Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

HackerOne - HackerOne Reports

View on HackerOne

398

Total Reports

15

Critical

34

High

123

Medium

152

Low

Partial disclosure of report activity through new "Export as .zip" feature

Reported by: faisalahmed | Disclosed:

High

Weakness: Information Disclosure

Bounty: $10000.00

Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted

Reported by: haxta4ok00 | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $500.00

Information Disclosure in /skills call

Reported by: deepankerchawla | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $10000.00

Know undisclosed Bounty Amount when Bounty Statistics are enabled.

Reported by: vijay_kumar | Disclosed:

Weakness: Information Disclosure

Search query text, including from potentially undisclosed reports, sent to Google Analytics on Inbox query page

Reported by: holvonix-advay | Disclosed:

Weakness: Information Disclosure

Recently added 'Country' field doesn't send email notification when changed

Reported by: bugra | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Obtain the username & the uid of the one doing the S3 sync on Hackerone

Reported by: rbcafe | Disclosed:

Weakness: Information Disclosure

"package_name" can be set as desired when submitting a Pentest Opportunity form

Reported by: iam_srpk | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Making program preference -> program visibilty feature usless and disclosing API Identifier in the progress and data that may cause potential IDORS.

Reported by: spongebhav | Disclosed:

Low

Weakness: Information Disclosure

An attacker can submit a Pentest Opportunity and change the status of the opportunity from submitted to in_review or reviewed

Reported by: marvelmaniac | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Updating payout preference to CurrencyCloud doesn't notify user via email

Reported by: dr_dragon | Disclosed:

Weakness: Violation of Secure Design Principles

Bounty: $500.00

[IDOR] Improper Access Control on Embedded Submission Form

Reported by: japz | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $2500.00

Payload delivery via Social Media urls on H1 profile

Reported by: tedix | Disclosed:

Medium

Weakness: Remote File Inclusion

RXSS at image.hackerone.live via the `url` parameter

Reported by: todayisnew | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $500.01

Creation of bounties through Customer API leads to private email disclosure

Reported by: kimingi | Disclosed:

Critical

Weakness: Information Disclosure

Non-secure requests are not automatically upgraded to HTTPS

Reported by: koenrh | Disclosed:

Possible PII Disclosure via Advanced Vetting Process - ██████

Reported by: darkc0d3 | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $2500.00

Homograph attack in escalate report

Reported by: user_name2023 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Organization members can delete reports in teams they have no access to

Reported by: kimingi | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Improper Authentication - 2FA OTP Reusable

Reported by: xklepxn | Disclosed:

High

Weakness: Improper Authentication - Generic

Previous Page 6 of 20 Next