Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

WakaTime - HackerOne Reports

View on HackerOne

64

Total Reports

0

Critical

3

High

9

Medium

24

Low

[Privilege Escalation] Authenticated users can manipulate others fullname without their knowledge [Team Vector]

Reported by: r3y | Disclosed:

Medium

Weakness: Privilege Escalation

Password Policy Issue

Reported by: chuu | Disclosed:

Low

Weakness: Improper Authentication - Generic

Not a Vuln: Race Condition Allows Creation of Multiple Organizations with the Same Name

Reported by: ctrl_cipher | Disclosed:

Weakness: Business Logic Errors

[invalid][false-positive] csrftoken on profile page

Reported by: tkd8 | Disclosed:

Weakness: Violation of Secure Design Principles

SSH backdated version open port

Reported by: walidhossain010 | Disclosed:

Weakness: Improper Restriction of Authentication Attempts

Failure to check password history

Reported by: c0d3fire | Disclosed:

Low

Weakness: Weak Password Recovery Mechanism for Forgotten Password

Leaked credentials ( emails and passwords , etc...)

Reported by: 0x_matrix | Disclosed:

Weakness: Information Disclosure

Private leaderboard owner email disclosure when sending invites

Reported by: nrekany | Disclosed:

Weakness: Information Disclosure

IDOR create accounts and verify them with original account email

Reported by: b3nac | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

Unsafe Inline and Eval CSP Usage

Reported by: mr_r3boot | Disclosed:

Low

Weakness: Violation of Secure Design Principles

No rate limit when creating new goals [https://wakatime.com/goals]

Reported by: d1710x | Disclosed:

Weakness: Violation of Secure Design Principles

Clickjacking on authorized page https://wakatime.com/share/embed

Reported by: silv3rpoision | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

Missing SPF Flags

Reported by: mr_r3boot | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Session Not Expired On Logout

Reported by: pratyushjanghel | Disclosed:

Weakness: Improper Authentication - Generic

Add arbitrary content to Password Reset Email

Reported by: footstep | Disclosed:

Weakness: Code Injection

https://wakatime.com/ website CSP "script-src" includes "unsafe-inline"

Reported by: silv3rpoision | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Password reset links should expire after being used, instead of at specific time

Reported by: silv3rpoision | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Logout CSRF

Reported by: caesar302 | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

No redirect uri for Twitter Oath resulting in token leak

Reported by: b3nac | Disclosed:

Low

Weakness: Improper Authentication - Generic

UI Redressing on Embedded Charts

Reported by: mr_r3boot | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

Previous Page 2 of 4 Next