Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Infogram - HackerOne Reports

View on HackerOne

48

Total Reports

1

Critical

5

High

20

Medium

14

Low

HTML injection

Reported by: nihadrekanym | Disclosed:

A10 – Unvalidated Redirects and Forwards

Reported by: romanshyadav | Disclosed:

Low

Weakness: Open Redirect

Bypass for blind SSRF #281950 and #287496

Reported by: 7001 | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

Bruteforcing Coupons

Reported by: t-pwn | Disclosed:

Bypass insecure password validation

Reported by: japz | Disclosed:

Low

Stored XSS in content when Graph is created via API

Reported by: krankopwnz | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Internal Ports Scanning via Blind SSRF (URL Redirection to beat filter)

Reported by: spicyturtle | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

LFI through the MySQL connection

Reported by: muon4 | Disclosed:

High

Weakness: Information Disclosure

Javascript Payload reflected Back in Report Embed Code

Reported by: zubair | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

Bypass to report #280389 [Thinking The issue is not fixed Yet]

Reported by: love_bugs | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Internal Ports Scanning via Blind SSRF

Reported by: tungpun | Disclosed:

Weakness: Information Disclosure

possibility to create account without username

Reported by: luthrax | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Privilege escalation allows to use iframe functionality w/o upgrade

Reported by: muon4 | Disclosed:

Weakness: Privilege Escalation

New team invitation functionality allows extend team without upgrade

Reported by: muon4 | Disclosed:

Medium

Weakness: Privilege Escalation

No notification on Password Change

Reported by: kiddie | Disclosed:

Medium

No Confirmation or Notification During Email Change which can leads to account takeover

Reported by: kiddie | Disclosed:

Medium

Sensitive information is publicly available

Reported by: romanshyadav | Disclosed:

Medium

Weakness: Cleartext Storage of Sensitive Information

Report Design Critical Stored DOM XSS Vulnerability

Reported by: mksecurity | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Stored XSS in the Custom Logo link (non-Basic plan required)

Reported by: sp1d3rs | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

XSS on Report Classic

Reported by: nihadrekanym | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

Previous Page 2 of 3 Next