Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Phabricator - HackerOne Reports

View on HackerOne

36

Total Reports

1

Critical

5

High

9

Medium

6

Low

An unsafe design practice in the Passphrase may result in Secret being accidentally changed.

Reported by: kevin_c | Disclosed:

High

Weakness: Violation of Secure Design Principles

User can link non-public file attachments, leading to file disclose on edit by higher-privileged user

Reported by: foobar7 | Disclosed:

Medium

Weakness: Business Logic Errors

Bounty: $500.00

Window.opener protection Bypass

Reported by: ranjit_p | Disclosed:

Bounty: $300.00

The "Download Raw Diff" URL is viewable by everyone

Reported by: newfunction | Disclosed:

Low

Weakness: Information Disclosure

Deprecated owners.query API bypasses object view policy

Reported by: dyls | Disclosed:

Weakness: Improper Access Control - Generic

Bounty: $300.00

Markdown parsing issue enables insertion of malicious tags

Reported by: sectex | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

SSRF in notifications.server configuration

Reported by: codeprivate | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $300.00

Broken Authentication and Session Management lead to take over account

Reported by: thund3r17 | Disclosed:

High

Weakness: Improper Access Control - Generic

Conduit feed.publish API allows you to spoof other users or make it look like you have access to a restricted object

Reported by: dyls | Disclosed:

Bounty: $300.00

IDOR bug to See hidden slowvote of any user even when you dont have access right

Reported by: ranjit_p | Disclosed:

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $300.00

Fetching binaries (for software installation) over HTTP without verification (RCE as ROOT by MITM)

Reported by: e3amn2l | Disclosed:

Bounty: $300.00

Differential "Show Raw File" feature exposes generated files to unauthorised users

Reported by: calvium | Disclosed:

Medium

Weakness: Information Disclosure

IRC-Bot exposes information

Reported by: luke081515 | Disclosed:

Medium

Weakness: Information Disclosure

Slowvote and Countdown can cause Denial of Service due to recursive inclusion

Reported by: dyls | Disclosed:

Weakness: Uncontrolled Resource Consumption

Global default settings page is accessible to non-administrators

Reported by: dyls | Disclosed:

Weakness: Improper Access Control - Generic

Bounty: $300.00

TOTP Key is shorter than RFC 4226 recommended minimum

Reported by: insufficiententropy | Disclosed:

Weakness: Cryptographic Issues - Generic

Bounty: $300.00

Previous Page 2 of 2