Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Internet Bug Bounty - HackerOne Reports

View on HackerOne

674

Total Reports

35

Critical

123

High

194

Medium

138

Low

putty pscp client-side post-auth stack buffer overwrite when processing remote file size

Reported by: hxd | Disclosed:

Weakness: Memory Corruption - Generic

Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame.

Reported by: s1r1u5 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

ASAR Integrity bypass via filetype confusion

Reported by: marshallofsound | Disclosed:

Medium

Bounty: $2540.00

CVE-2022-23519: Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)

Reported by: 0b5cur17y | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $2400.00

Rails ActionView sanitize helper bypass leading to XSS using SVG tag.

Reported by: haqpl | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $2400.00

CVE-2022-23520: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)

Reported by: 0b5cur17y | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $2400.00

CVEs: CVE-2022-32209

Race condition in Flash workers may cause an exploitable double free

Reported by: biloulehibou | Disclosed:

Weakness: Memory Corruption - Generic

CVEs: CVE-2014-0574

Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak

Reported by: tmnt53 | Disclosed:

High

Weakness: Buffer Over-read

CVEs: CVE-2018-6797

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

Reported by: nimia | Disclosed:

Weakness: Cryptographic Issues - Generic

heap-buffer-overflow (write) simplestring_addn simplestring.c

Reported by: pjumde | Disclosed:

Weakness: Memory Corruption - Generic

gdImageTrueColorToPaletteBody allows arbitrary write/read access

Reported by: fms | Disclosed:

Weakness: Memory Corruption - Generic

Bounty: $500.00

Heap Buffer Overflow

Reported by: b6945caf98f2f809b8e6ece | Disclosed:

Low

Weakness: Memory Corruption - Generic

Flash “local-with-filesystem” Bypass in navigateToURL

Reported by: irsdl | Disclosed:

Weakness: Privilege Escalation

CVEs: CVE-2016-4178

external entity expansion in Apache POI

Reported by: told_snider | Disclosed:

Weakness: Information Disclosure

CVE-2023-30587 Process-based permissions can be bypassed with the "inspector" module.

Reported by: mattaustin | Disclosed:

High

Weakness: Improper Access Control - Generic

Bounty: $3495.00

[curl] CVE-2023-32001: fopen race condition

Reported by: selmelc | Disclosed:

Medium

Weakness: Time-of-check Time-of-use (TOCTOU) Race Condition

Bounty: $2480.00

CVEs: CVE-2023-32001

Context isolation bypass via nested unserializable return value

Reported by: marshallofsound | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $2550.00

Basic Authentication Heap Overflow

Reported by: jeriko_one | Disclosed:

High

Weakness: Heap Overflow

CVEs: CVE-2019-12527

heap-buffer-overflow (READ of size 11) in Perl 5.25.x

Reported by: geeknik | Disclosed:

Low

Weakness: Heap Overflow

CVE-2016-4796 OpenJPEG color_cmyk_to_rgb Out-of-Bounds Read Vulnerability

Reported by: binvul | Disclosed:

Weakness: Memory Corruption - Generic

CVEs: CVE-2016-4796

Previous Page 6 of 34 Next