| 1 |
IDOR vulnerability leads to Deleting message after leaving/getting banned from group using message ID |
$0.0 |
2023-06-16 |
2024-10-13 |
| 2 |
SAML Signature verification bypass allows logging into any user (with specific conditions) |
$25000.0 |
2024-06-27 |
2024-10-10 |
| 3 |
DOS: taking down a 1k users Gitlab EE instance or multiple Sidekiq instances by importing a malicious repo from a Github EE self-hosted server |
$0.0 |
2024-05-10 |
2024-10-09 |
| 4 |
Subdomain takeover in Gitlab pages |
$0.0 |
2024-05-28 |
2024-10-09 |
| 5 |
Remote code execution [CVE-2023-36845] |
$0.0 |
2023-09-26 |
2024-10-09 |
| 6 |
Change phone number OTP flaw leads to any phone number takeover |
$2000.0 |
2024-07-07 |
2024-10-09 |
| 7 |
Path traversal in AcitveStorage, and lead RCE |
$0.0 |
2024-01-25 |
2024-10-08 |
| 8 |
Sauce Labs API key unencrypted in an old commit |
$0.0 |
2021-08-13 |
2024-10-08 |
| 9 |
HTML injection possible with soft email confirmations when Administrator manually confirms attacker email address |
$1060.0 |
2023-04-06 |
2024-10-08 |
| 10 |
Maintainer can leak sentry token by changing the configured URL (fix bypass) |
$0.0 |
2023-08-09 |
2024-10-08 |
| 11 |
ReDoS due to device-detector parsing user agents |
$0.0 |
2022-11-13 |
2024-10-08 |
| 12 |
User API Key leakage in Github commit leads to unauthorized access to sql.telemetry.mozilla.org |
$0.0 |
2024-09-24 |
2024-10-08 |
| 13 |
IDOR at mtnmobad.mtnbusiness.com.ng leads to PII leakage. |
$0.0 |
2022-11-14 |
2024-10-05 |
| 14 |
Reflected XSS in https://nin.mtn.ng/nin/success?message=lol&nin= |
$0.0 |
2023-06-26 |
2024-10-05 |
| 15 |
External service interaction (HTTP) |
$0.0 |
2024-09-20 |
2024-10-04 |
| 16 |
SSRF via host header let access localhost via https://go.dialexa.com |
$0.0 |
2024-09-03 |
2024-10-03 |
| 17 |
Stored-XSS-ads.tiktok.com |
$0.0 |
2024-01-07 |
2024-10-02 |
| 18 |
Remove obsolete domain from handbook subdomain |
$100.0 |
2024-07-12 |
2024-10-01 |
| 19 |
IBM OpenPages vulnerable to exposure of sensitive information |
$0.0 |
2024-05-12 |
2024-10-01 |
| 20 |
XSS when using translate in Action Controller (Rails 7.0, 7.1) |
$0.0 |
2024-01-04 |
2024-10-01 |
| 21 |
Posts sent via websockets aren't sanitized properly |
$150.0 |
2024-06-07 |
2024-10-01 |
| 22 |
IDOR Exposes All Machine Learning Models |
$1160.0 |
2024-05-31 |
2024-10-01 |
| 23 |
The initial E2EE password generated by Rocket.Chat mobile can be recovered in a practical timescale. |
$0.0 |
2024-06-11 |
2024-10-01 |
| 24 |
[Switch, PIA/MK8DX] Stack buffer overflow and potential RCE in PIA (LAN/LDN, possibly NEX) room info deserialization |
$0.0 |
2024-07-18 |
2024-09-30 |
| 25 |
PUT Based CSRF via Client Side Path Traversal + Cookie Bomb on Acronis Cloud |
$600.0 |
2023-02-02 |
2024-09-27 |
| 26 |
Client-Side Path Traversal on LINE Developers Console |
$0.0 |
2024-04-22 |
2024-09-26 |
| 27 |
SSRF Keycloak before 13.0.0 - CVE-2020-10770 on https://sponsoredata.mtn.ci |
$0.0 |
2021-10-23 |
2024-09-26 |
| 28 |
Able to see location coordinates in any event without permission to do so |
$0.0 |
2024-07-18 |
2024-09-25 |
| 29 |
Possible DoS Vulnerability with Range Header in Rack |
$5420.0 |
2024-05-26 |
2024-09-25 |
| 30 |
Possible XSS Vulnerability in Action Controller |
$1068.0 |
2024-05-26 |
2024-09-25 |
| 31 |
CVE-2024-41989: Denial-Of-Service vulnerability in the floatformat template filter when input string contains a big exponent in scientific notation |
$2142.0 |
2024-08-07 |
2024-09-22 |
| 32 |
curl: stack-buffer overread during punycode conversions |
$0.0 |
2024-07-24 |
2024-09-22 |
| 33 |
Unbounded memory growth with session handling in TLSv1.3 |
$497.0 |
2024-07-24 |
2024-09-22 |
| 34 |
DOM XSS in tiktok.com/login via the redirect_url parameter |
$0.0 |
2024-07-01 |
2024-09-21 |
| 35 |
Stored Xss On "https://www.question.com/" |
$0.0 |
2023-03-12 |
2024-09-20 |
| 36 |
SSRF and secret key disclosure found on Turbonomic endpoint |
$0.0 |
2024-09-04 |
2024-09-19 |
| 37 |
SSRF and secret key disclosure found on Turbonomic endpoint |
$0.0 |
2024-09-04 |
2024-09-19 |
| 38 |
inviting collaborator using email disclose the hackerone account related to the user |
$0.0 |
2023-07-01 |
2024-09-19 |
| 39 |
Issue with VDP Program's Transition to Private Status and Missing Warning Labels on ORG Invitation |
$0.0 |
2024-09-16 |
2024-09-19 |
| 40 |
Bypass comment restriction |
$0.0 |
2024-08-22 |
2024-09-19 |
| 41 |
IDOR Leads To User Profile Modification https://mtnmobad.mtnbusiness.com.ng/app/updateUser |
$0.0 |
2022-09-27 |
2024-09-18 |
| 42 |
Removed Guest role user who dosent have access to private project in members able to view jobs |
$0.0 |
2024-08-17 |
2024-09-18 |
| 43 |
Brave Android: Incorrect URL Eliding in Brave Shields Pop Up |
$100.0 |
2024-05-11 |
2024-09-18 |
| 44 |
Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in ghe-update-check |
$10000.0 |
2024-01-18 |
2024-09-17 |
| 45 |
RC Between GitHub's Repo Update REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention |
$4000.0 |
2024-02-07 |
2024-09-17 |
| 46 |
Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in collectd |
$10000.0 |
2024-01-22 |
2024-09-17 |
| 47 |
Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in actions-console |
$10000.0 |
2024-01-17 |
2024-09-17 |
| 48 |
Private draft report exposure in a program a user is added as a viewer to |
$2500.0 |
2024-06-14 |
2024-09-17 |
| 49 |
Authentication Bypass Leads To Complete Account TakeveOver on ██████████ |
$0.0 |
2022-09-23 |
2024-09-14 |
| 50 |
Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via nomad template injection and audit-forward |
$10000.0 |
2024-01-24 |
2024-09-13 |
| 51 |
Privilege Escalation to Root SSH Access via Pre-Receive Hook Environment in GitHub Enterprise Server |
$10000.0 |
2024-01-26 |
2024-09-13 |
| 52 |
Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via nomad template injection |
$10000.0 |
2024-01-24 |
2024-09-13 |
| 53 |
Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in syslog-ng |
$10000.0 |
2024-01-22 |
2024-09-13 |
| 54 |
Unauthenticated Varnish Cache Purge |
$0.0 |
2024-08-23 |
2024-09-12 |
| 55 |
CVE-2024-8096: OCSP stapling bypass with GnuTLS |
$0.0 |
2024-08-19 |
2024-09-11 |
| 56 |
cross site scripting reflected |
$0.0 |
2022-03-01 |
2024-09-09 |
| 57 |
Stored XSS in reclamos |
$0.0 |
2022-08-20 |
2024-09-09 |
| 58 |
CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link |
$497.0 |
2024-08-22 |
2024-09-07 |
| 59 |
[Monero wallet RPC] File precreation to file ownership and credentials leak |
$0.0 |
2024-03-20 |
2024-09-04 |
| 60 |
Privates Emails of Moz Workers Leaked in Public file |
$0.0 |
2024-09-03 |
2024-09-04 |
| 61 |
Login email verification bypass via /oauth/token. |
$0.0 |
2024-08-22 |
2024-09-03 |
| 62 |
Reflected cross site scripting (XSS) attacks Reflected XSS attacks, |
$0.0 |
2022-12-10 |
2024-08-30 |
| 63 |
PHP info page disclosure in https://41.242.90.8/ |
$0.0 |
2023-01-27 |
2024-08-30 |
| 64 |
CVE-2018-0296 Cisco ASA Denial of Service & Path Traversal vulnerable on [mtn.co.ug] |
$0.0 |
2024-02-15 |
2024-08-30 |
| 65 |
CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug |
$0.0 |
2024-02-15 |
2024-08-30 |
| 66 |
Private data related to program exposed via /reports/.json endpoint to external user participant |
$0.0 |
2024-06-28 |
2024-08-30 |
| 67 |
Blind Sql Injection in https://████ |
$0.0 |
2024-07-11 |
2024-08-29 |
| 68 |
XSS found for https://█████████ |
$0.0 |
2024-08-20 |
2024-08-29 |
| 69 |
XSS on ███████ |
$0.0 |
2024-07-22 |
2024-08-29 |
| 70 |
[forum.acronis.com] JNDI Code Injection due an outdated log4j component |
$0.0 |
2021-12-19 |
2024-08-28 |
| 71 |
[CVE-2021-44228] Arbitrary Code Execution on ng01-cloud.acronis.com |
$0.0 |
2022-01-25 |
2024-08-28 |
| 72 |
SQL injection in https://demor.adr.acronis.com/ via the username parameter |
$0.0 |
2021-12-27 |
2024-08-28 |
| 73 |
CVE-2024-7347: Buffer overread in the ngx_http_mp4_module |
$2142.0 |
2024-08-14 |
2024-08-27 |
| 74 |
MetaMask Browser (on Android) does not enforce Content-Security-Policy header |
$0.0 |
2023-04-11 |
2024-08-27 |
| 75 |
Local Privilege Escalation via DLL Search-Order Hijacking with Cyber Protection Agent - systeminfo.exe utility |
$0.0 |
2020-08-15 |
2024-08-27 |
| 76 |
Local Privilege Escalation and Code Execution when restoring files from Quarantine |
$250.0 |
2020-09-12 |
2024-08-27 |
| 77 |
Blind SSRF vulnerability on cz.acronis.com |
$0.0 |
2021-01-24 |
2024-08-27 |
| 78 |
Local Privilege Escalation when updating Acronis True Image |
$250.0 |
2021-01-10 |
2024-08-27 |
| 79 |
Local Privilege Escalation via Backup delete |
$250.0 |
2020-10-08 |
2024-08-27 |
| 80 |
Reflected XSS on www.acronis.com/de-de/my/subscriptions/index.html |
$0.0 |
2021-04-02 |
2024-08-27 |
| 81 |
SSRF when configuring Website Backup on Acronis Cloud |
$500.0 |
2021-01-06 |
2024-08-27 |
| 82 |
Arbitrary Files and Folders Deletion vulnerability with Acronis Managed Machine Service |
$0.0 |
2020-08-16 |
2024-08-27 |
| 83 |
TrueImage for Acronis True Image 2020 - Untrusted DLL Search-Ordering lead to Privilege Escalation as Administrative account |
$250.0 |
2020-08-14 |
2024-08-27 |
| 84 |
Acronis True Image 2020 Build 22510 Nonstop Backup Service Unquoted service path (privilege escalation) |
$0.0 |
2021-01-21 |
2024-08-27 |
| 85 |
DLL Hijacking when creating Rescue Media Builder leading to Privilege Escalation |
$250.0 |
2020-10-17 |
2024-08-27 |
| 86 |
DLL Hijacking when sending feedback and crash report leading to Privilege Escalation |
$250.0 |
2020-10-14 |
2024-08-27 |
| 87 |
Local Privilege Escalation via EXE hijacking with Acronis True Image 2021 - Acronis Scheduler2 Service |
$0.0 |
2020-08-31 |
2024-08-27 |
| 88 |
Local Privilege Escalation via EXE hijacking with Acronis True Image 2021 installer |
$0.0 |
2020-08-30 |
2024-08-27 |
| 89 |
HTML injection in swagger UI |
$0.0 |
2024-06-03 |
2024-08-27 |
| 90 |
important: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (CVE-2024-40898) |
$4263.0 |
2024-07-19 |
2024-08-27 |
| 91 |
Credentials leaked via Github |
$0.0 |
2021-01-14 |
2024-08-26 |
| 92 |
Large Amounts of Back-End Acronis Source Code is Publicly Accessible |
$250.0 |
2020-10-14 |
2024-08-26 |
| 93 |
XSS in https://promo.acronis.com/ |
$0.0 |
2020-09-15 |
2024-08-26 |
| 94 |
CSRF and XSS on www.acronis.com |
$0.0 |
2020-08-18 |
2024-08-26 |
| 95 |
Cross Site Scripting (Reflected) on https://www.acronis.cz/dotaznik/roadshow-2020/ |
$50.0 |
2021-01-19 |
2024-08-26 |
| 96 |
Local Privilege Escalation when deleting a file from Quarantine |
$250.0 |
2020-09-16 |
2024-08-26 |
| 97 |
Acronis Sync Agent Service - Untrusted DLL Search-Ordering lead to Privilege Escalation |
$250.0 |
2020-07-15 |
2024-08-26 |
| 98 |
DLL Hijacking when performing operations in Acronis Secure Zone partition leading to Privilege Escalation |
$250.0 |
2020-10-10 |
2024-08-26 |
| 99 |
Local Privilege Escalation via DLL Search-Order Hijacking with Cyber Protection Agent - tibxread.exe utility |
$0.0 |
2020-08-20 |
2024-08-26 |
| 100 |
Jitsi: Bridge Message Spoofing due to Improper JSON Handling leads to Prototype Pollution |
$0.0 |
2023-08-03 |
2024-08-26 |
| 101 |
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list() |
$4263.0 |
2024-08-08 |
2024-08-24 |
| 102 |
Remote code injection in Log4j on https://mymtn.mtncongo.net - CVE-2021-44228 |
$0.0 |
2021-12-14 |
2024-08-24 |
| 103 |
Remote code injection in Log4j on http://mtn1app.mtncameroon.net - CVE-2021-44228 |
$0.0 |
2021-12-14 |
2024-08-24 |
| 104 |
Cross-site Scripting (XSS) - Reflected on https://api.mtn.sd/carbon/admin/login.jsp via msgId parameter - CVE-2020-17453 |
$0.0 |
2021-04-09 |
2024-08-24 |
| 105 |
Cross-site Scripting (XSS) - Reflected on http://callertunez.mtn.com.gh/wap/noauth/sharedetail.ftl via callback parameter |
$0.0 |
2021-04-03 |
2024-08-24 |
| 106 |
Cross-site Scripting (XSS) - Reflected on http://h1b4e.n2.ips.mtn.co.ug:8080 via Nginx-module |
$0.0 |
2021-04-09 |
2024-08-24 |
| 107 |
[CVE-2024-35176] DoS vulnerability in REXML |
$2142.0 |
2024-08-07 |
2024-08-23 |
| 108 |
CVE-2024-38875: Denial-Of-Service through uncontrolled resource consumption caused by poor time complexity of strip_punctuation . |
$2142.0 |
2024-07-09 |
2024-08-23 |
| 109 |
libcurl: freeing stack buffer during x509 certificate parsing |
$0.0 |
2024-07-24 |
2024-08-23 |
| 110 |
Reflected Cross Site Scripting Cisco ASA on myvpn.mtncameroon.net CVE-2020-3580 |
$0.0 |
2021-06-30 |
2024-08-23 |
| 111 |
Cross-site Scripting (XSS) - Reflected |
$0.0 |
2021-05-28 |
2024-08-21 |
| 112 |
Source Code and data exfiltration via Github Copilot |
$0.0 |
2024-02-21 |
2024-08-19 |
| 113 |
FULL ACCOUNT TAKEOVER |
$0.0 |
2024-06-08 |
2024-08-17 |
| 114 |
jazz.net - publicly accessible .svn repositories |
$0.0 |
2024-03-01 |
2024-08-16 |
| 115 |
Cross Site Scripting |
$0.0 |
2024-07-06 |
2024-08-16 |
| 116 |
Course Registration Form Allowing an attacker to dump all the candidate name who had enrolled for the course |
$0.0 |
2021-02-10 |
2024-08-16 |
| 117 |
DoD workstation exposed to internet via TinyPilot KVM with no authentication |
$0.0 |
2024-08-01 |
2024-08-16 |
| 118 |
Blind Stored XSS on the internal host - █████████████ |
$0.0 |
2020-07-14 |
2024-08-16 |
| 119 |
Unauthenticated arbitrary file upload on the https://█████/ (█████████) |
$0.0 |
2019-09-20 |
2024-08-16 |
| 120 |
moderate: Apache HTTP Server: mod_rewrite proxy handler substitution (CVE-2024-39573) CWE-20 Improper Input Validation |
$2600.0 |
2024-07-03 |
2024-08-12 |
| 121 |
Subdomain takeover in GitLab Pages [george.ratelimited.me] |
$0.0 |
2024-05-28 |
2024-08-11 |
| 122 |
XSS via /api/v1/chat.postMessage |
$0.0 |
2017-04-10 |
2024-08-10 |
| 123 |
Guest Privilege Escalation to admin group |
$0.0 |
2019-02-25 |
2024-08-10 |
| 124 |
Upload of Avatars for other Users |
$0.0 |
2019-02-25 |
2024-08-10 |
| 125 |
Online Status of arbitrary users can be changed |
$0.0 |
2019-02-25 |
2024-08-10 |
| 126 |
CSS Injection in Message Avatar |
$0.0 |
2020-11-11 |
2024-08-10 |
| 127 |
Unread Messages can leak Message IDs |
$0.0 |
2020-12-20 |
2024-08-10 |
| 128 |
Registration bypass with leaked Invite Token |
$0.0 |
2021-01-04 |
2024-08-10 |
| 129 |
Unauthenticated clients can modify Livechat Business Hours |
$0.0 |
2020-12-21 |
2024-08-10 |
| 130 |
Improper ACL in Message Starring |
$0.0 |
2020-12-17 |
2024-08-10 |
| 131 |
User Impersonation through sendMessage options |
$0.0 |
2020-11-11 |
2024-08-10 |
| 132 |
Authentication Bypass in login-token Authentication Method |
$0.0 |
2022-01-12 |
2024-08-10 |
| 133 |
Impersonation in Sequential Messages |
$0.0 |
2021-10-24 |
2024-08-10 |
| 134 |
Content-Security Policy bypass with File Uploads |
$0.0 |
2021-10-25 |
2024-08-10 |
| 135 |
XSS in various MessageTypes |
$0.0 |
2021-10-23 |
2024-08-10 |
| 136 |
Pinning leaks message content |
$0.0 |
2020-12-19 |
2024-08-10 |
| 137 |
Bypassing 2FA with conventional session management - open.rocket.chat |
$0.0 |
2022-09-15 |
2024-08-10 |
| 138 |
Leaking usernames through endpoints Wordpress |
$0.0 |
2022-11-27 |
2024-08-10 |
| 139 |
IDOR lets a malicious user reveal the unpinned achievement badges of any Reddit user |
$0.0 |
2024-07-23 |
2024-08-09 |
| 140 |
Permissions can be bypassed via arbitrary code execution through abusing libuv signal pipes |
$0.0 |
2023-11-21 |
2024-08-08 |
| 141 |
Possible Subdomain Takeover For Inbound Emails |
$0.0 |
2024-06-20 |
2024-08-07 |
| 142 |
https://srcds.valve.net/find/ is leaking server config / API keys |
$0.0 |
2021-04-19 |
2024-08-06 |
| 143 |
Unauthenticated full-read SSRF via Twilio integration |
$0.0 |
2023-02-25 |
2024-08-04 |
| 144 |
CVE-2024-7264: ASN.1 date parser overread |
$0.0 |
2024-07-30 |
2024-08-01 |
| 145 |
Access body and title of Internal Repo Issues in Projects |
$4000.0 |
2024-05-11 |
2024-07-31 |
| 146 |
GitHub Apps can access suspended installations via scoped user-to-server tokens |
$4000.0 |
2024-04-30 |
2024-07-31 |
| 147 |
Add any depot to your app and access its contents without decryption key; via /apps/setcommonredists |
$0.0 |
2020-10-25 |
2024-07-30 |
| 148 |
Shell command injection in https://partner.steamgames.com/admin/game/publish/ via screenshot URL |
$0.0 |
2020-08-01 |
2024-07-30 |
| 149 |
Shell command injection in https://partner.steamgames.com/bundles/savestore/ via overwriting asset_path_identifier |
$0.0 |
2020-07-17 |
2024-07-30 |
| 150 |
Shell command injection in https://partner.steamgames.com/apps/communityitems/ via file extension of item_image_small and item_image_large |
$0.0 |
2020-04-04 |
2024-07-30 |
| 151 |
SQL injection in /errors/viewbuild/ |
$0.0 |
2019-09-08 |
2024-07-30 |
| 152 |
/applications/dpc_(get|post) provide full access to api.steampowered.com with the Dota2 API key |
$0.0 |
2019-08-16 |
2024-07-30 |
| 153 |
WG call injection in /economy/contextcommand |
$0.0 |
2019-07-22 |
2024-07-30 |
| 154 |
RCE on partner.steampowered.com |
$0.0 |
2019-03-28 |
2024-07-30 |
| 155 |
Exposure of shopify employee summit page allows anonymous user to place orders for free books |
$0.0 |
2024-06-14 |
2024-07-29 |
| 156 |
Open Akamai ARL XSS on http://master-config-████████ |
$0.0 |
2021-08-22 |
2024-07-26 |
| 157 |
Open Akamai ARL XSS on http://media.████████ |
$0.0 |
2021-08-22 |
2024-07-26 |
| 158 |
█████████ (Android): Vulnerable to Javascript Injection and Open redirect |
$0.0 |
2024-06-17 |
2024-07-26 |
| 159 |
Subdomain takeover ██████ |
$0.0 |
2024-06-14 |
2024-07-26 |
| 160 |
Subdomain takeover on one of the subdomains under mozaws.net |
$0.0 |
2024-06-10 |
2024-07-25 |
| 161 |
Subdomain takeover on one of the subdomains under mozaws.net |
$0.0 |
2024-03-01 |
2024-07-25 |
| 162 |
CVE-2024-6197: freeing stack buffer in utf8asn1str |
$0.0 |
2024-06-18 |
2024-07-24 |
| 163 |
CVE-2024-6874: macidn punycode buffer overread |
$0.0 |
2024-07-16 |
2024-07-24 |
| 164 |
View private repository NWO of deploy key via internal LFS API |
$4000.0 |
2024-04-18 |
2024-07-23 |
| 165 |
Reflected Cross Site Scripting |
$0.0 |
2021-02-03 |
2024-07-23 |
| 166 |
Payload delivery via Social Media urls on H1 profile |
$0.0 |
2024-04-29 |
2024-07-23 |
| 167 |
Non Org Admin/Group Manager can create groups in an organization |
$0.0 |
2024-02-13 |
2024-07-23 |
| 168 |
Minor security issue with Hackerone Invitations from sandbox program |
$0.0 |
2024-03-21 |
2024-07-22 |
| 169 |
Arbitrary code execution in TSEC Heavy Secure, return-oriented programming in TSEC Secure ROM, and recovery of TSEC-derived cryptographic secrets |
$0.0 |
2020-07-15 |
2024-07-22 |
| 170 |
Exploitable live argument in onClick Function leads to Data Leakage of Inactive/Suspended Products |
$1000.0 |
2023-12-23 |
2024-07-19 |
| 171 |
Authentication Bypass on https://███████/ |
$0.0 |
2024-03-13 |
2024-07-19 |
| 172 |
IDOR leads to PII Leak |
$0.0 |
2024-07-04 |
2024-07-19 |
| 173 |
IDOR leads to view other user Biographical details (Possible PII LEAK) |
$0.0 |
2024-07-04 |
2024-07-19 |
| 174 |
IDOR : Modify other users demographic details |
$0.0 |
2024-07-04 |
2024-07-19 |
| 175 |
Automatic Admin Access |
$0.0 |
2023-05-17 |
2024-07-19 |
| 176 |
Endpoint Redirects to Admin Page and Provides Admin role |
$0.0 |
2023-05-18 |
2024-07-19 |
| 177 |
Local File Inclusion in download.php |
$0.0 |
2022-07-17 |
2024-07-19 |
| 178 |
XML External Entity (XXE) Injection |
$0.0 |
2024-06-25 |
2024-07-19 |
| 179 |
Email Takeover leads to permanent account deletion |
$0.0 |
2024-07-06 |
2024-07-19 |
| 180 |
Restrict any user from Login to their account |
$0.0 |
2024-07-04 |
2024-07-19 |
| 181 |
Missing Access Control Allows for User Creation and Privilege Escalation |
$0.0 |
2024-03-31 |
2024-07-19 |
| 182 |
Unauthenticated arbitrary file upload on the https://█████/ (█████.mil) |
$0.0 |
2019-09-20 |
2024-07-19 |
| 183 |
Unauthenticated access to internal API at██████████.███.edu [HtUS] |
$0.0 |
2022-07-06 |
2024-07-19 |
| 184 |
XXE with RCE potential on the https://█████████ (CVE-2017-3548) |
$0.0 |
2019-10-09 |
2024-07-19 |
| 185 |
Authentication bypass and potential RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials |
$0.0 |
2019-08-29 |
2024-07-19 |
| 186 |
Unauth IDOR to mass account takeover without user interaction on the ███████ (https://███████.edu/) |
$0.0 |
2019-08-31 |
2024-07-19 |
| 187 |
Self XSS |
$0.0 |
2024-05-27 |
2024-07-19 |
| 188 |
[CVE-2018-0296] Cisco VPN path traversal on the https://███ (████████████████) |
$750.0 |
2019-09-16 |
2024-07-19 |
| 189 |
[CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (no hostname) |
$750.0 |
2019-09-16 |
2024-07-19 |
| 190 |
[CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (██████) |
$750.0 |
2019-09-16 |
2024-07-19 |
| 191 |
[CVE-2018-0296] Cisco VPN path traversal on the https://1████████ (https://████████.███.████████/) |
$750.0 |
2019-09-14 |
2024-07-19 |
| 192 |
HTML Injection into https://www.██████.mil |
$0.0 |
2024-06-17 |
2024-07-19 |
| 193 |
CVE-2023-26347 in https://████.mil/hax/..CFIDE/adminapi/administrator.cfc?method=getBuildNumber&_cfclient=true |
$0.0 |
2024-05-24 |
2024-07-19 |
| 194 |
XSS in IBM InfoCenter |
$0.0 |
2024-02-01 |
2024-07-17 |
| 195 |
Multiple XSS and open HTTP redirection |
$0.0 |
2024-02-13 |
2024-07-16 |