Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Evernote - HackerOne Reports

View on HackerOne

9

Total Reports

2

Critical

2

High

3

Medium

2

Low

Reflected XSS in the shared note view on https://evernote.com

Reported by: sarka | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $500.00

Reflected + Stored XSS - https://discussion.evernote.com

Reported by: renekroka | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Full read SSRF in www.evernote.com that can leak aws metadata and local file inclusion

Reported by: neolex | Disclosed:

Critical

Weakness: Server-Side Request Forgery (SSRF)

CSRF leads to account deactivation of users

Reported by: sampritdas | Disclosed:

Medium

Bounty: $300.00

2 click Remote Code execution in Evernote Android

Reported by: hulkvision_ | Disclosed:

High

Weakness: Path Traversal: '.../...//'

Non-production Open Database In Combination With XXE Leads To SSRF

Reported by: kaulse | Disclosed:

Critical

Weakness: XML External Entities (XXE)

Email Verification Bypass by bruteforcing when setting up 2FA

Reported by: cyberworlcload | Disclosed:

Low

Weakness: Improper Restriction of Authentication Attempts

Bounty: $150.00

[34.96.80.155] Server Logs Disclosure lead to Information Leakage

Reported by: huntinex | Disclosed:

Low

Weakness: Privilege Escalation

Bounty: $150.00

One Click Code Execution via File

Reported by: ajdumanhug | Disclosed:

High

Weakness: Execution with Unnecessary Privileges