Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Internet Bug Bounty - HackerOne Reports

View on HackerOne

674

Total Reports

35

Critical

123

High

194

Medium

138

Low

DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)

Reported by: zeyu2001 | Disclosed:

High

Weakness: Improper Access Control - Generic

Bounty: $4200.00

CVEs: CVE-2022-32212

Buffer Overflow in ext_lm_group_acl helper

Reported by: aaron_costello | Disclosed:

High

Weakness: Classic Buffer Overflow

Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse

Reported by: vanhoefm | Disclosed:

Medium

Weakness: Reusing a Nonce, Key Pair in Encryption

CVEs: CVE-2017-13088 CVE-2017-13086 CVE-2017-13078 CVE-2017-13081 CVE-2017-13087 CVE-2017-13079 CVE-2017-13077 CVE-2017-13080 CVE-2017-13082 CVE-2017-13084

CVE-2024-31079 in nginx

Reported by: noentry | Disclosed:

Medium

Weakness: Stack Overflow

Bounty: $2600.00

CVE-2024-32760 in nginx

Reported by: noentry | Disclosed:

Medium

Bounty: $2600.00

CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows

Reported by: mprogrammer | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Bounty: $2540.00

Use After Free Vulnerability in array_walk()/array_walk_recursive()

Reported by: ryat | Disclosed:

Weakness: Memory Corruption - Generic

CVE-2023-23914: HSTS ignored on multiple requests

Reported by: nyymi | Disclosed:

Low

Weakness: Business Logic Errors

Bounty: $480.00

Some build dependencies are downloaded over an insecure channel (without subsequent integrity checks)

Reported by: jub0bs | Disclosed:

High

Weakness: Cryptographic Issues - Generic

Bounty: $100.00

rpcbind "rpcbomb" CVE-2017-8779, CVE-2017-8804

Reported by: guido | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

CVEs: CVE-2017-8804 CVE-2017-8779

CVE-2016-0772 - python: smtplib StartTLS stripping attack

Reported by: hxd | Disclosed:

Weakness: Cryptographic Issues - Generic

Bounty: $1000.00

CVEs: CVE-2016-0772

4 severe remote + several minor OpenVPN vulnerabilities

Reported by: guido | Disclosed:

High

CVEs: CVE-2017-7521 CVE-2017-7520 CVE-2017-7522 CVE-2017-7508

Roundcube virtualmin privilege escalation (CVE-2017-8114)

Reported by: ilsani | Disclosed:

Medium

Weakness: Command Injection - Generic

CVEs: CVE-2017-8114

Cross-site information assertion leak via Content Security Policy

Reported by: zemnmez | Disclosed:

Weakness: Information Disclosure

Unbounded memory growth with session handling in TLSv1.3

Reported by: manishpatidar | Disclosed:

Low

Weakness: Allocation of Resources Without Limits or Throttling

Bounty: $497.00

(CVE-2023-32004) Permission model bypass by specifying a path traversal sequence in a Buffer

Reported by: haxatron1 | Disclosed:

High

Weakness: Path Traversal

(CVE-2023-32003) fs.mkdtemp() and fs.mkdtempSync() are missing getValidatedPath() checks

Reported by: haxatron1 | Disclosed:

Low

(CVE-2023-32006) Permissions policies can impersonate other modules in using module.constructor.createRequire()

Reported by: haxatron1 | Disclosed:

Medium

important: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (CVE-2024-40898)

Reported by: xi4o7unj1e | Disclosed:

High

Bounty: $4263.00

mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full (CVE-2020-7065)

Reported by: anatoliq | Disclosed:

High

Weakness: Stack Overflow

CVEs: CVE-2020-7065

Previous Page 3 of 34 Next