Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Semrush - HackerOne Reports

View on HackerOne

56

Total Reports

5

Critical

12

High

17

Medium

21

Low

Web cache deception attack - expose earning state information

Reported by: memon | Disclosed:

Low

Weakness: Improper Access Control - Generic

IDOR in marketing calendar tool

Reported by: a_d_a_m | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Persistent CSV injection

Reported by: 8r33 | Disclosed:

Medium

User Controllable Cookie

Reported by: 8r33 | Disclosed:

Low

protocol & Ports are not shown in third-party site redirect warning page

Reported by: 0xprial | Disclosed:

Low

Weakness: Open Redirect

Error Page Content Spoofing or Text Injection

Reported by: asad_anwar | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Lack of sanitization of the billing address in pdf invoice

Reported by: a_d_a_m | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Code injection in https://www.semrush.com

Reported by: dangkhai0x21 | Disclosed:

Medium

Weakness: Code Injection

SSLv3 Poodle Attack on Ip Of semrush

Reported by: apapedulimu- | Disclosed:

Low

Weakness: Violation of Secure Design Principles

CVEs: CVE-2014-3566

clickjacking to Semrush auth login

Reported by: karrrtik | Disclosed:

Weakness: UI Redressing (Clickjacking)

Exposure of service tokens to webpack bundle

Reported by: a_d_a_m | Disclosed:

High

Weakness: Information Disclosure

Open redirect in semrush.com

Reported by: batuhanu | Disclosed:

Low

Weakness: Open Redirect

Github information leaked

Reported by: a_l_i_c_e | Disclosed:

High

Weakness: Information Disclosure

Insecure Direct Object Reference on API without API key

Reported by: scraps | Disclosed:

High

Single Sing On - Clickjacking

Reported by: r0p3 | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

Post Based XSS On Upload Via CK Editor [semrush.com]

Reported by: apapedulimu | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Password reset token leakage via referer

Reported by: mansishah | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Broken validation of user Id for JWT Token

Reported by: a_d_a_m | Disclosed:

Medium

Weakness: Business Logic Errors

Email Spoofing

Reported by: protector47 | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

SSRF In Get Video Contents

Reported by: egoist233 | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Previous Page 2 of 3 Next