Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Weblate - HackerOne Reports

View on HackerOne

147

Total Reports

0

Critical

3

High

20

Medium

61

Low

ClickJacking on Debug

Reported by: bf7e43565d8cf54de3bc5a7 | Disclosed:

Weakness: UI Redressing (Clickjacking)

Incorrect HTTPS Certificate

Reported by: numbshiva | Disclosed:

Weakness: Improper Certificate Validation

Tab nabbing via window.opener

Reported by: logan47 | Disclosed:

Improper validation of unicode characters

Reported by: code_monkey | Disclosed:

Open redirect while disconnecting Email

Reported by: atruba | Disclosed:

Weakness: Open Redirect

No Rate On Add Suggest

Reported by: elmahdi | Disclosed:

Low

Weakness: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

No Rate Limiting at /contact

Reported by: chols | Disclosed:

Low

Weakness: Memory Corruption - Generic

hosted.weblate.org display of unfiltered results

Reported by: joshmcman08 | Disclosed:

Captcha Bypass at Email Reset can lead to Spamming users.

Reported by: peeper35 | Disclosed:

Weakness: Violation of Secure Design Principles

Improper validation of unicode characters

Reported by: rammarj | Disclosed:

no notification send to victim if attacker hacks/accesses his victims WebLate account.

Reported by: c0narp | Disclosed:

Low

Weakness: Business Logic Errors

CSRF with logout action

Reported by: mbi3s | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Weak password policy

Reported by: platinum1933 | Disclosed:

Low

Specify maximal length in translation

Reported by: amsda | Disclosed:

Weakness: Violation of Secure Design Principles

flood of comment no rate limit on commnets >> by using different user agent

Reported by: code_monkey | Disclosed:

Low

Weakness: Violation of Secure Design Principles

DNSSEC Zone Walk using NSEC Records

Reported by: pk21 | Disclosed:

Weakness: Information Disclosure

No Rate Limitting at Change Password

Reported by: 0xspade | Disclosed:

Medium

Content Spoofing

Reported by: eveeez | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Improper Password Reset Policy on https://hosted.weblate.org/

Reported by: mrnull1337 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Already Registered Email Disclosure

Reported by: anonymans | Disclosed:

Low

Weakness: Information Disclosure

Previous Page 7 of 8 Next