User information disclosed via API
π https://hackerone.com/reports/1218461
πΉ Severity: High
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #toormund
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 6:47pm (UTC)
π https://hackerone.com/reports/1218461
πΉ Severity: High
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #toormund
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 6:47pm (UTC)
Local applications from user's computer can listen for webhooks via insecure gRPC server from stripe-cli
π https://hackerone.com/reports/1369191
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Stripe
πΉ Reported By: #gregxsunday
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 7:03pm (UTC)
π https://hackerone.com/reports/1369191
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Stripe
πΉ Reported By: #gregxsunday
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 7:03pm (UTC)
π1
Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/
π https://hackerone.com/reports/1685970
πΉ Severity: High | π° 13,000 USD
πΉ Reported To: Stripe
πΉ Reported By: #mr_asg
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 7:05pm (UTC)
π https://hackerone.com/reports/1685970
πΉ Severity: High | π° 13,000 USD
πΉ Reported To: Stripe
πΉ Reported By: #mr_asg
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 7:05pm (UTC)
[CSRF] No Csrf protection against sending invitation to join the team.
π https://hackerone.com/reports/728199
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:31am (UTC)
π https://hackerone.com/reports/728199
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:31am (UTC)
Ability to View Non-Permitted Admin Log
π https://hackerone.com/reports/1533220
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:34am (UTC)
π https://hackerone.com/reports/1533220
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:34am (UTC)
Removed user can still view comments on the file/documents.
π https://hackerone.com/reports/1335070
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:36am (UTC)
π https://hackerone.com/reports/1335070
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:36am (UTC)
POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network.
π https://hackerone.com/reports/1705717
πΉ Severity: Critical | π° 2,000 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #shakedreiner
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 8:07pm (UTC)
π https://hackerone.com/reports/1705717
πΉ Severity: Critical | π° 2,000 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #shakedreiner
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 8:07pm (UTC)
Card requirement bypass for business trial
π https://hackerone.com/reports/1670304
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Krisp
πΉ Reported By: #n0_m3rcy
πΉ State: π’ Resolved
πΉ Disclosed: October 21, 2022, 4:23pm (UTC)
π https://hackerone.com/reports/1670304
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Krisp
πΉ Reported By: #n0_m3rcy
πΉ State: π’ Resolved
πΉ Disclosed: October 21, 2022, 4:23pm (UTC)
access nagios dashboard using default credentials in ** omon1.fpki.gov, 3.220.248.203**
π https://hackerone.com/reports/1700896
πΉ Severity: Critical
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #ahmed0x0mahmoud
πΉ State: π’ Resolved
πΉ Disclosed: October 21, 2022, 11:33pm (UTC)
π https://hackerone.com/reports/1700896
πΉ Severity: Critical
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #ahmed0x0mahmoud
πΉ State: π’ Resolved
πΉ Disclosed: October 21, 2022, 11:33pm (UTC)
installed.json sensitive file was publicly accessible on your web application which discloses information about authors and admins
π https://hackerone.com/reports/1586524
πΉ Severity: Low
πΉ Reported To: Yelp
πΉ Reported By: #whitehacker18
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 22, 2022, 6:39pm (UTC)
π https://hackerone.com/reports/1586524
πΉ Severity: Low
πΉ Reported To: Yelp
πΉ Reported By: #whitehacker18
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 22, 2022, 6:39pm (UTC)
Viewer is able to leak the previous versions of the file
π https://hackerone.com/reports/1080700
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:56pm (UTC)
π https://hackerone.com/reports/1080700
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:56pm (UTC)
IDOR Allows Viewer to Delete Bin's Files
π https://hackerone.com/reports/1074420
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:59pm (UTC)
π https://hackerone.com/reports/1074420
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:59pm (UTC)
Remotely Accessible Container Advisor exposed performance metrics and resource usage
π https://hackerone.com/reports/1697599
πΉ Severity: Low | π° 100 USD
πΉ Reported To: TikTok
πΉ Reported By: #tw4v3sx
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 10:07pm (UTC)
π https://hackerone.com/reports/1697599
πΉ Severity: Low | π° 100 USD
πΉ Reported To: TikTok
πΉ Reported By: #tw4v3sx
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 10:07pm (UTC)
A malicious admin can be able to permanently disable a Owner(Admin) to access his account
π https://hackerone.com/reports/1718574
πΉ Severity: Medium | π° 600 USD
πΉ Reported To: Linktree
πΉ Reported By: #dewcode91
πΉ State: π’ Resolved
πΉ Disclosed: October 25, 2022, 12:49am (UTC)
π https://hackerone.com/reports/1718574
πΉ Severity: Medium | π° 600 USD
πΉ Reported To: Linktree
πΉ Reported By: #dewcode91
πΉ State: π’ Resolved
πΉ Disclosed: October 25, 2022, 12:49am (UTC)
Reflected Cross site scripting via Swagger UI
π https://hackerone.com/reports/1656650
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #webcipher101
πΉ State: π’ Resolved
πΉ Disclosed: October 25, 2022, 7:14am (UTC)
π https://hackerone.com/reports/1656650
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #webcipher101
πΉ State: π’ Resolved
πΉ Disclosed: October 25, 2022, 7:14am (UTC)
Business Logic, currency arbitrage - Possibility to pay less than the price in USD
π https://hackerone.com/reports/1677155
πΉ Severity: Medium
πΉ Reported To: PortSwigger Web Security
πΉ Reported By: #xctzn
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 26, 2022, 6:57am (UTC)
π https://hackerone.com/reports/1677155
πΉ Severity: Medium
πΉ Reported To: PortSwigger Web Security
πΉ Reported By: #xctzn
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 26, 2022, 6:57am (UTC)
HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding (improper fix for CVE-2022-32215)
π https://hackerone.com/reports/1665156
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #shacharm
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
π https://hackerone.com/reports/1665156
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #shacharm
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
Node 18 reads openssl.cnf from /home/iojs/build/... upon startup on MacOS
π https://hackerone.com/reports/1695596
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #mhdawson
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
π https://hackerone.com/reports/1695596
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #mhdawson
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
CVE-2022-32213 bypass via obs-fold mechanic
π https://hackerone.com/reports/1630336
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
π https://hackerone.com/reports/1630336
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
HTTP Request Smuggling Due to Incorrect Parsing of Header Fields
π https://hackerone.com/reports/1675191
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #vvx7
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
π https://hackerone.com/reports/1675191
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #vvx7
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)