Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Unikrn - HackerOne Reports

View on HackerOne

28

Total Reports

0

Critical

4

High

11

Medium

7

Low

An IDOR that can lead to enumeration of a user and disclosure of email and phone number within cashier

Reported by: miquinho | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $3000.00

[crm.unikrn.com] Open Redirect

Reported by: root0x0 | Disclosed:

Medium

Weakness: Open Redirect

Staging Rabbitmq instance is exposed to the internet with default credentials

Reported by: albatraoz | Disclosed:

Low

Weakness: Improper Authentication - Generic

Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability.

Reported by: sp1d3rs | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $30.00

Escaping images directory in S3 bucket when saving new avatar, using Path Traversal in filename

Reported by: sp1d3rs | Disclosed:

Medium

Weakness: Path Traversal

Bounty: $50.00

Urgent: Server side template injection via Smarty template allows for RCE

Reported by: yaworsk | Disclosed:

Weakness: Code Injection

Rate Limit workaround in the message of the phone number verification

Reported by: dr_akm | Disclosed:

Medium

Weakness: Improper Restriction of Authentication Attempts

Bounty: $100.00

Non-Cloudflare IPs allowed to access origin servers

Reported by: moritz30 | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $50.00

Open URL Redirection

Reported by: stark303 | Disclosed:

Medium

Weakness: Open Redirect

session_id is not being validated at email invitation endpoint

Reported by: tolo7010 | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

[unikrn.com] Profile updated with error":true,"success":false"

Reported by: rbcafe | Disclosed:

Rate-limit protection get executed in the last stage of the registration process, allowing enumeration of existing account.

Reported by: tolo7010 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Path Disclosure Vulnerability http://crm.******.com

Reported by: b4a1d31dd4acbccc47b8072 | Disclosed:

Low

█████████ on CRM server without authorization

Reported by: b4a1d31dd4acbccc47b8072 | Disclosed:

Weak Session ID Implementation - No Session change on Password change

Reported by: cosmopolitan_fi | Disclosed:

Medium

Weakness: Insufficient Session Expiration

Bounty: $40.00

CSRF in Raffles Ticket Purchasing

Reported by: tolo7010 | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Lack of Input sanitization leads to database Character encoding configuration Disclosure

Reported by: l_user | Disclosed:

Low

Weakness: Information Exposure Through an Error Message

Bounty: $100.00

Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg]

Reported by: geekboy | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

ssh: unprivileged users may hijack due to backdated ssh version open port found(███.unikrn.com)

Reported by: walidhossain010 | Disclosed:

Low

Weakness: Remote File Inclusion

Bounty: $25.00

bypass Claudflare access crm.mautic.com

Reported by: b4a1d31dd4acbccc47b8072 | Disclosed:

Page 1 of 2 Next