| 2024-09-18 |
[$10000.0] GitHub: Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in ghe-update-check |
hackerone.com |
|
| 2024-09-18 |
[$4000.0] GitHub: RC Between GitHub's Repo Update REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention |
hackerone.com |
|
| 2024-09-18 |
[$10000.0] GitHub: Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in collectd |
hackerone.com |
|
| 2024-09-18 |
[$10000.0] GitHub: Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in actions-console |
hackerone.com |
|
| 2024-09-18 |
[$2500.0] HackerOne: Private draft report exposure in a program a user is added as a viewer to |
hackerone.com |
|
| 2024-09-16 |
mycompany VDP: This test report has been disclosed by 20_root. |
hackerone.com |
|
| 2024-09-15 |
MTN Group: Authentication Bypass Leads To Complete Account TakeveOver on ██████████ |
hackerone.com |
|
| 2024-09-15 |
[$10000.0] GitHub: Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via nomad template injection and audit-forward |
hackerone.com |
|
| 2024-09-15 |
[$10000.0] GitHub: Privilege Escalation to Root SSH Access via Pre-Receive Hook Environment in GitHub Enterprise Server |
hackerone.com |
|
| 2024-09-15 |
[$10000.0] GitHub: Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via nomad template injection |
hackerone.com |
|
| 2024-09-15 |
[$10000.0] GitHub: Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in syslog-ng |
hackerone.com |
|
| 2024-09-13 |
Adobe: Unauthenticated Varnish Cache Purge |
hackerone.com |
|
| 2024-09-12 |
curl: CVE-2024-8096: OCSP stapling bypass with GnuTLS |
hackerone.com |
|
| 2024-09-10 |
MTN Group: cross site scripting reflected |
hackerone.com |
|
| 2024-09-09 |
MercadoLibre: Stored XSS in reclamos |
hackerone.com |
|
| 2024-09-07 |
[$497.0] Internet Bug Bounty: CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link |
hackerone.com |
|
| 2024-09-05 |
Monero: [Monero wallet RPC] File precreation to file ownership and credentials leak |
hackerone.com |
|
| 2024-09-04 |
Mozilla: Privates Emails of Moz Workers Leaked in Public file |
hackerone.com |
|
| 2024-09-04 |
GitLab: Login email verification bypass via `/oauth/token`. |
hackerone.com |
|
| 2024-08-31 |
MTN Group: Reflected cross site scripting (XSS) attacks Reflected XSS attacks, |
hackerone.com |
|
| 2024-08-31 |
MTN Group: PHP info page disclosure in https://41.242.90.8/ |
hackerone.com |
|
| 2024-08-31 |
MTN Group: CVE-2018-0296 Cisco ASA Denial of Service & Path Traversal vulnerable on [mtn.co.ug] |
hackerone.com |
|
| 2024-08-31 |
MTN Group: CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug |
hackerone.com |
|
| 2024-08-30 |
HackerOne: Private data related to program exposed via /reports/<id>.json endpoint to external user participant |
hackerone.com |
|
| 2024-08-30 |
U.S. Dept Of Defense: Blind Sql Injection in https://████ |
hackerone.com |
|
| 2024-08-30 |
U.S. Dept Of Defense: XSS found for https://█████████ |
hackerone.com |
|
| 2024-08-30 |
U.S. Dept Of Defense: XSS on ███████ |
hackerone.com |
|
| 2024-08-28 |
Acronis: [forum.acronis.com] JNDI Code Injection due an outdated log4j component |
hackerone.com |
|
| 2024-08-28 |
Acronis: [CVE-2021-44228] Arbitrary Code Execution on ng01-cloud.acronis.com |
hackerone.com |
|
| 2024-08-28 |
Acronis: SQL injection in https://demor.adr.acronis.com/ via the username parameter |
hackerone.com |
|
| 2024-08-28 |
[$2142.0] Internet Bug Bounty: CVE-2024-7347: Buffer overread in the ngx_http_mp4_module |
hackerone.com |
|
| 2024-08-28 |
MetaMask: MetaMask Browser (on Android) does not enforce Content-Security-Policy header |
hackerone.com |
|
| 2024-08-28 |
Acronis: Local Privilege Escalation via DLL Search-Order Hijacking with Cyber Protection Agent - systeminfo.exe utility |
hackerone.com |
|
| 2024-08-28 |
[$250.0] Acronis: Local Privilege Escalation and Code Execution when restoring files from Quarantine |
hackerone.com |
|
| 2024-08-28 |
Acronis: Blind SSRF vulnerability on cz.acronis.com |
hackerone.com |
|
| 2024-08-28 |
[$250.0] Acronis: Local Privilege Escalation when updating Acronis True Image |
hackerone.com |
|
| 2024-08-28 |
[$250.0] Acronis: Local Privilege Escalation using System Clean-up functionality |
hackerone.com |
|
| 2024-08-28 |
[$250.0] Acronis: Local Privilege Escalation via Backup delete |
hackerone.com |
|
| 2024-08-28 |
Acronis: Reflected XSS on www.acronis.com/de-de/my/subscriptions/index.html |
hackerone.com |
|
| 2024-08-28 |
[$500.0] Acronis: SSRF when configuring Website Backup on Acronis Cloud |
hackerone.com |
|
| 2024-08-28 |
Acronis: Arbitrary Files and Folders Deletion vulnerability with Acronis Managed Machine Service |
hackerone.com |
|
| 2024-08-28 |
[$250.0] Acronis: TrueImage for Acronis True Image 2020 - Untrusted DLL Search-Ordering lead to Privilege Escalation as Administrative account |
hackerone.com |
|
| 2024-08-28 |
Acronis: Acronis True Image 2020 Build 22510 Nonstop Backup Service Unquoted service path (privilege escalation) |
hackerone.com |
|
| 2024-08-28 |
[$250.0] Acronis: DLL Hijacking when creating Rescue Media Builder leading to Privilege Escalation |
hackerone.com |
|
| 2024-08-28 |
[$250.0] Acronis: DLL Hijacking when sending feedback and crash report leading to Privilege Escalation |
hackerone.com |
|
| 2024-08-28 |
Acronis: Local Privilege Escalation via EXE hijacking with Acronis True Image 2021 - Acronis Scheduler2 Service |
hackerone.com |
|
| 2024-08-28 |
Acronis: Local Privilege Escalation via EXE hijacking with Acronis True Image 2021 installer |
hackerone.com |
|
| 2024-08-27 |
Ionity GmbH: HTML injection in swagger UI |
hackerone.com |
|
| 2024-08-27 |
[$4263.0] Internet Bug Bounty: important: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (CVE-2024-40898) |
hackerone.com |
|
| 2024-08-27 |
Acronis: Credentials leaked via Github |
hackerone.com |
|
| 2024-08-27 |
[$250.0] Acronis: Large Amounts of Back-End Acronis Source Code is Publicly Accessible |
hackerone.com |
|
| 2024-08-27 |
Acronis: XSS in https://promo.acronis.com/ |
hackerone.com |
|
| 2024-08-27 |
Acronis: CSRF and XSS on www.acronis.com |
hackerone.com |
|
| 2024-08-27 |
[$50.0] Acronis: Cross Site Scripting (Reflected) on https://www.acronis.cz/dotaznik/roadshow-2020/ |
hackerone.com |
|
| 2024-08-27 |
[$250.0] Acronis: Local Privilege Escalation when deleting a file from Quarantine |
hackerone.com |
|
| 2024-08-27 |
[$250.0] Acronis: Acronis Sync Agent Service - Untrusted DLL Search-Ordering lead to Privilege Escalation |
hackerone.com |
|
| 2024-08-27 |
[$250.0] Acronis: DLL Hijacking when performing operations in Acronis Secure Zone partition leading to Privilege Escalation |
hackerone.com |
|
| 2024-08-27 |
Acronis: Local Privilege Escalation via DLL Search-Order Hijacking with Cyber Protection Agent - tibxread.exe utility |
hackerone.com |
|
| 2024-08-26 |
8x8 Bounty: Jitsi: Bridge Message Spoofing due to Improper JSON Handling leads to Prototype Pollution |
hackerone.com |
|
| 2024-08-25 |
[$4263.0] Internet Bug Bounty: CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list() |
hackerone.com |
|
| 2024-08-24 |
MTN Group: Remote code injection in Log4j on https://mymtn.mtncongo.net - CVE-2021-44228 |
hackerone.com |
|
| 2024-08-24 |
MTN Group: Remote code injection in Log4j on http://mtn1app.mtncameroon.net - CVE-2021-44228 |
hackerone.com |
|
| 2024-08-24 |
MTN Group: Cross-site Scripting (XSS) - Reflected on https://api.mtn.sd/carbon/admin/login.jsp via `msgId` parameter - CVE-2020-17453 |
hackerone.com |
|
| 2024-08-24 |
MTN Group: Cross-site Scripting (XSS) - Reflected on http://callertunez.mtn.com.gh/wap/noauth/sharedetail.ftl via `callback` parameter |
hackerone.com |
|
| 2024-08-24 |
MTN Group: Cross-site Scripting (XSS) - Reflected on http://h1b4e.n2.ips.mtn.co.ug:8080 via Nginx-module |
hackerone.com |
|
| 2024-08-24 |
[$2142.0] Internet Bug Bounty: [CVE-2024-35176] DoS vulnerability in REXML |
hackerone.com |
|
| 2024-08-24 |
[$2142.0] Internet Bug Bounty: CVE-2024-38875: Denial-Of-Service through uncontrolled resource consumption caused by poor time complexity of strip_punctuation . |
hackerone.com |
|
| 2024-08-24 |
Internet Bug Bounty: libcurl: freeing stack buffer during x509 certificate parsing |
hackerone.com |
|
| 2024-08-24 |
MTN Group: Reflected Cross Site Scripting Cisco ASA on myvpn.mtncameroon.net CVE-2020-3580 |
hackerone.com |
|
| 2024-08-22 |
Drugs.com: Cross-site Scripting (XSS) - Reflected |
hackerone.com |
|
| 2024-08-20 |
[$1000.0] GitHub: Source Code and data exfiltration via Github Copilot |
hackerone.com |
|
| 2024-08-17 |
MTN Group: FULL ACCOUNT TAKEOVER |
hackerone.com |
|
| 2024-08-17 |
IBM: jazz.net - publicly accessible .svn repositories |
hackerone.com |
|
| 2024-08-17 |
U.S. Dept Of Defense: Cross Site Scripting |
hackerone.com |
|
| 2024-08-17 |
U.S. Dept Of Defense: Course Registration Form Allowing an attacker to dump all the candidate name who had enrolled for the course |
hackerone.com |
|
| 2024-08-17 |
U.S. Dept Of Defense: DoD workstation exposed to internet via TinyPilot KVM with no authentication |
hackerone.com |
|
| 2024-08-17 |
U.S. Dept Of Defense: Blind Stored XSS on the internal host - █████████████ |
hackerone.com |
|
| 2024-08-17 |
U.S. Dept Of Defense: Unauthenticated arbitrary file upload on the https://█████/ (█████████) |
hackerone.com |
|
| 2024-08-13 |
[$2600.0] Internet Bug Bounty: moderate: Apache HTTP Server: mod_rewrite proxy handler substitution (CVE-2024-39573) CWE-20 Improper Input Validation |
hackerone.com |
|
| 2024-08-12 |
RATELIMITED: Subdomain takeover in GitLab Pages [george.ratelimited.me] |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: XSS via /api/v1/chat.postMessage |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Guest Privilege Escalation to admin group |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Upload of Avatars for other Users |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Online Status of arbitrary users can be changed |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: CSS Injection in Message Avatar |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Unread Messages can leak Message IDs |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Registration bypass with leaked Invite Token |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Unauthenticated clients can modify Livechat Business Hours |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Improper ACL in Message Starring |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: User Impersonation through sendMessage options |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Authentication Bypass in login-token Authentication Method |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Impersonation in Sequential Messages |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Content-Security Policy bypass with File Uploads |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: XSS in various MessageTypes |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Pinning leaks message content |
hackerone.com |
|
| 2024-08-11 |
Rocket.Chat: Bypassing 2FA with conventional session management - open.rocket.chat |
hackerone.com |
|
| 2024-08-10 |
MTN Group: Leaking usernames through endpoints Wordpress |
hackerone.com |
|
| 2024-08-10 |
Reddit: IDOR lets a malicious user reveal the unpinned achievement badges of any Reddit user |
hackerone.com |
|
| 2024-08-09 |
Node.js: Permissions can be bypassed via arbitrary code execution through abusing libuv signal pipes |
hackerone.com |
|
| 2024-08-07 |
Smule: Possible Subdomain Takeover For Inbound Emails |
hackerone.com |
|
