Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Mars - HackerOne Reports

View on HackerOne

64

Total Reports

11

Critical

11

High

30

Medium

10

Low

insecure deserilize object leads to RCE On Sitecore (CVE-██████████-27218)

Reported by: reinhardtthe | Disclosed:

Critical

Weakness: Deserialization of Untrusted Data

Datadog api keys exposed can be used to do all the read and write access to the instance

Reported by: harshdranjan | Disclosed:

Critical

Weakness: Information Disclosure

Attacker can add two free bags offered by the site at the same time.

Reported by: mkhmd17 | Disclosed:

Medium

Weakness: Business Logic Errors

Insecure API Response Leads to Disclosure of Hashed Passwords

Reported by: itsmatinx | Disclosed:

Medium

Weakness: Information Disclosure

RXSS on stores on *█████████/visitorRegistration.pml via destination parameter

Reported by: kuriyama | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Reflected XSS on formaction parameter

Reported by: e5p3ctr0x96 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Unauthenticated Sensitive Information Disclosure on █████████ CVE-2021-38314

Reported by: kuriyama | Disclosed:

Medium

Weakness: Information Disclosure

Client Side Template Injection to Stored XSS in Image Collection

Reported by: themarkib0x0 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

"CSRF Vulnerability in ███████ Website Allows Attackers to Change User Profile Picture at ███████"

Reported by: bx00 | Disclosed:

Medium

Order More Than Maximum Allowed Quantity

Reported by: blackbird_azar | Disclosed:

Weakness: Business Logic Errors

Sqli on ██████ search functionality

Reported by: b_i_n_i_a_m | Disclosed:

Medium

Weakness: SQL Injection

Stored XSS via ' profile ' at ███

Reported by: 0xs4m | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

CSRF resulting in adding pet at ███████

Reported by: dr34m14 | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

CVE-2022-21371: Oracle WebLogic Server Local File Inclusion

Reported by: deb0con | Disclosed:

High

Critical Unauthenticated Access to Sensitive Employee and Customer Data Including Invoice Details at ████

Reported by: skoll101 | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Information Exposure due to enabled debug mode

Reported by: thpless | Disclosed:

Low

0 Click account takeover via timed requests to ███████forgot-password (single-packet attack)

Reported by: 0x999 | Disclosed:

High

Weakness: Use of a Broken or Risky Cryptographic Algorithm

Information Exposure Through Directory Listing

Reported by: mo3giza | Disclosed:

High

Weakness: Information Exposure Through Directory Listing

███████ ' can delete any animal from other account ' at ██████████

Reported by: 0xs4m | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Blind SQL Injection on █████ via URI Path

Reported by: stuux | Disclosed:

Critical

Weakness: SQL Injection

Previous Page 2 of 4 Next