Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

UPchieve - HackerOne Reports

View on HackerOne

37

Total Reports

7

Critical

5

High

13

Medium

7

Low

No rate Limit on Password Reset page on upchieve

Reported by: rupachandransangothi | Disclosed:

Medium

Clickjacking ar https://hackers.upchieve.org/login

Reported by: maisanisnotyours | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

Password reset token leak on third party website via Referer header

Reported by: n1had | Disclosed:

Medium

Weakness: Storing Passwords in a Recoverable Format

All user password hash can be seen from admin panel

Reported by: dark_haxor | Disclosed:

Medium

Weakness: Insecure Storage of Sensitive Information

url redirection

Reported by: ben_lay | Disclosed:

Critical

Weakness: Open Redirect

Outdated Copyright Message @ Welcome email

Reported by: spaced | Disclosed:

Weakness: Misconfiguration

Password reset token leakage

Reported by: spaced | Disclosed:

High

Weakness: Misconfiguration

Password Reuse

Reported by: spaced | Disclosed:

Medium

Weakness: Misconfiguration

Hyper Link Injection while signup

Reported by: 011alsanosi | Disclosed:

Low

Weakness: Improper Input Validation

Zero click account Takeover due to Api misconfiguration 🏂🎩

Reported by: zero_or_1 | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Business logic error

Reported by: scianto05 | Disclosed:

Low

Weakness: Business Logic Errors

Session Hijacking leads to full control of account by attacker

Reported by: sampritdas | Disclosed:

Clickjacking on profile page leading to unauthorized changes

Reported by: shivanshmalik2 | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

CLICKJACKING LEADS TO DEACTIVATE ACCOUNT

Reported by: scianto05 | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

Full account takeover of any user through reset password

Reported by: saajanbhujel | Disclosed:

Critical

Weakness: Improper Access Control - Generic

CORS Misconfiguration, could lead to disclosure of sensitive information

Reported by: riski0912 | Disclosed:

Medium

Weakness: Wrap-around Error

Missing Validation in editing "Your Phone Number"

Reported by: spaced | Disclosed:

Medium

Weakness: Misconfiguration

Previous Page 2 of 2