Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Omise - HackerOne Reports

View on HackerOne

28

Total Reports

1

Critical

2

High

14

Medium

7

Low

Open Redirect

Reported by: jishnu_sudhakaran | Disclosed:

Low

Weakness: Open Redirect

Bounty: $100.00

Subdomain takeover http://accessday.opn.ooo/

Reported by: secsoya | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $50.00

Facebook Username Takeover via Broken Link in Footer

Reported by: vulnerability_is_here | Disclosed:

Low

Weakness: Improper Access Control - Generic

████.

Reported by: tw4v3sx | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $100.00

The endpoint '/test/webhooks' is vulnerable to DNS Rebinding

Reported by: sim4n6 | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Cross-site scripting on dashboard2.omise.co

Reported by: oblivionlight | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $200.00

Failure to Invalid Session after Password Change

Reported by: d3tonator | Disclosed:

Medium

Weakness: Insufficient Session Expiration

Open redirect Via X-Forwarded-Host

Reported by: ndizon_ | Disclosed:

Low

Weakness: Open Redirect

Signup with any email and enable 2FA without verifying email

Reported by: rioncool22 | Disclosed:

Medium

assets/vendor.js file exposing sentry.io token and DNS and application id .

Reported by: malicious_7 | Disclosed:

Medium

Weakness: Information Disclosure

Anonymous access control - Payments Status

Reported by: codeslayer1337 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $100.00

Unauthorized Access - downgraded admin roles to none can still edit projects through brupsuite

Reported by: irwanjugabro | Disclosed:

High

Brute force of a current password on a disable 2fa leads to guess password and disable 2fa.

Reported by: sachinrajput | Disclosed:

Weakness: Improper Restriction of Authentication Attempts

Email enumeration at SignUp page

Reported by: sheerwood | Disclosed:

Low

Weakness: Information Disclosure

Race condition on action: Invite members to a team

Reported by: sim4n6 | Disclosed:

Low

Weakness: Business Logic Errors

Secret API Key is logged in cleartext

Reported by: sim4n6 | Disclosed:

Medium

Weakness: Cleartext Storage of Sensitive Information

Broken Authentication and Session Management Flaw After Change Password and Logout

Reported by: root_geek280 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Brute force attack of current password on login page by bypassing account limit using IP rotator(https://dashboard.omise.co/signin)

Reported by: sachinrajput | Disclosed:

Medium

Weakness: Improper Restriction of Authentication Attempts

IDOR Payments Status

Reported by: codeslayer1337 | Disclosed:

Low

Weakness: Business Logic Errors

Bounty: $100.00

Host Header Injection leads to Open Redirect and Content Spoofing or Text Injection.

Reported by: oblivionlight | Disclosed:

Medium

Bounty: $300.00

Page 1 of 2 Next