Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

TikTok - HackerOne Reports

View on HackerOne

117

Total Reports

5

Critical

18

High

50

Medium

43

Low

Lack of session expiration after password reset on TikTok Careers Portal

Reported by: gnux | Disclosed:

Low

Weakness: Insufficient Session Expiration

Bounty: $50.00

Privilege Escalation on TikTok for Business

Reported by: naaash | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Authentication Bypass on TikTok Seller Signup Process Allows Account Creation Without Phone Verification

Reported by: zhyar_11011 | Disclosed:

Low

Weakness: Improper Access Control - Generic

Remotely Accessible Container Advisor exposed performance metrics and resource usage

Reported by: tw4v3sx | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $100.00

Account Takeover via Authentication Bypass in TikTok Account Recovery

Reported by: xtt0k | Disclosed:

Critical

Weakness: Authentication Bypass Using an Alternate Path or Channel

Bounty: $12000.00

IDOR delete any Tickets on ads.tiktok.com

Reported by: datph4m | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Information Disclosure of Advertiser Account on TikTok Ads Portal

Reported by: emanuelharijanto | Disclosed:

Medium

Weakness: Information Disclosure

IDOR in family pairing API

Reported by: ahmedna126 | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

Unauthorized Access to Private Video Description via Translation API for Private Accounts

Reported by: z3phyrus | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

RCE on TikTok Ads Portal

Reported by: freesec | Disclosed:

Critical

Weakness: Code Injection

Lack of rate limitation on careers site allows the attacker to brute force the verification code

Reported by: iambouali | Disclosed:

High

Weakness: Improper Restriction of Authentication Attempts

CRLF injection leads to internal XSS on PangleGlobal

Reported by: serverinspector | Disclosed:

Medium

Weakness: CRLF Injection

View thumbnail of any private video (friends or followers only) of Private/Public account

Reported by: amans | Disclosed:

Low

Weakness: Privacy Violation

Exploitable live argument in onClick Function leads to Data Leakage of Inactive/Suspended Products

Reported by: 696e746c6f6c | Disclosed:

Medium

Weakness: Business Logic Errors

Bounty: $1000.00

CSRF Account Takeover

Reported by: s3c | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

RXSS on TikTok endpoints

Reported by: ashrafabdelrazik | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Reflected XSS in TikTok endpoints

Reported by: sh1yo | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Reflected xss on ads.tiktok.com using `from` parameter.

Reported by: imran_nisar | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

Lynxview JS interfaces Takeover via deeplink traversal

Reported by: fr4via | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - DOM

Reflected XSS on TikTok Website

Reported by: homosec | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $3000.00

Previous Page 2 of 6 Next