0.0 |
| 2412 |
2 Bypass of #1067533 rate limit via X-Forwarded-For: Source IP on ( www.trycourier.app ) |
$0.0 |
| 2413 |
Improper input validation in projects leads to fully deny access to project resources |
$0.0 |
| 2414 |
Possible to invite any team member without being logged in. [ Session Management Issue ] |
$0.0 |
| 2415 |
XSS Stored in Cacheable response |
$0.0 |
| 2416 |
Node Validation Admission does not observe all oldObject fields |
$0.0 |
| 2417 |
Information disclosure -> 2fa bypass -> POST exploitation |
$0.0 |
| 2418 |
blind sql on [selfcare.mtn.com.af] |
$0.0 |
| 2419 |
link.avito.ru - Bypass of restrictions on external links. |
$0.0 |
| 2420 |
XSS due to CVE-2020-3580 [██████] |
$0.0 |
| 2421 |
XSS due to CVE-2020-3580 [███] |
$0.0 |
| 2422 |
Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179 |
$0.0 |
| 2423 |
System Error Reveals SQL Information |
$0.0 |
| 2424 |
[play.mtn.co.za] Application level DoS via xmlrpc.php |
$0.0 |
| 2425 |
Hardware Wallets Do Not Check Unlock TIme |
$0.0 |
| 2426 |
[Java]: Add XXE sinks |
$0.0 |
| 2427 |
Use of a Broken or Risky Cryptographic Algorithm |
$0.0 |
| 2428 |
CVE-2021-22945: UAF and double-free in MQTT sending |
$0.0 |
| 2429 |
Session Fixiation allow attacker to create new evil workspace without being logged in [ Insecure Session management ] |
$0.0 |
| 2430 |
Subdomain Takeover due to ████████ NS records at us-east4.37signals.com |
$0.0 |
| 2431 |
Privilege Escalation vulnerability in steam's Remote Play feature leads to arbitrary kernel-mode driver installation |
$0.0 |
| 2432 |
[Zomato for Business Android] Vulnerability in exported activity WebView |
$0.0 |
| 2433 |
DoS of LINE client for Android via message containing multiple unicode characters (0x0e & 0x0f) |
$0.0 |
| 2434 |
CVE-2021-22947: STARTTLS protocol injection via MITM |
$0.0 |
| 2435 |
CVE-2021-22946: Protocol downgrade required TLS bypassed |
$0.0 |
| 2436 |
Phar Deserialization Vulnerability via Logging Settings |
$0.0 |
| 2437 |
com.duckduckgo.mobile.android - Cache corruption |
$0.0 |
| 2438 |
Information disclosure at '████████' --- CVE-2020-14179 |
$0.0 |
| 2439 |
███████ - XSS - CVE-2020-3580 |
$0.0 |
| 2440 |
Vulnerable Jira Instance |
$0.0 |
| 2441 |
No Rate Limiting on /reset-password-request/ endpoint |
$0.0 |
| 2442 |
Stored XSS in Conversations (both client and admin) when Active Conversation Editor is set to "Rich Text" |
$0.0 |
| 2443 |
bypass sql injection #1109311 |
$0.0 |
| 2444 |
No server side check on terms of service page which leads to bypass |
$0.0 |
| 2445 |
Domain does not Match SSL Certificate |
$0.0 |
| 2446 |
SSRF for kube-apiserver cloudprovider scene |
$0.0 |
| 2447 |
Man in the middle leading to root privilege escalation using hostNetwork=true (CAP_NET_RAW considered harmful) |
$0.0 |
| 2448 |
3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290) |
$0.0 |
| 2449 |
XW 6.2.0 firmware: 5 Reflected XSS issues in link.cgi |
$0.0 |
| 2450 |
1-click DOS in fastify-static via directly passing user's input to new URL() of NodeJS without try/catch |
$0.0 |
| 2451 |
[Python] CWE-348: Client supplied ip used in security check |
$0.0 |
| 2452 |
POST based RXSS on https://███████/ via ███ parameter |
$0.0 |
| 2453 |
DoD internal documents are leaked to the public |
$0.0 |
| 2454 |
Stored unauth XSS in calendar event via CSRF |
$0.0 |
| 2455 |
RXSS - ████ |
$0.0 |
| 2456 |
RXSS - https://████████/ |
$0.0 |
| 2457 |
RXSS Via URI Path - https://██████████/ |
$0.0 |
| 2458 |
Reflected Xss https://██████/ |
$0.0 |
| 2459 |
phpinfo() disclosure info |
$0.0 |
| 2460 |
Hash-Collision Denial-of-Service Vulnerability in Markdown Parser |
$0.0 |
| 2461 |
Email Verification Bypass And Get access to user's private invitation. |
$0.0 |
| 2462 |
Oauth Misconfiguration Lead To Account Takeover |
$0.0 |
| 2463 |
Reflected XSS in TikTok endpoints |
$0.0 |
| 2464 |
Broken link profile in the website leads to identity theft. |
$0.0 |
| 2465 |
[Python]: CWE-117 Log Injection |
$0.0 |
| 2466 |
[Java] CWE-552: Unsafe url forward |
$0.0 |
| 2467 |
XSS on tiktok.com |
$0.0 |
| 2468 |
Race condition leads to Inflation of coins when bought via Google Play Store at endpoint https://oauth.reddit.com/api/v2/gold/android/verify_purchase |
$0.0 |
| 2469 |
Third party app could steal access token as well as protected files using inAppBrowser |
$0.0 |
| 2470 |
Missing rate limit in current password change settings leads to Account takeover |
$0.0 |
| 2471 |
Reflected XSS at ████ via ██████████= parameter |
$0.0 |
| 2472 |
C# : Add query to detect Server Side Request Forgery |
$0.0 |
| 2473 |
Authentication Bypass & ApacheTomcat Misconfiguration in [██] |
$0.0 |
| 2474 |
private keys exposed on the GitHub repository |
$0.0 |
| 2475 |
Steal any users access_token via open redirect in https://streamlabs.com/global/identity?popup=1&r= |
$0.0 |
| 2476 |
Man in the middle using LoadBalancer or ExternalIPs services |
$0.0 |
| 2477 |
Tokenless GUI Authentication |
$0.0 |
| 2478 |
Просмотр удаленного сообщения из лс группы + возможность его переслать. |
$0.0 |
| 2479 |
CSRF в m.vk.com |
$0.0 |
| 2480 |
CSRF на загрузку аудиозаписей |
$0.0 |
| 2481 |
Злом (virus).. Смотрим кто голосовал в анонимном опросе!! |
$0.0 |
| 2482 |
Open redirect на мобильной версии в контакте (m.vk.com |
$0.0 |
| 2483 |
Просмотр новых фотографии со стены частной/закрытой группы или закрытого профиля. |
$0.0 |
| 2484 |
Path Traversal CVE-2021-26086 CVE-2021-26085 |
$0.0 |
| 2485 |
Broken link hijacing in https://kubernetes-csi.github.io/docs/drivers.html |
$0.0 |
| 2486 |
IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements |
$0.0 |
| 2487 |
Web Cache Poisoning leading to DoS |
$0.0 |
| 2488 |
Leaked H1's Employees Email addresses,meeting info on private bug bounty program ████████ |
$0.0 |
| 2489 |
Blog posts atom feed of a store with password protection can be accessed by anyone |
$0.0 |
| 2490 |
A member-member privilege could access the https://console.rockset.com/billing?tab=payment page even though the billing page is hidden from the menu. |
$0.0 |
| 2491 |
A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution |
$0.0 |
| 2492 |
GlassWire 2.1.167 vulnerability - MSVR 56639 |
$0.0 |
| 2493 |
Broken subdomain takeover of runpanther which was pointing towards herokuapp |
$0.0 |
| 2494 |
Use of Ruby Forwardable module and runtime meta-programming may introduce vulnerabilities |
$0.0 |
| 2495 |
chainning bugs to get full disclosure of Users addresses |
$0.0 |
| 2496 |
Open Redirect in www.shopify.dev Environment |
$0.0 |
| 2497 |
The Host Authorization middleware in Action Pack is vulnerable to crafted X-Forwarded-Host values |
$0.0 |
| 2498 |
Ruby - Regular Expression Denial of Service Vulnerability of Date Parsing Methods |
$0.0 |
| 2499 |
Reflected XSS on av.ru via q parameter at https://av.ru/collections/* |
$0.0 |
| 2500 |
[jitsi-meet] Authentication Bypass when using JWT w/ public keys |
$0.0 |
| 2501 |
Sidekiq dashboard exposed at notary.shopifycloud.com |
$0.0 |
| 2502 |
private keys exposed on the GitHub repository |
$0.0 |
| 2503 |
Expired SSL Certificate allows credentials steal |
$0.0 |
| 2504 |
IDOR vulnerability (Price manipulation) |
$0.0 |
| 2505 |
Reflected xss в m.vk.com/chatjoin |
$0.0 |
| 2506 |
Раскрытие названия частной группы через старый бокс просмотра фото. |
$0.0 |
| 2507 |
Reflected XSS in photogallery component on [https://market.av.ru] |
$0.0 |
| 2508 |
Stored XSS in files.slack.com |
$0.0 |
| 2509 |
Unathorised access to admin endpoint on plus-website-staging5.shopifycloud.com |
$0.0 |
| 2510 |
reflected xss on the path m.tiktok.com |
$0.0 |
| 2511 |
Staff can use BULK_OPERATIONS_FINISH webhook topic using Graphql without permissions all |
$0.0 |
| 2512 |
xss is triggered on your web |
$0.0 |
| 2513 |
CORS origin validation failure |
$0.0 |
| 2514 |
Exposed kubernetes dashboard |
$0.0 |
| 2515 |
4 xss vulnerability dom based cwe 79 ; wordpress bootstrap.min.js is vulnerable |
$0.0 |
| 2516 |
Possible Database Details stored in values.yaml |
$0.0 |
| 2517 |
Clickjacking at sifchain.finance |
$0.0 |
| 2518 |
Missing captcha and rate limit protection in help form |
$0.0 |
| 2519 |
RXSS - http://macademy.mtnonline.com |
$0.0 |
| 2520 |
com.reddit.frontpage vulernable to Task Hijacking (aka StrandHogg Attack) |
$0.0 |
| 2521 |
Broken Github Link Used in deployment docs of "github.com/kubernetes/kompose" |
$0.0 |
| 2522 |
Able to access private picture/video/writing when requesting for their JSON response |
$0.0 |
| 2523 |
Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS |
$0.0 |
| 2524 |
HTML injection in email content during registration via FirstName/LastName parameter |
$0.0 |
| 2525 |
Stored XSS on 1.4.0 |
$0.0 |
| 2526 |
Dependency repository hijacking aka Repo Jacking from GitHub repo rubygems/bundler-site & rubygems/bundler.github.io + bundler.io docs |
$0.0 |
| 2527 |
Open redirect (DOM-based) on av.ru via "return_url" parameter (Login form) |
$0.0 |
| 2528 |
Unauthorized access to choice.av.ru control panel |
$0.0 |
| 2529 |
Rxss on █████████ via logout?service=javascript:alert(1) |
$0.0 |
| 2530 |
Cache Poisoning DoS on updates.rockstargames.com |
$0.0 |
| 2531 |
Static files on HackerOne.com can be made inaccessible through Cache Poisoning attack |
$0.0 |
| 2532 |
Reflected XSS at dailydeals.mtn.co.za |
$0.0 |
| 2533 |
Reflected XSS on dailydeals.mtn.co.za |
$0.0 |
| 2534 |
Access to images and videos in drafts on LINE BLOG |
$0.0 |
| 2535 |
DLL hijacking in Monero GUI for Windows 0.17.3.0 would allow an attacker to perform remote command execution |
$0.0 |
| 2536 |
Default credentials lead to Spring Boot Admin dashboard access |
$0.0 |
| 2537 |
EMAIL SPOOFING |
$0.0 |
| 2538 |
Grafana LFI on https://grafana.mariadb.org |
$0.0 |
| 2539 |
Friend Request Flow Exposes User Data |
$0.0 |
| 2540 |
[IDOR] Modify other team's reminders via reminderId parameter |
$0.0 |
| 2541 |
Reflected xss and open redirect on larksuite.com using /?back_uri= parameter. |
$0.0 |
| 2542 |
Stored xss on helpdesk using user's city |
$0.0 |
| 2543 |
In orginization stored xss using location (Larksuite survey app) |
$0.0 |
| 2544 |
DOM XSS through ads |
$0.0 |
| 2545 |
XSS Reflected - ██████████ |
$0.0 |
| 2546 |
Reflected XSS in https://███████ via hidden parameter "████████" |
$0.0 |
| 2547 |
Reflected XSS on https://███/████via hidden parameter "█████████" |
$0.0 |
| 2548 |
[Javascript]: [Clipboard-based XSS] |
$0.0 |
| 2549 |
[GO]: [CWE-090: LDAP Injection All For One] |
$0.0 |
| 2550 |
Yet another SSRF query for Go |
$0.0 |
| 2551 |
Yet another SSRF query for Go |
$0.0 |
| 2552 |
Cross-site Scripting (XSS) - Stored on ads.tiktok.com in Text field |
$0.0 |
| 2553 |
Stored XSS at https://linkpop.com |
$0.0 |
| 2554 |
Buffer Overflow in optimized_escape_html method |
$0.0 |
| 2555 |
No length on password |
$0.0 |
| 2556 |
subdomain takeover on fddkim.zomato.com |
$0.0 |
| 2557 |
No character limit in password field |
$0.0 |
| 2558 |
SQL injection at /admin.php?/cp/members/create |
$0.0 |
| 2559 |
Arbitrary file read in Rocket.Chat-Desktop |
$0.0 |
| 2560 |
Email/OTP verification bypass leads to Pre-Account Takeover. |
$0.0 |
| 2561 |
Leaking sensitive information through JSON file path. |
$0.0 |
| 2562 |
Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com] |
$0.0 |
| 2563 |
Attacker Can Access to any Ticket Support on https://www.devicelock.com/support/ |
$0.0 |
| 2564 |
Stored Cross-site Scripting on devicelock.com/forum/ |
$0.0 |
| 2565 |
Cross-site Scripting (XSS) - Stored | forum.acronis.com |
$0.0 |
| 2566 |
Node.js Certificate Verification Bypass via String Injection |
$0.0 |
| 2567 |
Sending Arbitrary Requests through Jupyter Notebooks on gitlab.com and Self-Hosted GitLab Instances |
$0.0 |
| 2568 |
[h1-2102] Information disclosure - ShopifyPlus add user displays existing Shopify ID fullname |
$0.0 |
| 2569 |
Information Exposure Through Directory Listing vulnerability |
$0.0 |
| 2570 |
Able to detect if a user is FetLife supporter although this user hides their support badge in fetlife.com/conversations/{id} JSON response |
$0.0 |
| 2571 |
RXSS ON https://██████████ |
$0.0 |
| 2572 |
(CORS) Cross-origin resource sharing misconfiguration on https://█████████ |
$0.0 |
| 2573 |
Reflected XSS at https://██████/██████████ via "████████" parameter |
$0.0 |
| 2574 |
Reflected XSS at https://██████/██████ via "██████" parameter |
$0.0 |
| 2575 |
Reflected XSS at https://██████████/████████ via "███████" parameter |
$0.0 |
| 2576 |
Reflected XSS at https://█████ via "██████████" parameter |
$0.0 |
| 2577 |
Reflected XSS at https://█████████ via "███" parameter |
$0.0 |
| 2578 |
XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags |
$0.0 |
| 2579 |
CUI Labelled document out in the open |
$0.0 |
| 2580 |
IDOR |
$0.0 |
| 2581 |
When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL |
$0.0 |
| 2582 |
Broken Authentication Session Token Bug |
$0.0 |
| 2583 |
De-anonymize anonymous tips through the Tumblr blog network |
$0.0 |
| 2584 |
[AWC-Pune] - User can download files deleted by Admin using shortcuts |
$0.0 |
| 2585 |
Session Fixation on Acronis |
$0.0 |
| 2586 |
Uber Test Report 20220301 |
$0.0 |
| 2587 |
Brute force attack of current password on login page by bypassing account limit using IP rotator(https://dashboard.omise.co/signin) |
$0.0 |
| 2588 |
Normal User is able to EXPORT Feature Usage Statistics |
$0.0 |
| 2589 |
objectId in share location can be set to open arbitrary URL or Deeplinks |
$0.0 |
| 2590 |
Race condition in endpoint POST fetlife.com/users/invitation, allow attacker to generate unlimited invites |
$0.0 |
| 2591 |
RXSS on https://equifax.gr8people.com on Password Reset page in the username parameter |
$0.0 |
| 2592 |
User files is disclosed when someone called while the screen is locked |
$0.0 |
| 2593 |
Use of uninitialized value of in req_parsebody method of lua_request.c |
$0.0 |
| 2594 |
XSS because of Akamai ARL misconfiguration on ████ |
$0.0 |
| 2595 |
CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████ |
$0.0 |
| 2596 |
CSRF - Delete Account (Urgent) |
$0.0 |
| 2597 |
IDOR - Delete Users Saved Projects |
$0.0 |
| 2598 |
Reflected XSS - in Email Input |
$0.0 |
| 2599 |
CSRF - Modify User Settings with one click - Account TakeOver |
$0.0 |
| 2600 |
Exposed .bash_history at http://21days2017.mtncameroon.net/.bash_history |
$0.0 |
| 2601 |
RXSS |
$0.0 |
| 2602 |
[https://█████████/]&&[https://█████████/] Open Redirection |
$0.0 |
| 2603 |
Web Cache poisoning attack leads to User information Disclosure and more |
$0.0 |
| 2604 |
The endpoint /api/internal/graphql/requestAuthEmail on Khanacademy.or is vulnerable to Race Condition Attack. |
$0.0 |
| 2605 |
The endpoint '/test/webhooks' is vulnerable to DNS Rebinding |
$0.0 |
| 2606 |
Arbitrary File Deletion via Path Traversal in image-edit.php |
$0.0 |
| 2607 |
Incorrect Authorization Checks in /include/findusers.php |
$0.0 |
| 2608 |
Improper Authentication via previous backup code login |
$0.0 |
| 2609 |
No Rate Limiting for Password Reset Email Leads to Email Flooding |
$0.0 |
| 2610 |
Clickjacking login page of https://hackers.upchieve.org/login |
$0.0 |
| 2611 |
No rate Limit on Password Reset page on upchieve |
$0.0 |
| 2612 |
Password Reuse |
$0.0 |
| 2613 |
Missing Validation in editing "Your Phone Number" |
$0.0 |
| 2614 |
No Rate Limit on forgot password page |
$0.0 |
| 2615 |
Denial of Service vulnerability in curl when parsing MQTT server response |
$0.0 |
| 2616 |
Insecure Storage and Overly Permissive API Keys |
$0.0 |
| 2617 |
[Java]: Add JDBC connection SSRF sinks |
$0.0 |
| 2618 |
Java : Add query to detect Server Side Template Injection (SSTI) |
$0.0 |
| 2619 |
CSRF token validation system is disabled on Stripe Dashboard |
$0.0 |
| 2620 |
XSS Reflected - ███ |
$0.0 |
| 2621 |
Bypassing CORS Misconfiguration Leads to Sensitive Exposure at https://███/ |
$0.0 |
| 2622 |
Open Akamai ARL XSS at ████████ |
$0.0 |
| 2623 |
XSS on https://████/ via ███████ parameter |
$0.0 |
| 2624 |
XSS on https://██████/███ via █████ parameter |
$0.0 |
| 2625 |
XSS on https://███████/██████████ parameter |
$0.0 |
| 2626 |
XSS on https://████████/████' parameter |
$0.0 |
| 2627 |
Cross-site Scripting (XSS) - Reflected at https://██████████/ |
$0.0 |
| 2628 |
username and password leaked via pptx for █████████ website |
$0.0 |
| 2629 |
[www.█████] Path-based reflected Cross Site Scripting |
$0.0 |
| 2630 |
Reflected XSS on [█████████] |
$0.0 |
| 2631 |
Folder architecture and Filesizes of private file drop shares can be getten |
$0.0 |
| 2632 |
[Python]: Add Server-side Request Forgery sinks |
$0.0 |
| 2633 |
Regular Expression Denial of Service vulnerability |
$0.0 |
| 2634 |
Taking position in a discontinued forex pair without executing any trades |
$0.0 |
| 2635 |
Access control vulnerability (read-only) |
$0.0 |
| 2636 |
Access control vulnerability (read/write) |
$0.0 |
| 2637 |
Acess control vulnerability (read/write) |
$0.0 |
| 2638 |
Stored XSS on the "www.intensedebate.com/extras-widgets" url at "Recent comments by" module with malicious blog url |
$0.0 |
| 2639 |
[Bypass] Ability to invite a new member in sandbox Organization |
$0.0 |
| 2640 |
SSRF restricted to HTTP/HTML on LINE Social Plugins (https://social-plugins.line.me/) |
$0.0 |
| 2641 |
Use of unreleased features in programming education service (https://entry.line.me) |
$0.0 |
| 2642 |
Deleting someone else's profile image with a GraphQL query in programming education service (https://entry.line.me) |
$0.0 |
| 2643 |
xss on [developers.mtn.com] |
$0.0 |
| 2644 |
CORS Misconfiguration |
$0.0 |
| 2645 |
Open Akamai ARL XSS at ████████ |
$0.0 |
| 2646 |
[h1-2102] Improper Access Control at https://shopify.plus/[id]/users/api in operation UpdateOrganizationUserRole |
$0.0 |
| 2647 |
Attacker can bypass authentication build on ingress external auth (nginx.ingress.kubernetes.io/auth-url) |
$0.0 |
| 2648 |
CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 bypass if string not 32 chars |
$0.0 |
| 2649 |
CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster |
$0.0 |
| 2650 |
CVE-2022-27776: Auth/cookie leak on redirect |
$0.0 |
| 2651 |
subdomain takeover (abandoned Zendesk █.easycontactnow.com) |
$0.0 |
| 2652 |
CVE-2022-22576: OAUTH2 bearer bypass in connection re-use |
$0.0 |
| 2653 |
OAUTH2 bearer not-checked for connection re-use |
$0.0 |
| 2654 |
SQL INJECTION in https://████/██████████ |
$0.0 |
| 2655 |
Blind SQL Injection |
$0.0 |
| 2656 |
SSRF due to CVE-2021-27905 in www.████████ |
$0.0 |
| 2657 |
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████ |
$0.0 |
| 2658 |
Reflected XSS [███] |
$0.0 |
| 2659 |
Reflected XSS [██████] |
$0.0 |
| 2660 |
Reflected XSS due to vulnerable version of sockjs |
$0.0 |
| 2661 |
XSS at videostore.mtnonline.com/GL/*.aspx via all parameters |
$0.0 |
| 2662 |
XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload} |
$0.0 |
| 2663 |
Misconfigured rate limit for SMS phone verification endpoint |
$0.0 |
| 2664 |
Certificate authentication re-use on redirect |
$0.0 |
| 2665 |
CVE-2022-27778: curl removes wrong file on error |
$0.0 |
| 2666 |
CVE-2022-27779: cookie for trailing dot TLD |
$0.0 |
| 2667 |
CVE-2022-27782: TLS and SSH connection too eager reuse |
$0.0 |
| 2668 |
CVE-2022-27780: percent-encoded path separator in URL host |
$0.0 |
| 2669 |
CVE-2022-30115: HSTS bypass via trailing dot |
$0.0 |
| 2670 |
Storage of old passwords in plain text format |
$0.0 |
| 2671 |
Memory leak in CURLOPT_XOAUTH2_BEARER |
$0.0 |
| 2672 |
Credential leak on redirect |
$0.0 |
| 2673 |
Privilege Escalation on TikTok for Business |
$0.0 |
| 2674 |
XSS and iframe injection on tiktok ads portal using redirect params |
$0.0 |
| 2675 |
8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory |
$0.0 |
| 2676 |
Nextcloud Deck : Possibility for anyone to add a stack with existing tasks on anyone's board |
$0.0 |
| 2677 |
Read Other Users Reports Through Cloning |
$0.0 |
| 2678 |
Control character filtering misses leading and trailing whitespace in file and folder names |
$0.0 |
| 2679 |
Improper input-size validation on the user new session name can result in server-side DDoS. |
$0.0 |
| 2680 |
DOM XSS on www.adobe.com |
$0.0 |
| 2681 |
Able to bypass the fix on DOM XSS at [www.adobe.com] |
$0.0 |
| 2682 |
Django debug enabled showing information about system, database, configuration files |
$0.0 |
| 2683 |
Stored Cross Site Scripting at http://www.grouplogic.com/ADMIN/store/index.cfm?fa=disprocode |
$0.0 |
| 2684 |
Reflected XSS on https://help.glassdoor.com/gd_requestsubmitpage |
$0.0 |
| 2685 |
Reflected XSS on https://www.glassdoor.com/parts/header.htm |
$0.0 |
| 2686 |
RXSS on █████████ |
$0.0 |
| 2687 |
disclosure the live_analytics information of any livestream. |
$0.0 |
| 2688 |
CVE-2022-27779: cookie for trailing dot TLD |
$0.0 |
| 2689 |
CVE-2022-27780: percent-encoded path separator in URL host |
$0.0 |
| 2690 |
CVE-2022-30115: HSTS bypass via trailing dot |
$0.0 |
| 2691 |
All user password hash can be seen from admin panel |
$0.0 |
| 2692 |
Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag |
$0.0 |
| 2693 |
Golang : Hardcoded secret used for signing JWT |
$0.0 |
| 2694 |
Golang : Add Query To Detect PAM Authorization Bugs |
$0.0 |
| 2695 |
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su |
$0.0 |
| 2696 |
CSRF (protection bypassed) to force a below 18 user into viewing an nsfw subreddit ! |
$0.0 |
| 2697 |
Admin Authentication Bypass Lead to Admin Account Takeover |
$0.0 |
| 2698 |
Add more seats by paying less via PUT /v2/seats request manipulation |
$0.0 |
| 2699 |
Bypass for Domain-level redirects (Unvalidated Redirects and Forwar) |
$0.0 |
| 2700 |
Credential leak when use two url |
$0.0 |
| 2701 |
CVE-2022-32207: Unpreserved file permissions |
$0.0 |
| 2702 |
CVE-2022-32206: HTTP compression denial of service |
$0.0 |
| 2703 |
Reflected XSS via ████████ parameter |
$0.0 |
| 2704 |
Unauthorized Access to Internal Server Panel without Authentication |
$0.0 |
| 2705 |
Redirecting users to malicious torrent-files/websites using WebTorrent |
$0.0 |
| 2706 |
Arbitrary file download due to bad handling of Redirects in WebTorrent |
$0.0 |
| 2707 |
Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS |
$0.0 |
| 2708 |
Open redirect found on account.brave.com |
$0.0 |
| 2709 |
SMTP Command Injection in iCalendar Attachments to Emails via Newlines |
$0.0 |
| 2710 |
Reflected XSS on https://wwwapps.ups.com/ctc/request?loc= |
$0.0 |
| 2711 |
Ownership check missing when updating or deleting attachments |
$0.0 |
| 2712 |
HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding |
$0.0 |
| 2713 |
HTTP Request Smuggling Due To Improper Delimiting of Header Fields |
$0.0 |
| 2714 |
HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding |
$0.0 |
| 2715 |
Open Redirect through POST Request in www.redditinc.com |
$0.0 |
| 2716 |
Getting a free delivery by singing up from "admin_@glovoapp.com" |
$0.0 |
| 2717 |
[h1-2102] Improper Access Control at https://shopify.plus/[id]/users/api in operation UpdateOrganizationUserTfaEnforcement |
$0.0 |
| 2718 |
Public Apache Tomcat /examples example directory |
$0.0 |
| 2719 |
Cross-site scripting (DOM-based) |
$0.0 |
| 2720 |
HTML Injection in E-mail Not Resolved () |
$0.0 |
| 2721 |
LFI via Jolokia at https://█.█.█.█:1293 |
$0.0 |
| 2722 |
Can access the job name, creator name and can report any draft/under review/rejected job |
$0.0 |
| 2723 |
reflected XSS on panther.com |
$0.0 |
| 2724 |
HTML Injection via TikTok Ads Email Share |
$0.0 |
| 2725 |
Found Origin IP's lead to access to gitlab |
$0.0 |
| 2726 |
XSS in redditmedia.com can compromise data of reddit.com |
$0.0 |
| 2727 |
Unauthenticated Private Messages DIsclosure via wordpress Rest API |
$0.0 |
| 2728 |
xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS) |
$0.0 |
| 2729 |
Wordpress Users Disclosure (/wp-json/wp/v2/users/) |
$0.0 |
| 2730 |
Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame. |
$0.0 |
| 2731 |
XSS and HTML Injection on the pressable.com search box |
$0.0 |
| 2732 |
support.invisionpower.com takeover the subdomain with Zendesk |
$0.0 |
| 2733 |
Off-by-slash vulnerability in nodejs.org and iojs.org |
$0.0 |
| 2734 |
Reflected XSS on ███ via jobid parameter |
$0.0 |
| 2735 |
NordVPN Linux Client - Unsafe service file permissions leads to Local Privilege Escalation |
$0.0 |
| 2736 |
Non-revoked API Key Information disclosure via Stripo_report() |
$0.0 |
| 2737 |
Unauthorized access |
$0.0 |
| 2738 |
Privilege Escalation - "Analyst" Role Can View Email Domains of a Company - [GET /voyager/api/voyagerOrganizationDashEmailDomainMappings] |
$0.0 |
| 2739 |
[porcupiney.hairs]: [Python] Add Flask Path injection sinks |
$0.0 |
| 2740 |
TikTok's pixel/sdk.js leaks current URL from websites using postMessage |
$0.0 |
| 2741 |
Enable 2Fa verification without verifying email |
$0.0 |
| 2742 |
Password reset token leak on third party website via Referer header [██████████] |
$0.0 |
| 2743 |
API key (api.semrush.com) leak in JS-file |
$0.0 |
| 2744 |
Information disclosure through django debug mode |
$0.0 |
| 2745 |
CVE-2021-38314 @ https://www.mtn.ci |
$0.0 |
| 2746 |
firebase credentials leaks @ https://mpulse.mtnonline.com |
$0.0 |
| 2747 |
firebase credentials leaks @ ███████ |
$0.0 |
| 2748 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
| 2749 |
RXSS on ███████ |
$0.0 |
| 2750 |
RXSS on █████████ |
$0.0 |
| 2751 |
Reflected cross site scripting in https://███████ |
$0.0 |
| 2752 |
Reflected Xss in [██████] |
$0.0 |
| 2753 |
Signup with any Email and Enable 2-FA without verifying Email |
$0.0 |
| 2754 |
monerod JSON RPC server remote DoS |
$0.0 |
| 2755 |
ReDoS in net/http affects webhooks: Sidekiq job stuck at 100% CPU for a year |
$0.0 |
| 2756 |
XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution |
$0.0 |
| 2757 |
Reflected XSS [██████] |
$0.0 |
| 2758 |
XSS DUE TO CVE-2022-38463 in https://████████ |
$0.0 |
| 2759 |
IDOR Lead To VIEW & DELETE & Create api_key [HtUS] |
$0.0 |
| 2760 |
SSRF ACCESS AWS METADATA - █████ |
$0.0 |
| 2761 |
an internel important paths disclosure [HtUS] |
$0.0 |
| 2762 |
No validation to Image upload user can upload ( php APK zip files and can be used as storage purpose) |
$0.0 |
| 2763 |
store internal email disclosed through shopify-data-exporter |
$0.0 |
| 2764 |
Last video frame is still sent after video is disabled in a call |
$0.0 |
| 2765 |
XSS in www.glassdoor.com |
$0.0 |
| 2766 |
IDOR on Tagged People |
$0.0 |
| 2767 |
Create product discounts of any shop |
$0.0 |
| 2768 |
Add products to any livestream. |
$0.0 |
| 2769 |
It is possible to elevate privileges for any authenticated user to view permissions matrix and view Direct messages without appropriate permissions. |
$0.0 |
| 2770 |
Bypass local authentication (PIN code) |
$0.0 |
| 2771 |
Unintended information disclosure in the Hubot Log files |
$0.0 |
| 2772 |
REST API gets query as parameter and executes it |
$0.0 |
| 2773 |
Message ID Enumeration with Action Link Handler |
$0.0 |
| 2774 |
getRoomRoles Method leaks Channel Owner |
$0.0 |
| 2775 |
NoSQL-Injection discloses S3 File Upload URLs |
$0.0 |
| 2776 |
Message ID Enumeration with Regular Expression in getReadReceipts Meteor method |
$0.0 |
| 2777 |
Rocket.chat user info security issue |
$0.0 |
| 2778 |
getUsersOfRoom discloses users in private channels |
$0.0 |
| 2779 |
Open Redirect on www.redditinc.com via failed query param |
$0.0 |
| 2780 |
CVE-2022-35948: CRLF Injection in Nodejs ‘undici’ via Content-Type |
$0.0 |
| 2781 |
[CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname |
$0.0 |
| 2782 |
password field autocomplete enabled |
$0.0 |
| 2783 |
CORS Misconfiguration on Yelp |
$0.0 |
| 2784 |
Server-side request forgery (ssrf) |
$0.0 |
| 2785 |
XSS in Widget Review Form Preview in settings |
$0.0 |
| 2786 |
no rate limit in forgot password session |
$0.0 |
| 2787 |
Open Redirect on www.redditinc.com via failed query param bypass after fixed bug #1257753 |
$0.0 |
| 2788 |
IDOR - Delete technical skill assessment result & Gained Badges result of any user |
$0.0 |
| 2789 |
No rate limit on subscribe form |
$0.0 |
| 2790 |
CORS Misconfiguration on trust.yelp.com |
$0.0 |
| 2791 |
Autofill/Autosave password on login |
$0.0 |
| 2792 |
DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation |
$0.0 |
| 2793 |
XSS seems to work again after change to linkpop at https://linkpop.com/testnaglinagli |
$0.0 |
| 2794 |
IDOR leaking PII data via VendorId parameter |
$0.0 |
| 2795 |
Account Takeover and Information update due to cross site request forgery via POST █████████/registration/my-account.cfm |
$0.0 |
| 2796 |
Subdomain Takeover at http://██.get8x8.com/ |
$0.0 |
| 2797 |
Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS] |
$0.0 |
| 2798 |
Host Header Injection on https://███/████████/Account/ForgotPassword |
$0.0 |
| 2799 |
Access to private file's of helpdesk. |
$0.0 |
| 2800 |
Sub-Dept User Can Add User's To Main Department. |
$0.0 |
| 2801 |
Users Without Permission Can Download Restricted Files |
$0.0 |
| 2802 |
IDOR able to buy a plan with lesser fee |
$0.0 |
| 2803 |
Tomcat Servlet Examples accessible at https://44.240.33.83:38443 and https://52.36.56.155:38443 |
$0.0 |
| 2804 |
[CSRF] No Csrf protection against sending invitation to join the team. |
$0.0 |
| 2805 |
Ability to View Non-Permitted Admin Log |
$0.0 |
| 2806 |
Removed user can still view comments on the file/documents. |
$0.0 |
| 2807 |
Viewer is able to leak the previous versions of the file |
$0.0 |
| 2808 |
IDOR Allows Viewer to Delete Bin's Files |
$0.0 |
| 2809 |
Reflected Cross site scripting via Swagger UI |
$0.0 |
| 2810 |
Business Logic, currency arbitrage - Possibility to pay less than the price in USD |
$0.0 |
| 2811 |
HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding (improper fix for CVE-2022-32215) |
$0.0 |
| 2812 |
Node 18 reads openssl.cnf from /home/iojs/build/... upon startup on MacOS |
$0.0 |
| 2813 |
CVE-2022-32213 bypass via obs-fold mechanic |
$0.0 |
| 2814 |
HTTP Request Smuggling Due to Incorrect Parsing of Header Fields |
$0.0 |
| 2815 |
CVE-2022-42916: HSTS bypass via IDN |
$0.0 |
| 2816 |
Jolokia Reflected XSS |
$0.0 |
| 2817 |
Privilege Escalation to All-staff group |
$0.0 |
| 2818 |
Cross-site Scripting (XSS) - Reflected |
$0.0 |
| 2819 |
Cross-Site Request Forgery (CSRF) to xss |
$0.0 |
| 2820 |
Stored XSS in intensedebate.com via the Comments RSS |
$0.0 |
| 2821 |
CVE-2022-42916: HSTS bypass via IDN |
$0.0 |
| 2822 |
api keys leaked |
$0.0 |
| 2823 |
[Git Gud] GitHub.com Svnbridge memcached deserialization vulnerability chain leading to Remote Code Execution |
$0.0 |
| 2824 |
CSRF in AppSearch allows creation of "curations" |
$0.0 |
| 2825 |
Default password on 34.120.209.175 |
$0.0 |
| 2826 |
Reflected XSS | https://████████ |
$0.0 |
| 2827 |
Reflected XSS | https://████ |
$0.0 |
| 2828 |
IDOR on ███████ [HtUS] |
$0.0 |
| 2829 |
Open Redirect at █████ |
$0.0 |
| 2830 |
Reflected XSS in chatbot |
$0.0 |
| 2831 |
DoS via Automatic Response Message |
$0.0 |
| 2832 |
open redirect to a remote website which can phish users |
$0.0 |
| 2833 |
CVE-2022-32221: POST following PUT confusion |
$0.0 |
| 2834 |
CVE-2022-42915: HTTP proxy double-free |
$0.0 |
| 2835 |
Exception logging in Sharepoint app reveals clear-text connection details |
$0.0 |
| 2836 |
Campaign Account Balance and History Disclosed in API Response |
$0.0 |
| 2837 |
CVE-2022-45402: Apache Airflow: Open redirect during login |
$0.0 |
| 2838 |
IDOR in Stats API Endpoint Allows Viewing Equity or Net Profit of Any MT Account |
$0.0 |
| 2839 |
Unprotected Atlantis Server at https://152.70.█.█ |
$0.0 |
| 2840 |
Ability to change permissions across seller platform |
$0.0 |
| 2841 |
DNS rebinding in --inspect via invalid octal IP address |
$0.0 |
| 2842 |
Electron CVE-2022-35954 Delimiter Injection Vulnerability in exportVariable |
$0.0 |
| 2843 |
Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations) |
$0.0 |
| 2844 |
Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style) |
$0.0 |
| 2845 |
CVE-2022-43551: Another HSTS bypass via IDN |
$0.0 |
| 2846 |
Managing Pages |
$0.0 |
| 2847 |
Secret API Key is logged in cleartext |
$0.0 |
| 2848 |
SMTP Command Injection in Appointment Emails via Newlines |
$0.0 |
| 2849 |
Guests can continue to receive video streams from call after being removed from a conversation |
$0.0 |
| 2850 |
XSS via Client Side Template Injection on www.███/News/Speeches |
$0.0 |
| 2851 |
xss on reset password page |
$0.0 |
| 2852 |
Sql Injection At █████████ |
$0.0 |
| 2853 |
stored cross site scripting in https://██████████ |
$0.0 |
| 2854 |
stored cross site scripting in https://████ |
$0.0 |
| 2855 |
stored cross site scripting in https://███████ |
$0.0 |
| 2856 |
stored cross site scripting in https://██████████ |
$0.0 |
| 2857 |
stored cross site scripting in https://███ |
$0.0 |
| 2858 |
stored cross site scripting in https://█████████ |
$0.0 |
| 2859 |
stored cross site scripting in https://███ |
$0.0 |
| 2860 |
Unauthenticated phpinfo()files could lead to ability file read at █████████ [HtUS] |
$0.0 |
| 2861 |
stored cross site scripting in https://███ |
$0.0 |
| 2862 |
stored cross site scripting in https://███ |
$0.0 |
| 2863 |
Reflected XSS |
$0.0 |
| 2864 |
bypass two-factor authentication in Android apps and web |
$0.0 |
| 2865 |
Cross Origin Resource Sharing Misconfiguration |
$0.0 |
| 2866 |
Origin IP address disclosure through Pingora response header |
$0.0 |
| 2867 |
Take over subdomain undici.nodejs.org.cdn.cloudflare.net |
$0.0 |
| 2868 |
CSRF vulnerability in Nextcloud Desktop Client 3.6.1 on Windows when clicking malicious link |
$0.0 |
| 2869 |
Reference caching can leak data to unauthorized users |
$0.0 |
| 2870 |
DoS via Playbook |
$0.0 |
| 2871 |
HTML INJECTION on https://adobedocs.github.io/JourneyAPI/ due to outdated SWAGGER UI |
$0.0 |
| 2872 |
DOM XSS at https://adobedocs.github.io/indesign-api-docs/?configUrl={site} due to outdated Swagger UI |
$0.0 |
| 2873 |
Private information exposed through GraphQL search endpoints aggregates |
$0.0 |
| 2874 |
DOM XSS at https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site} due to outdated Swagger UI |
$0.0 |
| 2875 |
XSS on ( █████████.gov ) Via URL path |
$0.0 |
| 2876 |
reflected xss in www.████████.gov |
$0.0 |
| 2877 |
Reflected XSS on ██████.mil |
$0.0 |
| 2878 |
[U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions |
$0.0 |
| 2879 |
Improper Access Control in Ali Express Importer |
$0.0 |
| 2880 |
Self-XSS due to image URL can be eploited via XSSJacking techniques in review email |
$0.0 |
| 2881 |
TikTok 2FA Bypass |
$0.0 |
| 2882 |
CVE-2022-43551: Another HSTS bypass via IDN |
$0.0 |
| 2883 |
Desktop client can be tricked into opening/executing local files when clicking a nc://open/ link |
$0.0 |
| 2884 |
Splunk Sensitive Information Disclosure @████████ |
$0.0 |
| 2885 |
Multiple OpenSSL error handling issues in nodejs crypto library |
$0.0 |
| 2886 |
xss and html injection on ( https://labs.history.state.gov) |
$0.0 |
| 2887 |
CVE-2023-23916: HTTP multi-header compression denial of service |
$0.0 |
| 2888 |
CRLF Injection in Nodejs ‘undici’ via host |
$0.0 |
| 2889 |
Users querying dim_hacker_reports table through Analytics API can determine data from dim_reports table using WHERE or HAVING query |
$0.0 |
| 2890 |
Stored XSS on app.crowdsignal.com your-subdomain.crowdsignal.net via Thank You Header |
$0.0 |
| 2891 |
Reflected XSS at ████████ |
$0.0 |
| 2892 |
AWS Credentials Disclosure at ███ |
$0.0 |
| 2893 |
CORS Misconfiguration in https://████████/accounts/login/ |
$0.0 |
| 2894 |
[XSS] Reflected XSS via POST request |
$0.0 |
| 2895 |
Install.php File Exposure on Drupal |
$0.0 |
| 2896 |
HTTP multi-header compression denial of service |
$0.0 |
| 2897 |
JSON RPC methods for debugging enabled by default allow DoS |
$0.0 |
| 2898 |
Targeted phishing attacks in Login flow v2 |
$0.0 |
| 2899 |
RXSS on https://travel.state.gov/content/travel/en/search.html |
$0.0 |
| 2900 |
Improper handling of null bytes in GitHub Actions Runner allows an attacker to set arbitrary environment variables |
$0.0 |
| 2901 |
Scope information is leaked when visiting policy scopes tab of any External Program |
$0.0 |
| 2902 |
Stored XSS on www.hackerone.com due to deleted S3-bucket from old page_widget |
$0.0 |
| 2903 |
Missing brute force protection on password confirmation modal |
$0.0 |
| 2904 |
CPP: Pam Authorization Bypass |
$0.0 |
| 2905 |
[python] TarSlip vulnerability improvements |
$0.0 |
| 2906 |
Python : Add query to detect PAM authorization bypass |
$0.0 |
| 2907 |
[Python] Unsafe unpacking using shutil.unpack_archive() query and tests |
$0.0 |
| 2908 |
CVE-2023-27535: FTP too eager connection reuse |
$0.0 |
| 2909 |
Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522) |
$0.0 |
| 2910 |
Reflected XSS in ██████████ |
$0.0 |
| 2911 |
HAProxy stats panel exposed externally |
$0.0 |
| 2912 |
Reflected XSS in ██████████ |
$0.0 |
| 2913 |
Client side authentication leads to Auth Bypass |
$0.0 |
| 2914 |
xmlrpc.php file enabled at ██████.org |
$0.0 |
| 2915 |
Reflected XSS in ██████ |
$0.0 |
| 2916 |
Improper Access Control on Media Wiki allows an attackers to restart installation on DoD asset |
$0.0 |
| 2917 |
Chat room member disclosure via autocomplete API |
$0.0 |
| 2918 |
Cards in Deck are readable by any user |
$0.0 |
| 2919 |
Twitter Account hijack @nextcloudfrance |
$0.0 |
| 2920 |
HTML Injection / Reflected Cross-Site Scripting with CSP on https://accounts.firefox.com/settings |
$0.0 |
| 2921 |
Email user account in indexacao waybackurl |
$0.0 |
| 2922 |
Website PHP source code returned in javascript |
$0.0 |
| 2923 |
Session mismatch leading to potential account takeover (local access required) |
$0.0 |
| 2924 |
Ability to read any emails through IDOR on Nextcloud Mail |
$0.0 |
| 2925 |
Unrestricted File Upload on https://partner.tiktokshop.com/wsos_v2/oec_partner/upload |
$0.0 |
| 2926 |
Cloudflare is not properly deleting user's account |
$0.0 |
| 2927 |
Email exploitation with web hosting services. |
$0.0 |
| 2928 |
Reflected XSS in ████████████ |
$0.0 |
| 2929 |
reflected XSS in [www.equifax.com] |
$0.0 |
| 2930 |
reflected XSS in [www.equifax.com] |
$0.0 |
| 2931 |
Messages can be hidden regardless of server configuration |
$0.0 |
| 2932 |
Retrospective change of message timestamp and order |
$0.0 |
| 2933 |
The endpoint '/test/webhooks' is vulnerable to DNS Rebinding |
$0.0 |
| 2934 |
CVE-2023-28755: ReDoS vulnerability in URI |
$0.0 |
| 2935 |
S3 Bucket Takeover : brave-apt |
$0.0 |
| 2936 |
Information disclosure by sending a GIF |
$0.0 |
| 2937 |
Name collision of shared folders |
$0.0 |
| 2938 |
Reference fetch can saturate the server bandwidth for 10 seconds |
$0.0 |
| 2939 |
Document content of files can be obtained through Collabora for files of other users |
$0.0 |
| 2940 |
Potential directory traversal in OC\Files\Node\Folder::getFullPath |
$0.0 |
| 2941 |
blind Server-Side Request Forgery (SSRF) allows scanning internal ports |
$0.0 |
| 2942 |
Maliciously crafted message can cause Rocket.Chat server to stop responding |
$0.0 |
| 2943 |
Mute User can disclose private channel members to unauthorized users |
$0.0 |
| 2944 |
Cross-Site-Scripting in "Search Messages" |
$0.0 |
| 2945 |
Moodle XSS on s-immerscio.comprehend.ibm.com |
$0.0 |
| 2946 |
LDAP anonymous access enabled at certrep.pki.state.gov:389 |
$0.0 |
| 2947 |
Delete any LinkedIn comment on learning API of other users |
$0.0 |
| 2948 |
Attackers do not need to Pay for a Subscription to get the Discussion Group URL in Paid Learning |
$0.0 |
| 2949 |
PII of users can be downloaded from export pages |
$0.0 |
| 2950 |
Facebook App API credentials leaked in the APK |
$0.0 |
| 2951 |
Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle |
$0.0 |
| 2952 |
[ Continuation Report from #1814842 ] Can create articles using other users' NewsLetters |
$0.0 |
| 2953 |
connect.8x8.com: Blind SSRF via /api/v2/chats/image-check allows for Internal Ports scan |
$0.0 |
| 2954 |
AEM misconfiguration leads to Information disclosure |
$0.0 |
| 2955 |
XSS in ServiceNow logout https://████:443 |
$0.0 |
| 2956 |
Anyone can view the results of linkedin skill test -if failed to earn a badge or if the badge earned is kept private: both cases results can be viewed |
$0.0 |
| 2957 |
Users can set up workflows using restricted and invisible system tags |
$0.0 |
| 2958 |
No rate limit leads to spaming post |
$0.0 |
| 2959 |
Huge amount of Subdomains Takeovers at Reddit.com |
$0.0 |
| 2960 |
Reflected XSS via File Upload |
$0.0 |
| 2961 |
CVE-2020-11022 |
$0.0 |
| 2962 |
Stored XSS on wordpress.com |
$0.0 |
| 2963 |
Cache purge requests are not authenticated |
$0.0 |
| 2964 |
Entire database of emails exposed through URN injection |
$0.0 |
| 2965 |
CVE-2023-28319: UAF in SSH sha256 fingerprint check |
$0.0 |
| 2966 |
Blind SSRF in FogBugz project import |
$0.0 |
| 2967 |
DOM-XSS |
$0.0 |
| 2968 |
Reflected xss on https://█████████ |
$0.0 |
| 2969 |
Biometric key is stored in Windows Credential Manager, accessible to other local unprivileged processes |
$0.0 |
| 2970 |
CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman |
$0.0 |
| 2971 |
[Python] Add Unicode Bypass Validation query tests and help |
$0.0 |
| 2972 |
Go : Add more JWT sinks |
$0.0 |
| 2973 |
Clickjacking at open.rocket.chat |
$0.0 |
| 2974 |
XSS via Vuln Rendertron Instance At ██████████.jetblue.com/render/* |
$0.0 |
| 2975 |
HTTP Request Smuggling via Empty headers separated by CR |
$0.0 |
| 2976 |
“See who’s interested in working for your company” - security issue |
$0.0 |
| 2977 |
OpenSSL engines can be used to bypass and/or disable the permission model |
$0.0 |
| 2978 |
████ ' can add animal to other account ' at ██████ |
$0.0 |
| 2979 |
user_oidc app is missing bruteforce protection |
$0.0 |
| 2980 |
Stored XSS via ' profile ' at ███ |
$0.0 |
| 2981 |
███████ ' can delete any animal from other account ' at ██████████ |
$0.0 |
| 2982 |
Docker Registry without authentication leads to docker images download |
$0.0 |
| 2983 |
CVE-2023-28319: UAF in SSH sha256 fingerprint check |
$0.0 |
| 2984 |
Stored XSS on wordpress.com |
$0.0 |
| 2985 |
Possible DOS in app with crashing exceptions_app |
$0.0 |
| 2986 |
Escape Sequence Injection vulnerability in Rack |
$0.0 |
| 2987 |
Blind Sql Injection https:/████████ |
$0.0 |
| 2988 |
wp-embed XSS on Safari |
$0.0 |
| 2989 |
Internal machine learning API endpoint for CWE classification is vulnerable to path traversal |
$0.0 |
| 2990 |
Banned user still able to invited to reports as a collabrator and reset the password |
$0.0 |
| 2991 |
Arbitrary file write triggered by deeplink abuse - MetaMask Android |
$0.0 |
| 2992 |
ActionView sanitize helper bypass leading to XSS using SVG tag. |
$0.0 |
| 2993 |
xss(r) vcc-na11.8x8.com |
$0.0 |
| 2994 |
Rate limit missing sign-in page |
$0.0 |
| 2995 |
Asset Inventory Internal Descriptions are leaked in CSV export |
$0.0 |
| 2996 |
Stored XSS in RDoc hyperlinks through javascript scheme |
$0.0 |
| 2997 |
XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256) |
$0.0 |
| 2998 |
XSS exploit of RDoc documentation generated by rdoc |
$0.0 |
| 2999 |
Bypass for forced re-authentication upon biometrics change |
$0.0 |
| 3000 |
[Hubs] - Broken access control in placing objects in hubs room |
$0.0 |
| 3001 |
fs module's file watching is not restricted by --allow-fs-read |
$0.0 |
| 3002 |
fs.openAsBlob() bypasses permission system |
$0.0 |
| 3003 |
node.js process aborts when processing x509 certs with invalid public key information |
$0.0 |
| 3004 |
DiffieHellman doesn't generate keys after setting a key |
$0.0 |
| 3005 |
CVE-2023-32001: fopen race condition |
$0.0 |
| 3006 |
CSRF in seller-us.tiktok.com/profile/account-setting/delegation-login |
$0.0 |
| 3007 |
Incorrect handling of certain characters passed to the redirection functionality in Rails can lead to a single-click XSS vulnerability. |
$0.0 |
| 3008 |
XSS vulnerabilities due to missing checks in tag helpers |
$0.0 |
| 3009 |
Disavowed an email without any authentication |
$0.0 |
| 3010 |
bypass two-factor authentication. |
$0.0 |
| 3011 |
Tor IP leak caused by the PDF Viewer extension in certain situations |
$0.0 |
| 3012 |
Limited Disclosure: Employee credentials checked in to github (fixed) |
$0.0 |
| 3013 |
Any (non-admin) user from an instance can destroy any (user and/or global) external filesystem |
$0.0 |
| 3014 |
Hackerone All Private Program Name Leaked to Public Via Collaborator OR Attacker can Easily Dump all Private Program Names through Collaborator |
$0.0 |
| 3015 |
Node 18 reads openssl.cnf from /home/iojs/build/... upon startup. |
$0.0 |
| 3016 |
Policy-restricted modules can escalate to higher privileges by impersonating other modules in a policy list using module.constructor.createRequire() |
$0.0 |
| 3017 |
Renaming/aliasing relative symbolic links potentially redirects them to supposedly inaccessible locations |
$0.0 |
| 3018 |
Insecure Direct Object Reference allows Crew Invite deletion |
$0.0 |
| 3019 |
Dependency Policy Bypass via process.binding |
$0.0 |
| 3020 |
Complete Admin account takeover due to PhpDebugBar turned on in Uber's production server |
$0.0 |
| 3021 |
IDOR allows an attacker to delete anyone's featured photo. |
$0.0 |
| 3022 |
An Attacker Can Flag Draft Job Posts And Can Disclose The Draft Job Posts Details [ Similar to #1581528 Resolved Report] |
$0.0 |
| 3023 |
Staff and Triage can modify the initial post of a report, including of already disclosed reports |
$0.0 |
| 3024 |
Path traversal allows tricking the Talk Android app into writing files into it's root directory |
$0.0 |
| 3025 |
Improper restriction of excessive authentication attempts on WebDAV endpoint |
$0.0 |
| 3026 |
Html injection |
$0.0 |
| 3027 |
Response Manipulation lead to bypass verification code while making appointment at █████████ |
$0.0 |
| 3028 |
Stored XSS + CSRF in "apellido" value |
$0.0 |
| 3029 |
CSRF to delete a pet |
$0.0 |
| 3030 |
[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements |
$0.0 |
| 3031 |
yelp.com and biz.yelp.com ATO via XSS + Cookie Bridge |
$0.0 |
| 3032 |
CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE |
$0.0 |
| 3033 |
SqlInject at ██████ |
$0.0 |
| 3034 |
XSS Reflected |
$0.0 |
| 3035 |
stored cross site scripting in https://████████.edu |
$0.0 |
| 3036 |
CVE-2023-24488 xss on https://██████/ |
$0.0 |
| 3037 |
Permissions not respected when copying entire group folders |
$0.0 |
| 3038 |
xss reflected - pq.tva.com |
$0.0 |
| 3039 |
Admin account/panel takeOver and Doing actions in admin panel via DOM-based XSS |
$0.0 |
| 3040 |
IDOR: Authorization Bypass in LockReport Mutation for public reports |
$0.0 |
| 3041 |
CVE-2023-38039: HTTP header allocation DOS |
$0.0 |
| 3042 |
Able to see Bonus amount given to a report even if the bounty and Bonus is not visible to public or mentioned in {Report-Id}.json |
$0.0 |
| 3043 |
Unprotected Atlantis Server at https://132.226.█.█ |
$0.0 |
| 3044 |
Circuit Breaker Authorization Issue |
$0.0 |
| 3045 |
Twitter Subscriptions Information Disclosure |
$0.0 |
| 3046 |
IDOR - send a message on behalf of other user |
$0.0 |
| 3047 |
Email verification bypass for manual connection setup using service credentials |
$0.0 |
| 3048 |
Can VIEW Videos on LinkedIn Learning that Require a Subscription Without having to Subscribe Via SHARE features |
$0.0 |
| 3049 |
Dos in Form Submission at https://nextcloud.com/instant-trial/ |
$0.0 |
| 3050 |
Missing Function Level Access Control in Mozilla formula containsRegular Expression Denial of Service (CVE-2023-25166) |
$0.0 |
| 3051 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3052 |
[██████] Reflected XSS via Keycloak on ██████ |
$0.0 |
| 3053 |
Reflected XSS at https://██████/ |
$0.0 |
| 3054 |
authentication bypass |
$0.0 |
| 3055 |
[█████████] Information disclosure due unauthenticated access to APIs and system browser functions |
$0.0 |
| 3056 |
Attackers can create unlimited jobs by paying a low price ( Rp. 10,000 ) from the original lowest price of around Rp 93,151 |
$0.0 |
| 3057 |
Reflected XSS in OAUTH2 login flow (https://access.line.me) |
$0.0 |
| 3058 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3059 |
Subdomain takeover on one of the subdomain under mozilla.org |
$0.0 |
| 3060 |
[ADMIN FEATURE ACCESS] Knowing The Competitors analytics of any company |
$0.0 |
| 3061 |
(CVE-2023-32006) Permissions policies can impersonate other modules in using module.constructor.createRequire() |
$0.0 |
| 3062 |
RCE and DoS in Cosmovisor |
$0.0 |
| 3063 |
Stored XSS at nordvpn.com |
$0.0 |
| 3064 |
Potential Spoofing Risk through Firefox Private Relay Service |
$0.0 |
| 3065 |
xss reflected - pqm.tva.com |
$0.0 |
| 3066 |
Admin.MyTVA.com Customer lookup and internal notes bypass |
$0.0 |
| 3067 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3068 |
Integrity checks according to policies can be circumvented |
$0.0 |
| 3069 |
Client Side string length check |
$0.0 |
| 3070 |
CSRF to XSS in /htdocs/modules/system/admin.php |
$0.0 |
| 3071 |
Deny Admin from Editing LinkedIn Company Page using Gen Form Visibility via POST /voyager/api/voyagerOrganizationDashCompanies/{id} |
$0.0 |
| 3072 |
Responsive Server-side Request Forgery (SSRF) |
$0.0 |
| 3073 |
After the upload of an private file, using transformations, the file becomes public without the possibility of changing it. |
$0.0 |
| 3074 |
Information Disclosure FrontPage Configuration Information |
$0.0 |
| 3075 |
Blind SSRF on https://my.exnessaffiliates.com/ allows for internal network enumeration |
$0.0 |
| 3076 |
Improper Access Control allows OTP bypass |
$0.0 |
| 3077 |
IDOR vulnerability in unreleased HackerOne Copilot feature |
$0.0 |
| 3078 |
Bypass report submit restriction/ban using the API key |
$0.0 |
| 3079 |
Inviting excessive long email addresses to a calendar event makes the server unresponsive |
$0.0 |
| 3080 |
Title: Deceptive Manipulation of HTTP to HTTPS with VPN in Burp Suite |
$0.0 |
| 3081 |
CRLF injection leads to internal XSS on PangleGlobal |
$0.0 |
| 3082 |
fetlife.com/signup_step_profile expose access_token of mapbox.com |
$0.0 |
| 3083 |
[███████] Information disclosure due unauthenticated access to APIs and system browser functions |
$0.0 |
| 3084 |
Google Docs link in JS files allows editing & reading survey information |
$0.0 |
| 3085 |
Memcached used as RateLimiter backend is no-op |
$0.0 |
| 3086 |
Password of talk conversations can be bruteforced |
$0.0 |
| 3087 |
Subdomain takeover on one of the subdomain under mozgcp.net |
$0.0 |
| 3088 |
Subdomain takeover on one of the subdomain under mozgcp.net |
$0.0 |
| 3089 |
Subdomain takeover on one of the subdomain under mozgcp.net |
$0.0 |
| 3090 |
reflected xss in https://wordpress.com/start/account/user |
$0.0 |
| 3091 |
"CSRF Vulnerability in ███████ Website Allows Attackers to Change User Profile Picture at ███████" |
$0.0 |
| 3092 |
XSS in Cisco Endpoint |
$0.0 |
| 3093 |
Full account takeover of any user through reset password |
$0.0 |
| 3094 |
user_ldap app logs user passwords in the log file on level debug |
$0.0 |
| 3095 |
Enabling Birthday Contact to any user |
$0.0 |
| 3096 |
Organization members can delete reports in teams they have no access to |
$0.0 |
| 3097 |
IDOR vulnerability on profile picture changing mechanism which discloses other user's profile picture. |
$0.0 |
| 3098 |
Password Reset Token Leak Via Referrer |
$0.0 |
| 3099 |
Multiple Path Transversal Vulnerabilites |
$0.0 |
| 3100 |
SQL Injection in parameter REPORT |
$0.0 |
| 3101 |
Secrets can be unmasked in the "Rendered Template" |
$0.0 |
| 3102 |
Incorrect Authorization leads to see other users Documents Uploaded |
$0.0 |
| 3103 |
captcha bypass leads to register multiple user with one valid captcha |
$0.0 |
| 3104 |
access to profile & reset password page without authentication |
$0.0 |
| 3105 |
CVE-2023-46218: cookie mixed case PSL bypass |
$0.0 |
| 3106 |
CSRF that makes any user send invitations to the attacker by simply clicking on a link. |
$0.0 |
| 3107 |
CSRF that makes any linkedin user follow attacker controlled accounts by simply clicking https://www.linkedin.com/comm/mynetwork/discovery-see-all/* |
$0.0 |
| 3108 |
Misconfiguration in AWS CloudFront CDN configuration makes rubygems.org serve (and cache) content from a unclaimed S3-bucket |
$0.0 |
| 3109 |
Web Cache Deception |
$0.0 |
| 3110 |
URI parser's RFC3986 regular expression has poor performance when there are two # characters, leading to ReDoS |
$0.0 |
| 3111 |
Avatar URL is exposed in patron export for secret donations |
$0.0 |
| 3112 |
DoS in bigdecimal's sqrt function due to miscalculation of loop iterations |
$0.0 |
| 3113 |
Self XSS when pasting HTML into Text app with Ctrl+Shift+V |
$0.0 |
| 3114 |
Elasticsearch is currently open without authentication on https://██████l |
$0.0 |
| 3115 |
Unauthorized access to Argo dashboard on █████ |
$0.0 |
| 3116 |
[████████] RXSS via "CurrentFolder" parameter |
$0.0 |
| 3117 |
IDOR to delete profile images in https:███████ |
$0.0 |
| 3118 |
DNS pin middleware can be tricked into DNS rebinding allowing SSRF |
$0.0 |
| 3119 |
[PATs] Token with Read-Only permissions on Issues able to modify issue comments using content write permission |
$0.0 |
| 3120 |
[PATs] Ability to leak comments from issues without ANY "Issues" repo permissions by utilizing "Pull Request" permissions |
$0.0 |
| 3121 |
An attacker can submit a Pentest Opportunity and change the status of the opportunity from submitted to in_review or reviewed |
$0.0 |
| 3122 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3123 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3124 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3125 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3126 |
CVE-2023-49920: Apache Airflow: Missing CSRF protection on DAG/trigger |
$0.0 |
| 3127 |
RXSS via region parameter |
$0.0 |
| 3128 |
RXSS on TikTok endpoints |
$0.0 |
| 3129 |
Users can access exams in course without having to subscribe to PREMIUM |
$0.0 |
| 3130 |
Reflected XSS On [https://www-useast1a.tiktok.com/ug/incentive/share/hd] |
$0.0 |
| 3131 |
Invite tokens have Insufficient entropy in GHES Management Console |
$0.0 |
| 3132 |
Error when editing a calendar appointment returns stacktrace and query |
$0.0 |
| 3133 |
Bruteforce protection in password verification can be bypassed |
$0.0 |
| 3134 |
Non-store owners can transfer Shopify-managed domain to another domain provider |
$0.0 |
| 3135 |
Non-admin users can reset app allowlist to the default |
$0.0 |
| 3136 |
Improper handling of request URLs in nextcloud/guests allows guest users to bypass app allowlist |
$0.0 |
| 3137 |
Staff without Manage Themes permissions can update themes |
$0.0 |
| 3138 |
Exposed CDN access token allows modification of all newly uploaded Snapmatic photos |
$0.0 |
| 3139 |
XSS on terra-6.indriverapp.com |
$0.0 |
| 3140 |
XSS in Subdomain of DuckDuckGo |
$0.0 |
| 3141 |
Memory Corruption via Large Pixels |
$0.0 |
| 3142 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3143 |
Infromation Disclosure To Use of Hard-coded Cryptographic Key |
$0.0 |
| 3144 |
IBM Maximo Asset Management could allow a remote attacker to bypass authentication due to improper access controls |
$0.0 |
| 3145 |
Blind Stored XSS in shopify internal Parquet Viewer |
$0.0 |
| 3146 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3147 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3148 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3149 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3150 |
Subdomain takeover on one of the subdomain under mozaws.net |
$0.0 |
| 3151 |
Subdomain takeover on one of the subdomain under mozgcp.net |
$0.0 |
| 3152 |
CVE-2018-6389 exploitation - using scripts loader |
$0.0 |
| 3153 |
IDOR in one subdomain of █████████ -> change information of pets without athorization! |
$0.0 |
| 3154 |
Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo |
$0.0 |
| 3155 |
[demo.stripo.email] HTTP request Smuggling |
$0.0 |
| 3156 |
Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) |
$0.0 |
| 3157 |
Improper handling of wildcards in --allow-fs-read and --allow-fs-write |
$0.0 |
| 3158 |
Secure Client-Initiated Renegotiation |
$0.0 |
| 3159 |
Can download files by zipping the folder |
$0.0 |
| 3160 |
Disclosure of users' ip address whenever they view my fright offer on image preview (Without interaction) |
$0.0 |
| 3161 |
# Drivers can access the customers phone number, current location without getting their offer accepted! |
$0.0 |
| 3162 |
Employee-only Area Bypass |
$0.0 |
| 3163 |
Ability to getting Twitter Blue verified badge without purchase it |
$0.0 |
| 3164 |
Arbitrary file read from Cloudflare Pages build environment |
$0.0 |
| 3165 |
Improper Authentication on Alertmanager instance |
$0.0 |
| 3166 |
XSS Refelected on jazz.net |
$0.0 |
| 3167 |
Able to see Twitter Circle tweets due to improper access control on the "FavoriteTweet" endpoint |
$0.0 |
| 3168 |
Unauthorized Access to Offline Publication Cover Pages via SOURCE_DOCUMENT_ID |
$0.0 |
| 3169 |
Denial of Service by resource exhaustion in fetch() brotli decoding |
$0.0 |
| 3170 |
Being able to disclose IBB bounty table of any public program |
$0.0 |
| 3171 |
Bypassing the block of Security Domain Restriction and normally invite blocked domains with special characters “İ” |
$0.0 |
| 3172 |
Reflective Cross Site Scripting (XSS) on ███████/Pages |
$0.0 |
| 3173 |
Resource Injection - [████████] |
$0.0 |
| 3174 |
Parâmetro XSS: Nome de usuário - █████████ |
$0.0 |
| 3175 |
Xss Parameter: //[*]/.css ████████ |
$0.0 |
| 3176 |
Xss - ███ |
$0.0 |
| 3177 |
XSS in GOCD Analytics Plugin |
$0.0 |
| 3178 |
CVE-2024-2398: HTTP/2 push headers memory-leak |
$0.0 |
| 3179 |
CVE-2024-2466: TLS certificate check bypass with mbedTLS |
$0.0 |
| 3180 |
HTTP/2 PUSH_PROMISE DoS |
$0.0 |
| 3181 |
cookie is sent on redirect |
$0.0 |
| 3182 |
New Hacktivity features:Bounty rewards leakage Where programs doesn’t decide to disclose bounty in limited disclosure report |
$0.0 |
| 3183 |
Using Branded Hashtag Feature User Partnered with Account Manager Can View Videos Uploaded By A Private TikTok Account If 'item_id' Is Known |
$0.0 |
| 3184 |
Intent Leads To Unauthorised Video Call Initiation Leaking Surrounding Informations Of Victim |
$0.0 |
| 3185 |
Unprotected Atlantis Server at https://152.70.█.█ |
$0.0 |
| 3186 |
Self XSS in Tag name pattern field ///settings/tag_protection/new |
$0.0 |
| 3187 |
RXSS in hidden parameter |
$0.0 |
| 3188 |
Code exec on Github runner via Pull request name |
$0.0 |
| 3189 |
HTTP Request Smuggling via Content Length Obfuscation |
$0.0 |
| 3190 |
SQL injection on ██████████ via 'where' parameter |
$0.0 |
| 3191 |
Reflected XSS via Moodle on ███ [CVE-2022-35653] |
$0.0 |
| 3192 |
Reflected XSS on error message on Login Page |
$0.0 |
| 3193 |
Reflected Cross-site Scripting via search query on ██████ |
$0.0 |
| 3194 |
reflected xss [CVE-2020-3580] |
$0.0 |
| 3195 |
Reflected XSS via Keycloak on ███ [CVE-2021-20323] |
$0.0 |
| 3196 |
XSS in Aspera documentation website |
$0.0 |
| 3197 |
Member role which doesn't have permission to send message can send by executing channel commands |
$0.0 |
| 3198 |
Ability to see hidden likes |
$0.0 |
| 3199 |
Authentication & Registration Bypass in Newspack Extended Access |
$0.0 |
| 3200 |
Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com |
$0.0 |
| 3201 |
Able to Create Testimonials for myself using Sandbox |
$0.0 |
| 3202 |
Inadequate redaction exposes sensitive information via the “ShareReportViaEmail" GraphQL endpoint |
$0.0 |
| 3203 |
PHP Code Injection through "Translate::save()" method |
$0.0 |
| 3204 |
Authenticated RCE via page title |
$0.0 |
| 3205 |
Stored XSS filter bypass on discussion forum. "URL" tag. |
$0.0 |
| 3206 |
ID4me feature of OpenID connect app available even when disabled |
$0.0 |
| 3207 |
[hackerone.com] Program's old handles are not blacklisted like usernames and allows reclaim over past handles for potential abuse |
$0.0 |
| 3208 |
Account takeover via insecure intent handling |
$0.0 |
| 3209 |
[Spot Check] - Ability to disclose metadata about Spot Checks (Number of Hackers + Hackers Criteria) via "SpotCheckSingleQuery" |
$0.0 |
| 3210 |
Account deletion using the /v1/account/destroy API endpoint using account password without 2FA verification |
$0.0 |
| 3211 |
see card comments after remove shared board |
$0.0 |
| 3212 |
Denial of Service in curl Request - HTTP headers eat all memory |
$0.0 |
| 3213 |
"package_name" can be set as desired when submitting a Pentest Opportunity form |
$0.0 |
| 3214 |
Notes app can be tricked into using a received share created before the user logged in |
$0.0 |
| 3215 |
S3 Bucket Takeover on apptio endpoint |
$0.0 |
| 3216 |
Account takeover using reset password link |
$0.0 |
| 3217 |
Reflected xss on ████████ |
$0.0 |
| 3218 |
Sqli on ██████ search functionality |
$0.0 |
| 3219 |
Attacker can add two free bags offered by the site at the same time. |
$0.0 |
| 3220 |
sqli on █████████ search functionality |
$0.0 |
| 3221 |
Reflected XSS of media.indrive.com |
$0.0 |
| 3222 |
Unlimited fake rate to the passenger in city to city, Affected endpoint /api/v1/reviews/ride/<ID>/driver |
$0.0 |
| 3223 |
Authentication & Registration Bypass in Newspack Extended Access |
$0.0 |
| 3224 |
IDOR may allow access to non-public photos |
$0.0 |
| 3225 |
Incorrect Deep-link validation leading to unresponsive application and device |
$0.0 |
| 3226 |
Bypass network import restriction via data URL |
$0.0 |
| 3227 |
Navgraph confusion allows any 3p app to send and read requests from the server at app.hey.com |
$0.0 |
| 3228 |
Path traversal in deeplink query parameter can expose any user's private info to a public directory (one click) |
$0.0 |
| 3229 |
Hackers can Invite Collaborators Without 2FA on Programs Requiring 2FA |
$0.0 |
| 3230 |
Reset the 2FA of the user which can lead to Account Takeover |
$0.0 |
| 3231 |
2FA Bypass via Leaked Cookies |
$0.0 |
| 3232 |
Session Not Expire / 2FA Bypass |
$0.0 |
| 3233 |
Two factor authentication bypass |
$0.0 |
| 3234 |
NoSQL injection leaks visitor token and livechat messages |
$0.0 |
| 3235 |
XSS in IBM InfoCenter |
$0.0 |
| 3236 |
Self XSS |
$0.0 |
| 3237 |
Local File Inclusion in download.php |
$0.0 |
| 3238 |
IDOR : Modify other users demographic details |
$0.0 |
| 3239 |
IDOR leads to view other user Biographical details (Possible PII LEAK) |
$0.0 |
| 3240 |
IDOR leads to PII Leak |
$0.0 |
| 3241 |
Authentication Bypass on https://███████/ |
$0.0 |
| 3242 |
Arbitrary code execution in TSEC Heavy Secure, return-oriented programming in TSEC Secure ROM, and recovery of TSEC-derived cryptographic secrets |
$0.0 |
| 3243 |
Payload delivery via Social Media urls on H1 profile |
$0.0 |
| 3244 |
Reflected Cross Site Scripting |
$0.0 |
| 3245 |
CVE-2024-6197: freeing stack buffer in utf8asn1str |
$0.0 |
| 3246 |
Subdomain takeover on one of the subdomains under mozaws.net |
$0.0 |
| 3247 |
Subdomain takeover on one of the subdomains under mozaws.net |
$0.0 |
| 3248 |
█████████ (Android): Vulnerable to Javascript Injection and Open redirect |
$0.0 |
| 3249 |
Open Akamai ARL XSS on http://media.████████ |
$0.0 |
| 3250 |
Open Akamai ARL XSS on http://master-config-████████ |
$0.0 |
| 3251 |
Impersonation in Sequential Messages |
$0.0 |
| 3252 |
User Impersonation through sendMessage options |
$0.0 |
| 3253 |
Improper ACL in Message Starring |
$0.0 |
| 3254 |
Unauthenticated clients can modify Livechat Business Hours |
$0.0 |
| 3255 |
Unread Messages can leak Message IDs |
$0.0 |
| 3256 |
CSS Injection in Message Avatar |
$0.0 |
| 3257 |
Online Status of arbitrary users can be changed |
$0.0 |
| 3258 |
Upload of Avatars for other Users |
$0.0 |
| 3259 |
Cross Site Scripting |
$0.0 |
| 3260 |
Cross-site Scripting (XSS) - Reflected |
$0.0 |
| 3261 |
Reflected Cross Site Scripting Cisco ASA on myvpn.mtncameroon.net CVE-2020-3580 |
$0.0 |
| 3262 |
libcurl: freeing stack buffer during x509 certificate parsing |
$0.0 |
| 3263 |
Cross-site Scripting (XSS) - Reflected on http://h1b4e.n2.ips.mtn.co.ug:8080 via Nginx-module |
$0.0 |
| 3264 |
Cross-site Scripting (XSS) - Reflected on http://callertunez.mtn.com.gh/wap/noauth/sharedetail.ftl via callback parameter |
$0.0 |
| 3265 |
Cross-site Scripting (XSS) - Reflected on https://api.mtn.sd/carbon/admin/login.jsp via msgId parameter - CVE-2020-17453 |
$0.0 |
| 3266 |
Jitsi: Bridge Message Spoofing due to Improper JSON Handling leads to Prototype Pollution |
$0.0 |
| 3267 |
Local Privilege Escalation via DLL Search-Order Hijacking with Cyber Protection Agent - tibxread.exe utility |
$0.0 |
| 3268 |
Credentials leaked via Github |
$0.0 |
| 3269 |
Arbitrary Files and Folders Deletion vulnerability with Acronis Managed Machine Service |
$0.0 |
| 3270 |
Blind SSRF vulnerability on cz.acronis.com |
$0.0 |
| 3271 |
Local Privilege Escalation via DLL Search-Order Hijacking with Cyber Protection Agent - systeminfo.exe utility |
$0.0 |
| 3272 |
MetaMask Browser (on Android) does not enforce Content-Security-Policy header |
$0.0 |
| 3273 |
XSS on ███████ |
$0.0 |
| 3274 |
XSS found for https://█████████ |
$0.0 |
| 3275 |
Blind Sql Injection in https://████ |
$0.0 |
| 3276 |
Private data related to program exposed via /reports/.json endpoint to external user participant |
$0.0 |
| 3277 |
PHP info page disclosure in https://41.242.90.8/ |
$0.0 |
| 3278 |
Reflected cross site scripting (XSS) attacks Reflected XSS attacks, |
$0.0 |
| 3279 |
cross site scripting reflected |
$0.0 |
| 3280 |
CVE-2024-8096: OCSP stapling bypass with GnuTLS |
$0.0 |
| 3281 |
Bypass comment restriction |
$0.0 |
| 3282 |
Issue with VDP Program's Transition to Private Status and Missing Warning Labels on ORG Invitation |
$0.0 |
| 3283 |
inviting collaborator using email disclose the hackerone account related to the user |
$0.0 |
| 3284 |
SSRF Keycloak before 13.0.0 - CVE-2020-10770 on https://sponsoredata.mtn.ci |
$0.0 |
| 3285 |
Client-Side Path Traversal on LINE Developers Console |
$0.0 |
| 3286 |
[Switch, PIA/MK8DX] Stack buffer overflow and potential RCE in PIA (LAN/LDN, possibly NEX) room info deserialization |
$0.0 |
| 3287 |
IBM OpenPages vulnerable to exposure of sensitive information |
$0.0 |
| 3288 |
SSRF via host header let access localhost via https://go.dialexa.com |
$0.0 |
| 3289 |
ReDoS due to device-detector parsing user agents |
$0.0 |
| 3290 |
Maintainer can leak sentry token by changing the configured URL (fix bypass) |
$0.0 |
| 3291 |
Sauce Labs API key unencrypted in an old commit |
$0.0 |
| 3292 |
DOS: taking down a 1k users Gitlab EE instance or multiple Sidekiq instances by importing a malicious repo from a Github EE self-hosted server |
$0.0 |