Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

IBM - HackerOne Reports

View on HackerOne

40

Total Reports

16

Critical

8

High

13

Medium

0

Low

response manipulation leads to bypass in register at employee website than 0 click account takeover

Reported by: ro0od | Disclosed:

Critical

Weakness: Improper Authentication - Generic

SSRF and secret key disclosure found on Turbonomic endpoint

Reported by: mersa-v6 | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

SSRF and secret key disclosure found on Turbonomic endpoint

Reported by: mersa-v6 | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

jazz.net - publicly accessible .svn repositories

Reported by: cyber_punk | Disclosed:

Weakness: LLM06: Sensitive Information Disclosure

Remote Code Execution at https://169.38.86.185/ (edst.ibm.com)

Reported by: haxor31337 | Disclosed:

Critical

Weakness: Command Injection - Generic

Path Traversal Vulnerability found on IBM Cloud

Reported by: 0x4bdo | Disclosed:

Critical

Weakness: Path Traversal

Moodle XSS on s-immerscio.comprehend.ibm.com

Reported by: 0xpugal | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

IDOR in channel ID leads to customer email disclosure on https://video.ibm.com

Reported by: tusnj | Disclosed:

High

Weakness: Information Disclosure

Insecure Object Permissions for Guest User leads to access to internal documents!

Reported by: mocr7 | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Information disclosure on IBM training service endpoint

Reported by: thpless | Disclosed:

Weakness: Insecure Direct Object Reference (IDOR)

XSS in IBM InfoCenter

Reported by: onlyaviv | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Exposed Logs and Bearer Tokens on Test Endpoint

Reported by: facades | Disclosed:

Weakness: Information Disclosure

SQL Injection and plaintext passwords via User Search

Reported by: xyantix | Disclosed:

High

Weakness: SQL Injection

POST based Cross-Site Scripting on IBM research endpoint

Reported by: youssifs7 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Reflected XSS and Blind out of band command injection at subdomain dstuid-ww.dst.ibm.com

Reported by: ragnaroc | Disclosed:

High

Weakness: OS Command Injection

IDOR in upload videos of a Channel on https://video.ibm.com

Reported by: tusnj | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Weak credentials found in Jenkins endpoint

Reported by: sweetheart1337_ | Disclosed:

Critical

Unauthenticated Remote Access to Testing Endpoint

Reported by: sajidraza | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Cleartext storage of sensitive information at https://staging.status.ai-apps-comms.ibm.com/env can lead to account takeover of several IBM employees

Reported by: zere | Disclosed:

Critical

Weakness: Cleartext Storage of Sensitive Information

XSS Refelected on jazz.net

Reported by: nightm4re | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Page 1 of 2 Next