Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

HackerOne - HackerOne Reports

View on HackerOne

398

Total Reports

15

Critical

34

High

123

Medium

152

Low

Hacker can bypass 2FA requirement and reporter blacklist through embedded submission form

Reported by: japz | Disclosed:

Medium

Weakness: Improper Authorization

Bounty: $10000.00

Banned user still able to invited to reports as a collabrator and reset the password

Reported by: light3r | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Partial report contents leakage - via HTTP/2 concurrent stream handling

Reported by: tomvg | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $2500.00

report id is exposed for undisclosed reports in Hacktivity

Reported by: 0619 | Disclosed:

Low

Weakness: Information Disclosure

Any user could upload attachments to pentest scoping form they don't have access to

Reported by: hillybot_ | Disclosed:

High

Weakness: Business Logic Errors

Reading redacted data via hackbot's answers

Reported by: inhibitor181 | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $1500.00

Client-Side Race Condition using Marketo, allows sending user to data-protocol in Safari when form without onSuccess is submitted on www.hackerone.com

Reported by: fransrosen | Disclosed:

Low

Weakness: Business Logic Errors

Invitation tokens leak to Google Analytics

Reported by: h33tjev | Disclosed:

Low

Weakness: Information Disclosure

Blind Stored XSS in HackerOne's Sal 4.1.4.2149 (sal.████.com)

Reported by: nahamsec | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

A user can request a report to be retested even though the program has not been verified by HackerOne

Reported by: 0xelement | Disclosed:

Low

Weakness: Incorrect Authorization

The request tells the number of private programs, the new system of authorization /invite/token

Reported by: haxta4ok00 | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $2000.00

Improper data update process on UpdatePhabricatorIntegration mutation leads to leak of Phabricator Conduit API token.

Reported by: nukedx | Disclosed:

Critical

Weakness: Information Disclosure

Can read features from any user

Reported by: firs0v | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $250.00

Deprecated Hacker101 coursework repository mentions Heroku App that is susceptible to takeover

Reported by: m7mdharoun | Disclosed:

Weakness: Externally Controlled Reference to a Resource in Another Sphere

Bounty: $500.00

Race condition in performing retest allows duplicated payments

Reported by: cablej | Disclosed:

Medium

Weakness: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Bypass of #2035332 RXSS at image.hackerone.live via the `url` parameter

Reported by: sudi | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

LLM03: Training Data Poisoning via ASCII decoding

Reported by: hacktus | Disclosed:

Weakness: LLM01: Prompt Injection

Bounty: $200.00

Staff and Triage can modify the initial post of a report, including of already disclosed reports

Reported by: zerotea | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Hackerone is not properly deleting user id

Reported by: bc61a6bcad5cbde580710c4 | Disclosed:

Medium

Weakness: Business Logic Errors

Improper Authentication - 2FA OTP Reusable

Reported by: xklepxn | Disclosed:

High

Weakness: Improper Authentication - Generic

Previous Page 3 of 20 Next