Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Kaspersky - HackerOne Reports

View on HackerOne

19

Total Reports

1

Critical

2

High

12

Medium

3

Low

Kaspersky Password Manager is vulnerable to HTML injection in the browser action pop-up via user name

Reported by: palant | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Several domains on kaspersky.com are vulnerable to Web Cache Deception attack

Reported by: golim | Disclosed:

Medium

Weakness: Insecure Storage of Sensitive Information

test report

Reported by: rkhunter | Disclosed:

Medium

Weakness: Heap Overflow

Kaspersky Password Manager allows websites to access user's address data

Reported by: palant | Disclosed:

Medium

Weakness: Information Disclosure

Unauthorized command execution in Web protection component of Anti-Virus products family [IE]

Reported by: palant | Disclosed:

Medium

Weakness: Command Injection - Generic

Kaspersky Protection extension for Google Chrome is vulnerable to abuse its features

Reported by: palant | Disclosed:

Medium

Weakness: Command Injection - Generic

Unauthorized command execution in Web protection component of Anti-Virus products family

Reported by: palant | Disclosed:

Medium

Weakness: Command Injection - Generic

In App purchase Hack

Reported by: huntman | Disclosed:

Critical

Weakness: Use of a Key Past its Expiration Date

Keys

Reported by: ashishag29 | Disclosed:

Low

Weakness: Information Disclosure

No Rate Limit On Forgot Password Page

Reported by: hacker-yadav | Disclosed:

Low

Weakness: Improper Access Control - Generic

Hard Coded username and password in registry

Reported by: bluedangerforyou | Disclosed:

Weakness: Use of Hard-coded Credentials

Certificate warnings and similar UI elements in Web protection of Anti-Virus products family are susceptible to clickjacking

Reported by: palant | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

URL Advisor component in KIS products family is vulnerable to Universal XSS

Reported by: palant | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

[Fixed] A vulnerability in KAVKIS 2020 products family allows full disabling of protection

Reported by: abbadeed | Disclosed:

High

Weakness: Code Injection

[Fixed] KIS for macOS is vulnerable to AV bypass due to improper client authorization on XPC service

Reported by: theevilbit | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Web protection component in Anti-Virus products family uses predictable links for certificate warnings

Reported by: palant | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Web protection component in Anti-Virus products family ignores HSTS security policy

Reported by: palant | Disclosed:

Medium

Weakness: Man-in-the-Middle

Unauthorized command execution in Web protection component of Anti-Virus products family [FF, Chrome]

Reported by: palant | Disclosed:

Medium

Weakness: Command Injection - Generic

Stored credentials instantly autofilled within sandboxed iframes

Reported by: alesandroortiz | Disclosed:

Low

Weakness: Information Disclosure