Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Nord Security - HackerOne Reports

View on HackerOne

47

Total Reports

2

Critical

3

High

18

Medium

14

Low

Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information

Reported by: hridoy-ahmed | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Email verification bypass for manual connection setup using service credentials

Reported by: yozzo_ | Disclosed:

Medium

IDOR allow access to payments data of any user

Reported by: dakitu | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Version problem in wordpress leads to the many vulnearability

Reported by: bobby6102000 | Disclosed:

Low

CVEs: CVE-2019-9787 CVE-2019-17675 CVE-2019-17674 CVE-2019-17670 CVE-2019-17671 CVE-2019-17672 CVE-2019-17673 CVE-2019-17669 CVE-2019-16222 CVE-2019-16219

No Rate Limit On Forgot Password Page Of NordVPN

Reported by: th3pr0xyb0y | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Password Reset Link Leaked In Refer Header In Request To Third Party Sites

Reported by: th3pr0xyb0y | Disclosed:

Low

Weakness: Cleartext Transmission of Sensitive Information

Html Injection and Possible XSS in main nordvpn.com domain

Reported by: kiriknik | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

User data not anonymized is sent to analytics server

Reported by: martinbydefault | Disclosed:

Medium

Weakness: Privacy Violation

Sensitive Information Disclosure on https://nordvpn.com/

Reported by: 011alsanosi | Disclosed:

Weakness: Information Disclosure

NordVPN Android Application privacy violation due to Google Advertising Identifier misuse

Reported by: tomtenisse | Disclosed:

Weakness: Privacy Violation

Vulnerabilities chain leading to privilege escalation

Reported by: r3ggi-on-h1 | Disclosed:

Medium

Weakness: Privilege Escalation

Reduced Payment amount while paying on Crypto Currencies

Reported by: archerl | Disclosed:

Weakness: Improper Access Control - Generic

NordVPN Linux Client - Unsafe service file permissions leads to Local Privilege Escalation

Reported by: bashketchum | Disclosed:

Medium

Weakness: Privilege Escalation

Past payments using the Direct Debit method keep subscriptions active even if payments fail

Reported by: zaitunoil | Disclosed:

Weakness: Business Logic Errors

Arbitrary Set-Cookie via "?coupon=" due to semi-colon not encoded

Reported by: yuyudhn | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Expired Available Domains in nordvpn.com website code

Reported by: khizer47 | Disclosed:

Weakness: Privacy Violation

No Rate Limit On Forgot Password Page Of affiliates.nordvpn.com

Reported by: alishah | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Misconfigured web directory allows to retrieve public proxy list

Reported by: zhh | Disclosed:

Weakness: Information Disclosure

UI Redressing (Clickjacking) vulnerability

Reported by: be327e0cff8893bf8ab8592 | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Denial of Service with Cookie Bomb

Reported by: bihari_web | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Page 1 of 3 Next