Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Nord Security - HackerOne Reports

View on HackerOne

47

Total Reports

2

Critical

3

High

18

Medium

14

Low

Sensitive Information Disclosure on https://nordvpn.com/

Reported by: 011alsanosi | Disclosed:

Weakness: Information Disclosure

Account deletion requests not entirely honoured. Misinformation even after seeking clarification from customer support.

Reported by: keshavkejriwal | Disclosed:

Low

Weakness: Privacy Violation

Incorrect control of the trial period

Reported by: corryl | Disclosed:

Medium

Weakness: Client-Side Enforcement of Server-Side Security

Password Reset Link Works Multiple Times

Reported by: exag0ra | Disclosed:

Low

Weakness: Improper Access Control - Generic

Reflected XSS via IE

Reported by: devashishsoni | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Race condition (TOCTOU) in NordVPN can result in local privilege escalation

Reported by: hexgold | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Possible RCE through Windows Custom Protocol on Windows client

Reported by: cyku | Disclosed:

Medium

Weakness: OS Command Injection

User password left in memory in plain text after GUI launch

Reported by: kaimi | Disclosed:

Low

Weakness: Violation of Secure Design Principles

CSRF to change password

Reported by: paramdham | Disclosed:

Critical

Weakness: Cross-Site Request Forgery (CSRF)

Hard-coded API keys at NordVpn Android App

Reported by: dantt | Disclosed:

Weakness: Use of Hard-coded Credentials

Vulnerabilities chain leading to privilege escalation

Reported by: r3ggi-on-h1 | Disclosed:

Medium

Weakness: Privilege Escalation

Host header injection/redirection | signup and login page

Reported by: hassancypher | Disclosed:

Low

Weakness: Open Redirect

CORS Misconfiguration on nordvpn.com leading to Private Information Disclosure,Account takeover

Reported by: shardulb_23 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Reduced Payment amount while paying on Crypto Currencies

Reported by: archerl | Disclosed:

Weakness: Improper Access Control - Generic

NordVPN Android Application privacy violation due to Google Advertising Identifier misuse

Reported by: tomtenisse | Disclosed:

Weakness: Privacy Violation

Unauthorized User Can Delete Any User Account

Reported by: d4rk_g1rl | Disclosed:

Weakness: Privacy Violation

Email address is not validated, No Rate Limit and RCE On Forgot Password Page Of affiliates.nordvpn.com

Reported by: bbece5b1ea2cbb33d0690ad | Disclosed:

Medium

Weakness: Improper Authentication - Generic

nordvpn Linux Desktop executable application does not use pie / no ASLR

Reported by: x54xc3 | Disclosed:

Weakness: Violation of Secure Design Principles

Past payments using the Direct Debit method keep subscriptions active even if payments fail

Reported by: zaitunoil | Disclosed:

Weakness: Business Logic Errors

Expired Available Domains in nordvpn.com website code

Reported by: khizer47 | Disclosed:

Weakness: Privacy Violation

Previous Page 2 of 3 Next