Telegram Web
Admin can create a hidden admin account which even the owner can not detect and remove and do administrative actions on the application.

πŸ‘‰ https://hackerone.com/reports/1596663

πŸ”Ή Severity: High | πŸ’° 5,000 USD
πŸ”Ή Reported To: Reddit
πŸ”Ή Reported By: #41bin
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 14, 2022, 4:34am (UTC)
Open redirect at mc-beta-cloud-acronis.com

πŸ‘‰ https://hackerone.com/reports/846389

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: Acronis
πŸ”Ή Reported By: #angeltsvetkov
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 15, 2022, 9:49am (UTC)
New /add_contacts /remove_contacts quick commands susseptible to XSS from Customer Contact firstname/lastname fields

πŸ‘‰ https://hackerone.com/reports/1578400

πŸ”Ή Severity: High | πŸ’° 13,950 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #cryptopone
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 16, 2022, 1:07am (UTC)
XSS: `v-safe-html` is not safe enough

πŸ‘‰ https://hackerone.com/reports/1579645

πŸ”Ή Severity: High | πŸ’° 6,580 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #yvvdwf
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 16, 2022, 1:08am (UTC)
CSP-bypass XSS in project settings page

πŸ‘‰ https://hackerone.com/reports/1588732

πŸ”Ή Severity: High | πŸ’° 10,270 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #yvvdwf
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 16, 2022, 1:08am (UTC)
RCE via github import

πŸ‘‰ https://hackerone.com/reports/1672388

πŸ”Ή Severity: Critical | πŸ’° 33,510 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #yvvdwf
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 16, 2022, 1:10am (UTC)
Ability to bypass locked Cloudflare WARP on wifi networks.

πŸ‘‰ https://hackerone.com/reports/1635748

πŸ”Ή Severity: High | πŸ’° 1,000 USD
πŸ”Ή Reported To: Cloudflare Public Bug Bounty
πŸ”Ή Reported By: #joshatmotion
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 16, 2022, 8:59am (UTC)
[Git Gud] GitHub.com Svnbridge memcached deserialization vulnerability chain leading to Remote Code Execution

πŸ‘‰ https://hackerone.com/reports/1593913

πŸ”Ή Severity: Medium | πŸ’° 17,500 USD
πŸ”Ή Reported To: GitHub
πŸ”Ή Reported By: #ajxchapman
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 16, 2022, 9:22pm (UTC)
CSRF in AppSearch allows creation of "curations"

πŸ‘‰ https://hackerone.com/reports/1477050

πŸ”Ή Severity: Medium | πŸ’° 833 USD
πŸ”Ή Reported To: Elastic
πŸ”Ή Reported By: #dee-see
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 17, 2022, 1:26pm (UTC)
Directory Listing at https://β–ˆ.β–ˆ.β–ˆ.β–ˆ

πŸ‘‰ https://hackerone.com/reports/1771051

πŸ”Ή Severity: Low
πŸ”Ή Reported To: 8x8
πŸ”Ή Reported By: #shuvam321
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 18, 2022, 1:49am (UTC)
Default password on 34.120.209.175

πŸ‘‰ https://hackerone.com/reports/1415241

πŸ”Ή Severity: Medium | πŸ’° 245 USD
πŸ”Ή Reported To: Elastic
πŸ”Ή Reported By: #newspaper
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 18, 2022, 8:14am (UTC)
LOGJ4 VUlnerability [HtUS]

πŸ‘‰ https://hackerone.com/reports/1624137

πŸ”Ή Severity: Critical | πŸ’° 1,000 USD
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #fklet
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 18, 2022, 6:07pm (UTC)
Reflected XSS | https://β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

πŸ‘‰ https://hackerone.com/reports/1736433

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #x3ph_
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 18, 2022, 6:33pm (UTC)
Reflected XSS | https://β–ˆβ–ˆβ–ˆβ–ˆ

πŸ‘‰ https://hackerone.com/reports/1736432

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #x3ph_
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 18, 2022, 6:34pm (UTC)
IDOR on β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ [HtUS]

πŸ‘‰ https://hackerone.com/reports/1627974

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #nightm4re
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 18, 2022, 6:36pm (UTC)
Open Redirect at β–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

πŸ‘‰ https://hackerone.com/reports/1634105

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #angeltsvetkov
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 18, 2022, 6:37pm (UTC)
Reflected XSS in chatbot

πŸ‘‰ https://hackerone.com/reports/1735622

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #roland_hack
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 19, 2022, 3:56pm (UTC)
No rate limiting for Remove Account lead to huge Mass mailings

πŸ‘‰ https://hackerone.com/reports/1723445

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: Weblate
πŸ”Ή Reported By: #tanvir_0x
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 20, 2022, 9:08am (UTC)
Dependecy Confusion via Lookup Request Forwarding to PyPi.org

πŸ‘‰ https://hackerone.com/reports/1681275

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #usd-responsible-disclosure
πŸ”Ή State: βšͺ️ Informative
πŸ”Ή Disclosed: November 21, 2022, 3:49am (UTC)
Open redirect that can lead to malicious websites

πŸ‘‰ https://hackerone.com/reports/1771749

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: AMBER AI
πŸ”Ή Reported By: #mrdot404
πŸ”Ή State: βšͺ️ Informative
πŸ”Ή Disclosed: November 21, 2022, 7:24am (UTC)
2025/07/12 21:31:24
Back to Top
HTML Embed Code: