Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

LY Corporation - HackerOne Reports

View on HackerOne

41

Total Reports

6

Critical

8

High

17

Medium

8

Low

Path traversal in filename in LINE Mac client

Reported by: hackerontwowheels | Disclosed:

High

Weakness: Path Traversal

See drafts and post articles if the account owner hasn't set password (livedoor CMS plugin)

Reported by: akichia | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Client-Side Path Traversal on LINE Developers Console

Reported by: never_die | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Spring Actuator endpoints publicly available and broken authentication

Reported by: kazan71p | Disclosed:

Critical

Weakness: Misconfiguration

Bounty: $12500.00

LINE Profile ID leaks in OpenChat

Reported by: aki__0421 | Disclosed:

High

Bounty: $3000.00

Access to images and videos in drafts on LINE BLOG

Reported by: akichia | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Arbitrary Code Execution via npm misconfiguration – installing internal libraries from the public registry

Reported by: alexbirsan | Disclosed:

Critical

Weakness: Code Injection

Bounty: $11500.00

Spring Actuator endpoints publicly available, leading to account takeover

Reported by: kazan71p | Disclosed:

Critical

Weakness: Misconfiguration

Bounty: $5000.00

XSS on LINE CAREERS

Reported by: nightm4re | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

DoS of LINE client for Android via message containing multiple unicode characters (0x0e & 0x0f)

Reported by: alderson-chiu | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Blind SSRF in social-plugins.line.me

Reported by: sirleeroyjenkins | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $100.00

Reflected XSS in OAUTH2 login flow

Reported by: derision | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $1989.50

Bot setting information leakage in OpenChat room

Reported by: akichia | Disclosed:

Low

Weakness: Improper Access Control - Generic

Webview address bar spoofing in LINE client for iOS

Reported by: reinforchu | Disclosed:

Low

Weakness: Phishing

Get-based SSRF limited to HTTP protocol on https://resizer.line-apps.com/form

Reported by: ledz1996 | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Able to Become Admin for Any LINE Official Account

Reported by: ngalog | Disclosed:

Critical

Weakness: Privilege Escalation

Improper authorization allows disclosing users' notification data in Notification channel server

Reported by: aki__0421 | Disclosed:

High

Weakness: Improper Authorization

Bounty: $2000.00

File sizes may be manipulated into negative numbers when uploading

Reported by: yinmo | Disclosed:

Medium

Weakness: Business Logic Errors

Bounty: $500.00

Reflected XSS in OAUTH2 login flow (https://access.line.me)

Reported by: tosun | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Missing ownership check in 2FA for secondary client login

Reported by: shi0n | Disclosed:

Critical

Page 1 of 3 Next