Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

LinkedIn - HackerOne Reports

View on HackerOne

45

Total Reports

3

Critical

8

High

24

Medium

7

Low

HTML injection at Company Name or Product Name and can be shown on Contact Sales form

Reported by: domg | Disclosed:

Low

Can VIEW Videos on LinkedIn Learning that Require a Subscription Without having to Subscribe Via `SHARE features`

Reported by: find_me_here | Disclosed:

Medium

Weakness: Privilege Escalation

User Details Can Be Disclosed Even If The Account IS In Hibernation State

Reported by: tushar6378 | Disclosed:

Low

Weakness: Information Disclosure

Can see phone numbers of others by providing mail address

Reported by: sevada797 | Disclosed:

High

Weakness: Information Disclosure

Html injection in event Description

Reported by: khaledx | Disclosed:

Low

Weakness: Improper Input Validation

Access to resumes applied through LinkedIn Jobs

Reported by: headhunter | Disclosed:

Critical

Weakness: Information Disclosure

HTML Injection in LinkedIn Premium Support Chat

Reported by: nagu123 | Disclosed:

Low

CSRF that makes any linkedin user follow attacker controlled accounts by simply clicking https://www.linkedin.com/comm/mynetwork/discovery-see-all/*

Reported by: marvelmaniac | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Entire database of emails exposed through URN injection

Reported by: ultrapowa | Disclosed:

Medium

Weakness: Code Injection

Unauthorized User can View Subscribers of Other Users Newsletters

Reported by: tushar6378 | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Unauthorized access to resumes stored on LinkedIn

Reported by: headhunter | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

LinkedIn users primary email + full name visibilty

Reported by: headhunter | Disclosed:

High

Weakness: Information Disclosure

An Attacker Can Flag Draft Job Posts And Can Disclose The Draft Job Posts Details [ Similar to #1581528 Resolved Report]

Reported by: tushar6378 | Disclosed:

Medium

Weakness: Business Logic Errors

[ Continuation Report from #1814842 ] Can create articles using other users' NewsLetters

Reported by: find_me_here | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Stored XSS on LinkedIn App via iframe tag in Article

Reported by: domg | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Users can access exams in course without having to subscribe to PREMIUM

Reported by: find_me_here | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Add me email address Authentication bypass

Reported by: raajeevrathnam | Disclosed:

Attackers can Upgrade and claim offer on the Premium Trial Subscription with a total price of IDR0.00 from the original IDR7,022,061.82

Reported by: find_me_here | Disclosed:

High

Weakness: Business Logic Errors

Employee-only Area Bypass

Reported by: mv0x01 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

HTTP Request Smuggling (CL.0) leads to mass redirect users to attacker server without user interaction

Reported by: vampirex | Disclosed:

High

Weakness: HTTP Request Smuggling

Page 1 of 3 Next