Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Reddit - HackerOne Reports

View on HackerOne

71

Total Reports

7

Critical

21

High

24

Medium

12

Low

Able to approve admin approval and change effective status without adding payment details .

Reported by: bisesh | Disclosed:

High

Weakness: Business Logic Errors

Bounty: $5000.00

Moderators can send messages to users from banned subreddits via `oauth.reddit.com/api/mod/conversations`

Reported by: ba-reynolds | Disclosed:

Low

Weakness: Improper Input Validation

Bounty: $100.00

Third party app could steal access token as well as protected files using inAppBrowser

Reported by: rahulkankrale | Disclosed:

Medium

Weakness: Information Disclosure

Getting access of mod logs from any public or restricted subreddit with IDOR vulnerability

Reported by: high_ping_ninja | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $5000.00

Outsider can affect Upvote Percentage of private subreddit post by calling /api/vote API

Reported by: trieulieuf9 | Disclosed:

Low

Weakness: Improper Access Control - Generic

CVE-2020-11022

Reported by: greymanx1 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

CVEs: CVE-2020-11022

HTML injection in API response including request url

Reported by: prilvesh | Disclosed:

Critical

Weakness: Remote File Inclusion

XSS via Mod Log Removed Posts

Reported by: ahacker1 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $6000.00

Application level DOS at Login Page ( Accepts Long Password )

Reported by: e100_speaks | Disclosed:

High

No rate limit leads to spaming post

Reported by: nshcys3c | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Several Subdomains Takeover

Reported by: 3amii | Disclosed:

High

Regular Expression Denial of Service vulnerability

Reported by: dingleberryfarts | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

CVEs: CVE-2021-32640

Blind SSRF to internal services in matrix preview_link API

Reported by: la_revoltage | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $6000.00

CSRF (protection bypassed) to force a below 18 user into viewing an nsfw subreddit !

Reported by: marvelmaniac | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

No Rate Limit on redditgifts gift when Adding Comment

Reported by: gaurav-bhatia | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Bounty: $100.00

No Rate limit on change password leads to account takeover

Reported by: dreamispossible | Disclosed:

Low

Weakness: Improper Restriction of Authentication Attempts

Content Spoofing

Reported by: abdallah1911 | Disclosed:

Low

Weakness: Phishing

[dubsmash] Username and password bruteforce

Reported by: asce21 | Disclosed:

Low

Weakness: Improper Restriction of Authentication Attempts

Misconfigurated login page able to lock login action for any account without user interaction

Reported by: ug0x01 | Disclosed:

Critical

XSS

Reported by: shylo | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Previous Page 3 of 4 Next