Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

HackerOne - HackerOne Reports

View on HackerOne

398

Total Reports

15

Critical

34

High

123

Medium

152

Low

Improper Authentication - 2FA OTP Reusable

Reported by: xklepxn | Disclosed:

High

Weakness: Improper Authentication - Generic

Bypass rate limiting on /users/password (possibly site-wide rate limit bypass?)

Reported by: zseano | Disclosed:

Weakness: Violation of Secure Design Principles

Attachment disclosure via summary report

Reported by: xklepxn | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session

Reported by: japz | Disclosed:

Low

Weakness: Insufficient Session Expiration

Bounty: $500.00

Open Redirect on http://events.hackerone.com/redirect?url=https://naglinagli.github.io

Reported by: nagli | Disclosed:

Weakness: Open Redirect

IDOR vulnerability in unreleased HackerOne Copilot feature

Reported by: bebiks | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

h1-202 leaderboard photo discloses local wifi password

Reported by: 0x0g | Disclosed:

Medium

Weakness: Insufficiently Protected Credentials

Bounty: $500.00

Content spoofing and potential Cross-Site Scripting vulnerability on www.hackerone.com

Reported by: suresh1c | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

PII data Leakage through hackerone reports

Reported by: iamr0000t | Disclosed:

Low

Weakness: Information Disclosure

Blind SSRF on errors.hackerone.net due to Sentry misconfiguration

Reported by: chaosbolt | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $3500.00

Ability to bulk submit reports via query named based batching

Reported by: 0x999 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Bounty: $500.00

Session Not Expire / 2FA Bypass

Reported by: blackflyhunter | Disclosed:

Medium

Weakness: Insufficient Session Expiration

Disabled account can still use GraphQL endpoint

Reported by: tolo7010 | Disclosed:

Low

Weakness: Improper Access Control - Generic

Subdomain takeover at info.hacker.one

Reported by: ak1t4 | Disclosed:

Low

Weakness: Privilege Escalation

Common response suggestion is sent to Google Analytics when user accepts duplicate comment Genius suggestion

Reported by: bigbug | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Bounty: $500.00

The /reports/:id.json endpoint discloses potentially sensitive user attributes when reporter summary is present

Reported by: avinash_ | Disclosed:

Critical

Weakness: Information Disclosure

Bounty: $25000.00

Slack integration setup lacks CSRF protection

Reported by: whhackersbr | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $2500.00

Two-factor authentication bypass lead to information disclosure about the program and all hackers participate

Reported by: bob004x | Disclosed:

High

Weakness: Information Disclosure

javascript: and mailto: links are allowed in JIRA integration settings

Reported by: jamesclyde | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Private program email forwarding response invitation not expire after first use.

Reported by: japz | Disclosed:

High

Weakness: Violation of Secure Design Principles

Page 1 of 20 Next