Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Paragon Initiative Enterprises - HackerOne Reports

View on HackerOne

37

Total Reports

5

Critical

2

High

5

Medium

4

Low

Full Path Disclosure In EasyDB

Reported by: supernatural | Disclosed:

Weakness: Information Disclosure

Airship: Persistent XSS via Comment

Reported by: foobar7 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

[Airship CMS] Local File Inclusion - RST Parser

Reported by: h4ckninja | Disclosed:

High

Weakness: Information Disclosure

DMARC Not found for paragonie.com URGENT

Reported by: not_hackerone_hero | Disclosed:

Critical

Weakness: XML External Entities (XXE)

[Critical] billion dollars issue

Reported by: abdel-fattah-elsisi | Disclosed:

Critical

Weakness: Man-in-the-Middle

Full directory path listing

Reported by: test_this | Disclosed:

Weakness: Information Exposure Through Directory Listing

Not clearing hex-decoded variable after usage in Authentication

Reported by: sstok | Disclosed:

Weakness: Violation of Secure Design Principles

Missing rel=noopener noreferrer in target=_blank links (Phishing attack)

Reported by: e3amn2l | Disclosed:

Incorrect detection of onion URLs

Reported by: e3amn2l | Disclosed:

Missing GIT tag/commit verification in Docker

Reported by: e3amn2l | Disclosed:

Using plain git protocol (vulnerable to MITM)

Reported by: e3amn2l | Disclosed:

Not using Binary::safe* functions for substr/strlen function

Reported by: e3amn2l | Disclosed:

Non-secure requests are not automatically upgraded to HTTPS

Reported by: amalunni75310 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Github wikis are editable by anyone https://github.com/paragonie/password_lock/wiki

Reported by: nitish_mathur | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Improper validation of Email

Reported by: test_this | Disclosed:

Your Application Have Cacheable SSL Pages

Reported by: kiraak-boy | Disclosed:

Weakness: Violation of Secure Design Principles

Full Path Disclosure in password lock

Reported by: supernatural | Disclosed:

Weakness: Information Disclosure

Previous Page 2 of 2