Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

HackerOne - HackerOne Reports

View on HackerOne

398

Total Reports

15

Critical

34

High

123

Medium

152

Low

Team object exposes amount of participants in a private program to non-invited users

Reported by: kapytein | Disclosed:

Medium

Weakness: Information Disclosure

Bypass comment restriction

Reported by: retat4 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

HackerOne customer submitted sensitive link to VirusTotal, exposing confidential information

Reported by: user_name2023 | Disclosed:

Weakness: Information Disclosure

Ajouter le même utilisateur que celui déjà inscrit dans les équipes

Reported by: rbcafe | Disclosed:

Inline banner on Report page discloses whether organization runs a private program

Reported by: haxta4ok00 | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $500.00

Private program name disclosure in the invitation mail for another program

Reported by: byq | Disclosed:

Low

Weakness: Information Disclosure

Adding or removing a new non-preferred payout method does not trigger an e-mail or account notification

Reported by: user_name2023 | Disclosed:

Medium

Weakness: Business Logic Errors

IDOR on Program Visibilty (Revealed / Concealed) against other team members

Reported by: japz | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Password not checked when disabling 2FA on HackerOne

Reported by: tester1231233 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report

Reported by: npbhatter17 | Disclosed:

Low

Weakness: Improper Access Control - Generic

Bounty: $500.00

[Bypass #645264] Report title disclosure despite the program settings for email notification is set to "No Content"

Reported by: japz | Disclosed:

Low

Bounty: $500.00

DOM Based XSS in www.hackerone.com via PostMessage (bypass of #398054)

Reported by: honoki | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - DOM

Non Org Admin/Group Manager can create groups in an organization

Reported by: akashhamal0x01 | Disclosed:

High

Weakness: Privilege Escalation

LLM01: Invisible Prompt Injection

Reported by: hacktus | Disclosed:

Medium

Weakness: LLM01: Prompt Injection

Bounty: $2500.00

Access to limited confidential information of private program as a Ex-reporter, Report Participant(external user) & Ex-staff member

Reported by: sarthakbhingare015 | Disclosed:

Low

Weakness: Improper Access Control - Generic

Disclose any user's private email through API

Reported by: zombiehelp54 | Disclosed:

Medium

Weakness: Information Disclosure

Session hijacking attack

Reported by: haxta4ok00 | Disclosed:

View HackerOne challenge scope before challenge begins

Reported by: neema | Disclosed:

Low

Weakness: Forced Browsing

Moving a report to a different program doesn't reassign the Custom Field Values

Reported by: jobert | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

Disclosing a private program in an external link if program is paused

Reported by: haxta4ok00 | Disclosed:

Low

Bounty: $500.00

Previous Page 2 of 20 Next