Weak randomness in WebCrypto keygen
π https://hackerone.com/reports/1690000
πΉ Severity: High
πΉ Reported To: Node.js
πΉ Reported By: #bnoordhuis
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:18am (UTC)
π https://hackerone.com/reports/1690000
πΉ Severity: High
πΉ Reported To: Node.js
πΉ Reported By: #bnoordhuis
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:18am (UTC)
π1
Subdomain takeover on 'de-headless.staging.gymshark.com'
π https://hackerone.com/reports/1711890
πΉ Severity: High
πΉ Reported To: Gymshark
πΉ Reported By: #a-p0c
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 11:14am (UTC)
π https://hackerone.com/reports/1711890
πΉ Severity: High
πΉ Reported To: Gymshark
πΉ Reported By: #a-p0c
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 11:14am (UTC)
CVE-2022-35260: .netrc parser out-of-bounds access
π https://hackerone.com/reports/1721098
πΉ Severity: Low
πΉ Reported To: curl
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 2:55pm (UTC)
π https://hackerone.com/reports/1721098
πΉ Severity: Low
πΉ Reported To: curl
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 2:55pm (UTC)
π1
CVE-2022-42916: HSTS bypass via IDN
π https://hackerone.com/reports/1730660
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 2:55pm (UTC)
π https://hackerone.com/reports/1730660
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 2:55pm (UTC)
π1
Jolokia Reflected XSS
π https://hackerone.com/reports/1714563
πΉ Severity: Medium
πΉ Reported To: Mars
πΉ Reported By: #ramzanrl
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 5:36pm (UTC)
π https://hackerone.com/reports/1714563
πΉ Severity: Medium
πΉ Reported To: Mars
πΉ Reported By: #ramzanrl
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 5:36pm (UTC)
π1
HTML INJECTION FOUND ON https://adobedocs.github.io/analytics-1.4-apis/swagger-docs.html DUE TO OUTDATED SWAGGER UI
π https://hackerone.com/reports/1736466
πΉ Severity: Low
πΉ Reported To: Adobe
πΉ Reported By: #dreamer_eh
πΉ State: π’ Resolved
πΉ Disclosed: October 28, 2022, 7:18am (UTC)
π https://hackerone.com/reports/1736466
πΉ Severity: Low
πΉ Reported To: Adobe
πΉ Reported By: #dreamer_eh
πΉ State: π’ Resolved
πΉ Disclosed: October 28, 2022, 7:18am (UTC)
π1
Privilege Escalation to All-staff group
π https://hackerone.com/reports/1021460
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 28, 2022, 11:55pm (UTC)
π https://hackerone.com/reports/1021460
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 28, 2022, 11:55pm (UTC)
Accessing/Editing Folders of Other Users in the Orginisation.
π https://hackerone.com/reports/1025881
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 29, 2022, 12:56am (UTC)
π https://hackerone.com/reports/1025881
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 29, 2022, 12:56am (UTC)
Cross-site Scripting (XSS) - Reflected
π https://hackerone.com/reports/1183336
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 30, 2022, 9:54pm (UTC)
π https://hackerone.com/reports/1183336
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 30, 2022, 9:54pm (UTC)
Cross-Site Request Forgery (CSRF) to xss
π https://hackerone.com/reports/1183241
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 30, 2022, 9:54pm (UTC)
π https://hackerone.com/reports/1183241
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 30, 2022, 9:54pm (UTC)
XSS in SocialIcon Link
π https://hackerone.com/reports/1698652
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: Linktree
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: October 31, 2022, 4:04am (UTC)
π https://hackerone.com/reports/1698652
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: Linktree
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: October 31, 2022, 4:04am (UTC)
Authentication bypass for βββ leads to take over any users account.
π https://hackerone.com/reports/1608151
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Krisp
πΉ Reported By: #n0_m3rcy
πΉ State: π’ Resolved
πΉ Disclosed: October 31, 2022, 5:56pm (UTC)
π https://hackerone.com/reports/1608151
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Krisp
πΉ Reported By: #n0_m3rcy
πΉ State: π’ Resolved
πΉ Disclosed: October 31, 2022, 5:56pm (UTC)
IDOR in API applications (able to see any API token, leads to account takeover)
π https://hackerone.com/reports/1695454
πΉ Severity: Critical | π° 500 USD
πΉ Reported To: Automattic
πΉ Reported By: #bugra
πΉ State: π’ Resolved
πΉ Disclosed: November 1, 2022, 10:46pm (UTC)
π https://hackerone.com/reports/1695454
πΉ Severity: Critical | π° 500 USD
πΉ Reported To: Automattic
πΉ Reported By: #bugra
πΉ State: π’ Resolved
πΉ Disclosed: November 1, 2022, 10:46pm (UTC)
Stored XSS in intensedebate.com via the Comments RSS
π https://hackerone.com/reports/1664914
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Automattic
πΉ Reported By: #bugra
πΉ State: π’ Resolved
πΉ Disclosed: November 2, 2022, 9:20am (UTC)
π https://hackerone.com/reports/1664914
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Automattic
πΉ Reported By: #bugra
πΉ State: π’ Resolved
πΉ Disclosed: November 2, 2022, 9:20am (UTC)
CVE-2022-42916: HSTS bypass via IDN
π https://hackerone.com/reports/1753226
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 12:19am (UTC)
π https://hackerone.com/reports/1753226
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 12:19am (UTC)
Archived / Deleted / Private Poll Can Be Viewed by Another Users [Crowdsignal WordPress plugins]
π https://hackerone.com/reports/1711318
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Automattic
πΉ Reported By: #apapedulimu
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 11:41am (UTC)
π https://hackerone.com/reports/1711318
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Automattic
πΉ Reported By: #apapedulimu
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 11:41am (UTC)
Command injection in GitHub Actions ContainerStepHost
π https://hackerone.com/reports/1637621
πΉ Severity: No Rating | π° 4,000 USD
πΉ Reported To: GitHub
πΉ Reported By: #jupenur
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 3:33pm (UTC)
π https://hackerone.com/reports/1637621
πΉ Severity: No Rating | π° 4,000 USD
πΉ Reported To: GitHub
πΉ Reported By: #jupenur
πΉ State: π’ Resolved
πΉ Disclosed: November 3, 2022, 3:33pm (UTC)
RepositoryPipeline allows importing of local git repos
π https://hackerone.com/reports/1685822
πΉ Severity: Medium | π° 22,300 USD
πΉ Reported To: GitLab
πΉ Reported By: #vakzz
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:43am (UTC)
π https://hackerone.com/reports/1685822
πΉ Severity: Medium | π° 22,300 USD
πΉ Reported To: GitLab
πΉ Reported By: #vakzz
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:43am (UTC)
DOS via move_issue
π https://hackerone.com/reports/1543584
πΉ Severity: Medium | π° 2,300 USD
πΉ Reported To: GitLab
πΉ Reported By: #legit-security
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:44am (UTC)
π https://hackerone.com/reports/1543584
πΉ Severity: Medium | π° 2,300 USD
πΉ Reported To: GitLab
πΉ Reported By: #legit-security
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:44am (UTC)
Path paths and file disclosure vulnerabilities at influxdb.quality.gitlab.net
π https://hackerone.com/reports/1643962
πΉ Severity: Low | π° 100 USD
πΉ Reported To: GitLab
πΉ Reported By: #otoyyy
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:46am (UTC)
π https://hackerone.com/reports/1643962
πΉ Severity: Low | π° 100 USD
πΉ Reported To: GitLab
πΉ Reported By: #otoyyy
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:46am (UTC)