Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Weblate - HackerOne Reports

View on HackerOne

147

Total Reports

0

Critical

3

High

20

Medium

61

Low

Rate Limit Bypass on login Page

Reported by: atruba | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Running 2 accounts with a single email

Reported by: footstep | Disclosed:

Weakness: Business Logic Errors

Email verification over an unencrypted channel

Reported by: pavanw3b | Disclosed:

Low

Weakness: Man-in-the-Middle

session id missing secure flag - Hosted Website

Reported by: pavanw3b | Disclosed:

Low

Open redirect while disconnecting authenticated account

Reported by: gsecure | Disclosed:

Medium

Weakness: Open Redirect

Invalidate session after password reset - hosted website

Reported by: pavanw3b | Disclosed:

Low

Bypassing captcha in registration on Hosted site

Reported by: pavanw3b | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

HttpOnly Flag not set

Reported by: secachhunew | Disclosed:

Weakness: Violation of Secure Design Principles

Logging in without knowing credentials after logged out action

Reported by: mbi3s | Disclosed:

2nd issue>>> flood of email no rate limit on delete account confirmation email >>

Reported by: code_monkey | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Improper validation of unicode characters#2

Reported by: code_monkey | Disclosed:

No rate Limit on Add new Translation Project

Reported by: deathpoolxrs | Disclosed:

Weakness: Improper Restriction of Authentication Attempts

Add another email address without verification

Reported by: tungpun | Disclosed:

Weakness: Improper Access Control - Generic

Stored XSS via Create Project (Add new translation project)

Reported by: th3_alchem1st | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

You can simply just use passwords that simply are as 123456

Reported by: sarlis | Disclosed:

Low

weblate.org: X-XSS-Protection not enabled

Reported by: amsda | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

No Rate Limit On Add new word

Reported by: elmahdi | Disclosed:

Low

Weakness: Business Logic Errors

Activation tokens are not expiring

Reported by: japz | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Missing DMARC on weblate.org

Reported by: khalidamin | Disclosed:

Low

Reset password more than once with a reset link

Reported by: footstep | Disclosed:

Weakness: Business Logic Errors

Previous Page 3 of 8 Next