Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

X (Formerly Twitter) - HackerOne Reports

View on HackerOne

164

Total Reports

14

Critical

24

High

56

Medium

25

Low

Periscope android app deeplink leads to CSRF in follow action

Reported by: kunal94 | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $1540.00

Tracking of users on third-party websites using the Twitter cookie, due to a flaw in authenticating image requests

Reported by: cris-staicu | Disclosed:

Medium

Weakness: Privacy Violation

CORS misconfig | Account Takeover

Reported by: nahoragg | Disclosed:

High

Clickjacking Periscope.tv on Chrome

Reported by: mishre | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Bounty: $560.00

Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ]

Reported by: 0xprial | Disclosed:

Critical

Weakness: Information Disclosure

No Rate Limit in email leads to huge Mass mailings

Reported by: trabajoduro_2 | Disclosed:

Low

Weakness: Business Logic Errors

Persistent DOM-based XSS in https://help.twitter.com via localStorage

Reported by: harisec | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Opportunity to obtain private tweets through search widget preview caches

Reported by: csanuragjain | Disclosed:

Weakness: Business Logic Errors

Bounty: $1120.00

Periscope-all Firebase database takeover

Reported by: deeptiman | Disclosed:

Critical

Weakness: Improper Access Control - Generic

[Twitter Open Source] Releases were & are built/executed/tested/released in the context of insecure/untrusted code

Reported by: jlleitschuh | Disclosed:

High

Weakness: Cryptographic Issues - Generic

Bounty: $280.00

[CRITICAL] Full account takeover using CSRF

Reported by: yipman | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

[Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable

Reported by: filedescriptor | Disclosed:

Weakness: Uncontrolled Resource Consumption

CSRF on https://www.niche.co leads to "account disconnection"

Reported by: mik317 | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

protected Tweet settings overwritten by other settings

Reported by: jaka-tingkir | Disclosed:

Medium

Blind XSS on Twitter's internal Jira panel at ████ allows exfiltration of hackers reports and other sensitive data

Reported by: iambouali | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Stealing User emails by clickjacking cards.twitter.com/xxx/xxx

Reported by: akhil-reni | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Attacker can get vine repost user all informations even Ip address and location .

Reported by: 0xprial | Disclosed:

Weakness: Improper Authentication - Generic

Identify the mobile number of a twitter user

Reported by: aymen_mansour | Disclosed:

Critical

Weakness: Information Disclosure

Bounty: $560.00

Bypassing x profile verification to receive instant blue checkmark and unlimited profile changes

Reported by: itsdavid | Disclosed:

Low

Weakness: Business Logic Errors

Bounty: $250.00

cookie injection allow dos attack to periscope.tv

Reported by: protostar0 | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Bounty: $560.00

Page 1 of 9 Next