Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GSA Bounty - HackerOne Reports

View on HackerOne

49

Total Reports

3

Critical

9

High

19

Medium

11

Low

Cache poisoning DoS to various TTS assets

Reported by: nathand | Disclosed:

High

Weakness: Violation of Secure Design Principles

Subdomain take-over of {REDACTED}.18f.gov

Reported by: jackds | Disclosed:

High

Weakness: Privilege Escalation

Improper Session management can cause account takeover[https://micropurchase.18f.gov]

Reported by: tikoo_sahil | Disclosed:

Medium

Weakness: Insufficient Session Expiration

Email Spoofing - SPF record set to Neutral

Reported by: ramakanthk35 | Disclosed:

Weakness: Violation of Secure Design Principles

CSRF in generating a new Personal Key

Reported by: streaak | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Content injection via URL parameter.

Reported by: johnh4x0r | Disclosed:

Weakness: Code Injection

CSRF to change Account Security Keys on secure.login.gov

Reported by: fawazxq | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

{REDACTED}.data.gov subdomain takeover.

Reported by: edoverflow | Disclosed:

High

Weakness: Violation of Secure Design Principles

Error Page Content Spoofing or Text Injection

Reported by: myskar | Disclosed:

Previous Page 3 of 3