Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Snapchat - HackerOne Reports

View on HackerOne

33

Total Reports

4

Critical

8

High

9

Medium

5

Low

Improper Authentication - any user can login as other user with otp/logout & otp/login

Reported by: korniltsev | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Access to multiple production Grafana dashboards

Reported by: damian89 | Disclosed:

High

Weakness: Information Disclosure

Bounty: $10000.00

RCE/LFI on test Jenkins instance due to improper authentication flow

Reported by: nahamsec | Disclosed:

Medium

Weakness: Improper Access Control - Generic

RTLO char allowed in chat

Reported by: kontez | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Open prod Jenkins instance

Reported by: preben | Disclosed:

High

Weakness: Information Disclosure

Bounty: $15000.00

CRLF Injection at vpn.bitstrips.com

Reported by: wplus | Disclosed:

Medium

Weakness: CRLF Injection

Subdomain takeover on http://fastly.sc-cdn.net/

Reported by: ebrietas | Disclosed:

Weakness: Violation of Secure Design Principles

Bounty: $3000.00

Publicly accessible Continuous Integration Tool

Reported by: apfeifer27 | Disclosed:

Critical

Weakness: Improper Access Control - Generic

[spectacles.com] Bypassing quantity limit in orders

Reported by: hiorws | Disclosed:

Medium

Weakness: HTTP Request Smuggling

Bounty: $250.00

Subdomain Takeover via Unclaimed WordPress site

Reported by: ysx | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Leaked JFrog Artifactory username and password exposed on GitHub - https://snapchat.jfrog.io

Reported by: kiyell | Disclosed:

High

Weakness: Information Disclosure

Bounty: $15000.00

Stealing SSO Login Tokens (snappublisher.snapchat.com)

Reported by: coolboss | Disclosed:

High

Weakness: Authentication Bypass

Bounty: $7500.00

Organization Members in Snap Kit may Deactivate Apps

Reported by: mainteemoforfun | Disclosed:

Low

Weakness: Privilege Escalation

XSS found on Snapchat website

Reported by: esnard | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

[render.bitstrips.com] Stored XSS via an incorrect avatar property value

Reported by: s_p_q_r | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $400.00

Client IP Spoofing using "X-Forwarded-For: 127.0.0.1" on "studio-app.snapchat.com" exposing bucket details

Reported by: damian89 | Disclosed:

High

Weakness: Improper Access Control - Generic

Bounty: $500.00

Intent Leads To Unauthorised Video Call Initiation Leaking Surrounding Informations Of Victim

Reported by: hulkvision_ | Disclosed:

Medium

Weakness: Privacy Violation

Bitmoji source code is accessible

Reported by: rms | Disclosed:

Medium

Weakness: Information Exposure Through Directory Listing

Bounty: $1000.00

Delete anyone's content spotlight remotely.

Reported by: prickn9 | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $15000.00

Subdomain Takeover via unclaimed UserVoice domain

Reported by: benoculars | Disclosed:

High

Weakness: Privilege Escalation

Page 1 of 2 Next