Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

HackerOne - HackerOne Reports

View on HackerOne

398

Total Reports

15

Critical

34

High

123

Medium

152

Low

TeamProfile exposes partially sensitive information through GraphQL

Reported by: 0619 | Disclosed:

Low

Weakness: Information Disclosure

Private draft report exposure in a program a user is added as a viewer to

Reported by: jay | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $2500.00

Register & create a ticket as somebody else on HackerOne Support

Reported by: idl3 | Disclosed:

Weakness: Misconfiguration

Changing Victim's JIRA Integration Settings Through Multiple Bugs

Reported by: whhackersbr | Disclosed:

Medium

Weakness: Business Logic Errors

Bounty: $1000.00

HackerOne reports escalation to JIRA is CSRF vulnerable

Reported by: whhackersbr | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $500.00

Open redirect deceive in hackerone.com via another open redirect link.

Reported by: abidbaseer | Disclosed:

Low

Weakness: Open Redirect

TOTP Authenticator implementation Accepts Expired Codes

Reported by: noob_but_cut3 | Disclosed:

High

Weakness: Improper Authentication - Generic

Internal usage of AdBlockPlus may expose PoC URLs to unknown third-parties

Reported by: dudez | Disclosed:

Low

Weakness: Information Disclosure

Business Logic error leads to bypass 2FA requirement

Reported by: abdulprkr | Disclosed:

High

Weakness: Business Logic Errors

HackerOne Integrations Design Issue

Reported by: whhackersbr | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Bounty: $500.00

Disclosure of Email title report in quick award paypout email (no content mode)

Reported by: kunal94 | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $500.00

HackerOne Support System Doesn't Require Any Authentication May Lead Unauthorized Action

Reported by: rafsanzami | Disclosed:

Weakness: Misconfiguration

Dangling cloud instance at vpn.inverselink.com

Reported by: ian | Disclosed:

Low

Weakness: Business Logic Errors

Bounty: $500.00

Create miscellaneous support ticket on anyone's account through [email protected] email

Reported by: sayaanalam | Disclosed:

Weakness: Misconfiguration

Bounty: $1000.00

HackerOne making payments in USDC (Coinbase stable coin)

Reported by: arl_rose | Disclosed:

Read-only team members can read all properties of webhooks

Reported by: bencode | Disclosed:

Low

Weakness: Improper Access Control - Generic

Blind XSS in app.pullrequest.com/████████ via /reviews/ratings/{uuid}

Reported by: bugra | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

HackerOne Pentesters can access any structured scope object through GraphQL node interface

Reported by: jobert | Disclosed:

High

Weakness: Improper Access Control - Generic

Unauthenticated users can obtain information about Checklist objects with unclaimed ChecklistCheck objects

Reported by: jobert | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Improper Authentication - 2FA OTP Reusable

Reported by: xklepxn | Disclosed:

High

Weakness: Improper Authentication - Generic

Previous Page 5 of 20 Next