Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Semrush - HackerOne Reports

View on HackerOne

56

Total Reports

5

Critical

12

High

17

Medium

21

Low

Following links are vulnerable to clickjacking

Reported by: karma1 | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

OAuth `redirect_uri` bypass using IDN homograph attack resulting in user's access token leakage

Reported by: yassineaboukir | Disclosed:

Medium

Weakness: Information Disclosure

Remote Code Execution on www.semrush.com/my_reports on Logo upload

Reported by: fransrosen | Disclosed:

Critical

Weakness: Command Injection - Generic

Open Redirect

Reported by: ankit_singh | Disclosed:

Low

Weakness: Open Redirect

An attacker can buy marketplace articles for lower prices as it allows for negative quantity values leading to business loss

Reported by: yashrs | Disclosed:

High

Weakness: Business Logic Errors

Ports are not shown in third-party site redirect warning page.

Reported by: b3f53dc9b2061f7df0c2ffd | Disclosed:

Low

Cross-origin resource sharing misconfig

Reported by: asad_anwar | Disclosed:

Low

Weakness: Improper Authentication - Generic

SSRF and LFI in site-audit tool

Reported by: a_d_a_m | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

CORS (Cross-Origin Resource Sharing)

Reported by: asad_anwar | Disclosed:

Low

Weakness: Improper Authentication - Generic

IDOR vulnerability reveals additional information

Reported by: a_d_a_m | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

API key (api.semrush.com) leak in JS-file

Reported by: a_d_a_m | Disclosed:

Medium

Weakness: Information Disclosure

XXE in Site Audit function exposing file and directory contents

Reported by: ajxchapman | Disclosed:

Critical

Weakness: XML External Entities (XXE)

Improper input validation in projects leads to fully deny access to project resources

Reported by: a_d_a_m | Disclosed:

Medium

Weakness: Improper Input Validation

Improper authentication on registration

Reported by: lezibintlgent | Disclosed:

Medium

Weakness: Improper Authentication - Generic

IDOR in the https://market.semrush.com/

Reported by: albatraoz | Disclosed:

Critical

Weakness: Improper Access Control - Generic

IDOR allowing to read another user's token on the Social Media Ads service

Reported by: a_d_a_m | Disclosed:

High

Weakness: Improper Access Control - Generic

Previous Page 3 of 3