Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

HackerOne - HackerOne Reports

View on HackerOne

398

Total Reports

15

Critical

34

High

123

Medium

152

Low

IDOR - Delete all Licenses and certifications from users account using CreateOrUpdateHackerCertification GraphQL query

Reported by: harshdranjan | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $12500.00

DOM Based XSS in www.hackerone.com via PostMessage

Reported by: adac95 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - DOM

Bounty: $500.00

Able to Create Testimonials for myself using Sandbox

Reported by: harshdranjan | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $2500.00

HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms

Reported by: kapytein | Disclosed:

[Spot Check] - Ability to disclose metadata about Spot Checks (Number of Hackers + Hackers Criteria) via "SpotCheckSingleQuery"

Reported by: nagli | Disclosed:

Medium

Weakness: Information Disclosure

Getting New Invitations without Leaving Programs

Reported by: ali | Disclosed:

Low

Weakness: Business Logic Errors

Stored XSS on www.hackerone.com due to deleted S3-bucket from old page_widget

Reported by: fransrosen | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

adding h1_analyst_* to username for normal users

Reported by: refaat01 | Disclosed:

Low

Weakness: Business Logic Errors

Bounty: $500.00

latest_activity_id and latest_activity_at may disclose information about internal activities to unauthorized users

Reported by: egrep | Disclosed:

Low

Weakness: Information Disclosure

Asset Inventory Internal Descriptions are leaked in CSV export

Reported by: archangel | Disclosed:

Medium

Weakness: Business Logic Errors

HackerOne Undisclosed Report Leak via PoC of Full Disclosure on Hacktivity

Reported by: syjane | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $500.00

Internal Gitlab Ticket Disclosure via External Slack Channels

Reported by: none_of_the_above | Disclosed:

High

Weakness: Information Disclosure

Information Disclosure which violate program privacy

Reported by: eqbang | Disclosed:

Low

Weakness: Privacy Violation

Some limited confidential information can still be accessed after a user exits a private program

Reported by: ahacker1- | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $50.00

Denial Of Service (Out Of Memory) on Updating Bounty Table [Urgent]

Reported by: ahmd_halabi | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Improper UUID validation results in bypass of #419896

Reported by: popeax | Disclosed:

High

Weakness: Improper Input Validation

Information Disclosure when /invitations/<token>.json is not yet accepted

Reported by: japz | Disclosed:

Medium

Weakness: Information Disclosure

Team object in GraphQL that have a published external program may expose existence of a private program

Reported by: nismo | Disclosed:

Weakness: Information Disclosure

Program metrics disclosed response_efficiency_percentage via /program_name json response despite the team decided not to show on their profile

Reported by: japz | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $2500.00

Improper Authentication - 2FA OTP Reusable

Reported by: xklepxn | Disclosed:

High

Weakness: Improper Authentication - Generic

Previous Page 4 of 20 Next