Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

UPchieve - HackerOne Reports

View on HackerOne

37

Total Reports

7

Critical

5

High

13

Medium

7

Low

blind sql on [ https://argocd.upchieve.org/login?return_url=id= ]

Reported by: ben_lay | Disclosed:

Critical

Weakness: SQL Injection

No Rate Limit On Reset Password

Reported by: scorpion_0a0x | Disclosed:

Low

Weakness: Violation of Secure Design Principles

No Rate Limit On Contact Us

Reported by: lu3ky-13 | Disclosed:

Weakness: Improper Restriction of Authentication Attempts

old session dose not expire after password change

Reported by: scorpion_0a0x | Disclosed:

User enumeration through forget password

Reported by: mohanad987 | Disclosed:

High

No Valid SPF Records/don't have DMARC record

Reported by: recreati | Disclosed:

Critical

Weakness: Improper Access Control - Generic

No Rate Limit on forgot password page

Reported by: pranto_0 | Disclosed:

Medium

Weakness: Improper Restriction of Authentication Attempts

Cross-origin resource sharing misconfig | steal user information

Reported by: n1had | Disclosed:

High

Weakness: Information Disclosure

No character limit in password field

Reported by: tomyway | Disclosed:

Medium

Weakness: Use of Hard-coded Password

i can join without user and pass in this website https://argocd.upchieve.org/settings/accounts

Reported by: 4pag | Disclosed:

High

Weakness: Reusing a Nonce, Key Pair in Encryption

No Rate Limiting on /reset-password-request/ endpoint

Reported by: 1bdool492 | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Clickjacking login page of https://hackers.upchieve.org/login

Reported by: sara346 | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

CORS origin validation failure

Reported by: jupiter-47 | Disclosed:

Medium

No Rate Limiting for Password Reset Email Leads to Email Flooding

Reported by: bd10ceb041a5297f881137c | Disclosed:

Medium

Weakness: NULL Pointer Dereference

Failed to validate Session after Password Change

Reported by: mr_sparrow | Disclosed:

Low

Weakness: Insufficient Session Expiration

OTP reflecting in response sensitive data exposure leads to account take over

Reported by: rupachandransangothi | Disclosed:

Critical

Authentication Bypass - Email Verification code bypass in account registration process.

Reported by: anas_44 | Disclosed:

Critical

Widespread CSRF on authenticated POST endpoints

Reported by: zeyu2001 | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

hackers.upchieve.org and argocd.upchieve.org is not preloaded.

Reported by: spaced | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Vulnerability Report - sweet32 UPchieve

Reported by: spaced | Disclosed:

Weakness: Cryptographic Issues - Generic

Page 1 of 2 Next