Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

WakaTime - HackerOne Reports

View on HackerOne

64

Total Reports

0

Critical

3

High

9

Medium

24

Low

Leaking password reset token via referrer from external Twitter share button

Reported by: prateek_0490 | Disclosed:

Weakness: Information Disclosure

Mailgun misconfiguration

Reported by: hax0rgb | Disclosed:

Weakness: Privilege Escalation

No notificatoin sent on email after account deletion.

Reported by: silv3rpoision | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Users with member privilege are able to see emails and membership information of other users

Reported by: hackedbrain | Disclosed:

Medium

Weakness: Information Disclosure

Password token validation in https://wakatime.com/

Reported by: silv3rpoision | Disclosed:

Low

Weakness: Improper Authentication - Generic

Invalid

Reported by: pashaaaaaaaa | Disclosed:

Low

Weakness: Improper Access Control - Generic

Rate Limit too lenient for endpoint sending emails

Reported by: harshita174 | Disclosed:

Weakness: Weak Password Recovery Mechanism for Forgotten Password

password token validation

Reported by: flex0geek | Disclosed:

Low

Weakness: Improper Authentication - Generic

Can link to websites from profile

Reported by: flex0geek | Disclosed:

Low

Weakness: Improper Authentication - Generic

Broken Authentication and session management OWASP A2

Reported by: phhitachi | Disclosed:

Weakness: Improper Authentication - Generic

Impersonation of Wakatime user using Invitation functionality.

Reported by: asaxena2190 | Disclosed:

Weakness: Violation of Secure Design Principles

Unauthorized Disclosure of Private Emails via WakaTime Private Leaderboards

Reported by: ctrl_cipher | Disclosed:

Medium

Weakness: Information Disclosure

Session Replay Attack Allows Authentication Bypass via Captured Login Responses Allowing Bypass of 429 Too many attempts for Multiple Failed Logins

Reported by: ctrl_cipher | Disclosed:

High

Weakness: Improper Authentication - Generic

[wakatime.com] HTML Injection github-btn.html

Reported by: bobrov | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - DOM

Vulnerability Name: Host Header Injection Redirect

Reported by: jatingupta | Disclosed:

Low

Weakness: Open Redirect

Using an outdated version of OpenSSH on db01.wakatime.com

Reported by: silv3rpoision | Disclosed:

Low

Weakness: Information Disclosure

Running 2 accounts with a single email

Reported by: atruba | Disclosed:

Weakness: Business Logic Errors

Email Spoofing Via /api/v1/users/reset_password

Reported by: leet-boy | Disclosed:

user api key leaked

Reported by: atasec | Disclosed:

Weakness: Information Disclosure

Waketime Payment Gateway Vulnerability

Reported by: normalguy46 | Disclosed:

High

Weakness: Missing Encryption of Sensitive Data

Previous Page 3 of 4 Next