Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Reddit - HackerOne Reports

View on HackerOne

71

Total Reports

7

Critical

21

High

24

Medium

12

Low

Rate limit is implemented in Reddit , but its not working .

Reported by: suryanm | Disclosed:

Low

Weakness: Improper Authentication - Generic

User Account has been taken out

Reported by: ravitejag | Disclosed:

Critical

Weakness: Weak Cryptography for Passwords

Reflected XSS via File Upload

Reported by: greymanx1 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

IDOR lets a malicious user reveal the unpinned achievement badges of any Reddit user

Reported by: saurabhb | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

Content Spoofing/Text Injection at https://gateway-production.dubsmash.com

Reported by: karthik86 | Disclosed:

Weakness: User Interface (UI) Misrepresentation of Critical Information

RichText parser vulnerability in scheduled posts allows XSS

Reported by: la_revoltage | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $5000.00

Admin can create a hidden admin account which even the owner can not detect and remove and do administrative actions on the application.

Reported by: 41bin | Disclosed:

High

Weakness: Improper Access Control - Generic

Unrestricted File Upload on reddit.secure.force.com

Reported by: heckintosh | Disclosed:

Low

Bounty: $100.00

CVEs: CVE-2022-30190

Broken links make users from France unable to understand the allowed content policy

Reported by: ardyanv1ckyramadhan | Disclosed:

critical file found etc/passwd on www.reddit.com

Reported by: himan253 | Disclosed:

High

Weakness: Information Disclosure

XSS Reflected on reddit.com via url path

Reported by: criptex | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

read and message other user's messages

Reported by: beksem35 | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Vulnerability Name: URL Redirection / Unvalidate Open Redirect

Reported by: hasnain_123 | Disclosed:

Weakness: Open Redirect

Regression on dest parameter sanitization doesn't check scheme/websafe destinations

Reported by: mrzheev | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $500.00

[accounts.reddit.com] Redirect parameter allows for XSS

Reported by: dvorakxl | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $5000.00

XSS in redditmedia.com can compromise data of reddit.com

Reported by: keer0k | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

sensitive data exposure

Reported by: saibalaji143_ | Disclosed:

High

Weakness: Insecure Storage of Sensitive Information

Reddit talk promotion offers don't expire, allowing users to accept them after being demoted

Reported by: ahacker1 | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $1000.00

Can use the Reddit android app as usual even though revoking the access of it from reddit.com

Reported by: sateeshn | Disclosed:

Critical

Weakness: Insufficient Session Expiration

Huge amount of Subdomains Takeovers at Reddit.com

Reported by: krrishbajaj | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Page 1 of 4 Next