Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Slack - HackerOne Reports

View on HackerOne

80

Total Reports

8

Critical

14

High

19

Medium

13

Low

XSS in gist integration

Reported by: zemnmez | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $500.00

Access of Android protected components via embedded intent

Reported by: bagipro | Disclosed:

Critical

Weakness: Privilege Escalation

[Android] Directory traversal leading to disclosure of auth tokens

Reported by: danielllewellyn | Disclosed:

High

Weakness: Path Traversal

Bounty: $3500.00

Race Condition in account survey

Reported by: cablej | Disclosed:

Weakness: Violation of Secure Design Principles

Rate-limit bypass

Reported by: imnarendrabhati | Disclosed:

Weakness: Improper Authentication - Generic

Bounty: $500.00

TURN server allows TCP and UDP proxying to internal network, localhost and meta-data services

Reported by: sandrogauci | Disclosed:

Critical

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $3500.00

Stored XSS through PDF viewer

Reported by: hitman_47 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $4875.00

HTML Injection inside Slack promotional emails

Reported by: 0x0luke | Disclosed:

Low

Bounty: $100.00

CSRF - Add optional two factor mobile number

Reported by: nhavis | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $500.00

The Custom Emoji Page has a Reflected XSS

Reported by: co3k | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

Shared-channel BETA persists integration after unshare

Reported by: oneiroi | Disclosed:

Medium

Weakness: Business Logic Errors

Bounty: $750.00

dom xss in https://www.slackatwork.com

Reported by: ba4fe4ca95021d367f8a574 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Creating Post on a restricted channel

Reported by: thisishrsh | Disclosed:

Weakness: Privilege Escalation

Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation

Reported by: jhancock | Disclosed:

Medium

Weakness: Command Injection - Generic

Bounty: $750.00

SSRF in api.slack.com, using slash commands and bypassing the protections.

Reported by: elber | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Information leakage and default open port

Reported by: freem0 | Disclosed:

Low

Email html Injection

Reported by: smitgharat0001 | Disclosed:

Low

Weakness: Code Injection

Bounty: $250.00

Linux Desktop application slack executable does not use pie / no ASLR

Reported by: hanno | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Bounty: $100.00

Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies

Reported by: defparam | Disclosed:

Critical

Weakness: HTTP Request Smuggling

Bypass to postMessage origin validation via FTP

Reported by: a1kmm- | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Page 1 of 4 Next