Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

X (Formerly Twitter) - HackerOne Reports

View on HackerOne

164

Total Reports

14

Critical

24

High

56

Medium

25

Low

Unauthorized Access to Protected Tweets via niche.co API

Reported by: eidelweiss | Disclosed:

High

Weakness: Privacy Violation

XSS in the "Poll" Feature on Twitter.com

Reported by: mazen160 | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

CSRF on cards API

Reported by: filedescriptor | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Blind XSS on Twitter's internal Jira panel at ████ allows exfiltration of hackers reports and other sensitive data

Reported by: iambouali | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

leaking Digits OAuth authorization to third party websites

Reported by: akhil-reni | Disclosed:

Weakness: Information Disclosure

csp bypass + xss

Reported by: b6117130df17feef13481e3 | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Html Injection and Possible XSS in sms-be-vip.twitter.com

Reported by: secgeek | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Stealing User emails by clickjacking cards.twitter.com/xxx/xxx

Reported by: akhil-reni | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Opportunity to post hidden comments

Reported by: csanuragjain | Disclosed:

Critical

Weakness: Business Logic Errors

Incorrect details on OAuth permissions screen allows DMs to be read without permission

Reported by: edent | Disclosed:

Medium

Weakness: Privacy Violation

Bounty: $2940.00

Global defaming of any twitter user

Reported by: csanuragjain | Disclosed:

Critical

Weakness: Business Logic Errors

XSS and cache poisoning via upload.twitter.com on ton.twitter.com

Reported by: filedescriptor | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

List of a ton of internal twitter servers available on GitHub

Reported by: a0005 | Disclosed:

Weakness: Information Disclosure

Wrong Interpretation of URL encoded characters, showing different punny code leads to redirection on different domain

Reported by: mr_edwards | Disclosed:

Low

Weakness: Open Redirect

Bounty: $560.00

Vine - overwrite account associated with email via android application

Reported by: mishre | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Bounty: $280.00

Protected tweets exposure through the URL

Reported by: terjanq | Disclosed:

High

Weakness: Information Disclosure

Bounty: $560.00

[Studio.twitter.com] See someone else pics

Reported by: anandpingsafe | Disclosed:

Weakness: Improper Authentication - Generic

Improper session handling on web browsers

Reported by: arjuniet | Disclosed:

Medium

Weakness: Insufficient Session Expiration

Bounty: $560.00

DOM based cookie bomb

Reported by: filedescriptor | Disclosed:

Weakness: Uncontrolled Resource Consumption

Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ]

Reported by: 0xprial | Disclosed:

Critical

Weakness: Information Disclosure

Previous Page 2 of 9 Next