Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Liberapay - HackerOne Reports

View on HackerOne

47

Total Reports

0

Critical

1

High

6

Medium

12

Low

Phishing by Navigating Browser Tabs

Reported by: 4w3 | Disclosed:

Insecure Account Deletion

Reported by: hack2684 | Disclosed:

Weakness: Improper Authentication - Generic

Unsecure changing password

Reported by: asdfasdfasdfasdfasdfsdfsdfsdf | Disclosed:

The csrf token remains same after user logs in

Reported by: d4w | Disclosed:

Weakness: Violation of Secure Design Principles

CSRF token manipulation in every possible form submits. NO server side Validation

Reported by: mah1ndra | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Missing back-end user input validation can lead to DOS flaw

Reported by: zuh4n | Disclosed:

Weakness: Business Logic Errors

csrf token did not changed after login/logout many times

Reported by: cryptographer | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Exploiting JSONP callback on /username/charts.json endpoint leads to information disclosure despite user's privacy settings

Reported by: kapytein | Disclosed:

Medium

Weakness: Information Disclosure

Able to View other users income history

Reported by: amaljacob | Disclosed:

Weakness: Insecure Direct Object Reference (IDOR)

Anyone can register organization legal type as "Soletrader"

Reported by: 4bg0p | Disclosed:

Weakness: Resource Injection

Publicly editable GitHub wikis

Reported by: strukt | Disclosed:

High

Weakness: Improper Access Control - Generic

Origin IP found, Cloudflare bypassed

Reported by: europa | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Current CSP Policy chained with HTML Injection can lead to Data Exfiltration

Reported by: oroborus | Disclosed:

Weakness: Violation of Secure Design Principles

CSRF to make any user accept the invitation to the team

Reported by: albatraoz | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Private target account appears in search results

Reported by: magic_spell | Disclosed:

Weakness: Privacy Violation

Full Path disclosure on 500 error

Reported by: rajauzairabdullah | Disclosed:

Low

Weakness: Information Disclosure

Returning back from the browser after logging off will disclose some information

Reported by: zir0x | Disclosed:

Weakness: Business Logic Errors

Csrf token does not meet security design

Reported by: wsfengfan474 | Disclosed:

A single user can subscribe a community multiple times

Reported by: mkind | Disclosed:

Weakness: Business Logic Errors

Password Reset Token Leak Via Referrer

Reported by: 0xthem7 | Disclosed:

Medium

Weakness: Information Disclosure

Previous Page 2 of 3 Next