Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

X (Formerly Twitter) - HackerOne Reports

View on HackerOne

164

Total Reports

14

Critical

24

High

56

Medium

25

Low

HTTP 401 response injection on "amp.twimg.com/amplify-web-player/prod/source.html" through "image_src" parameter

Reported by: zlz | Disclosed:

Low

Weakness: Information Disclosure

Full Path Disclosure at 27.prd.vine.co

Reported by: punkrock | Disclosed:

Low

Bounty: $140.00

Stored XSS on reports.

Reported by: giddsec | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $700.00

Ability to see hidden likes

Reported by: mirhat | Disclosed:

Medium

Weakness: Improper Access Control - Generic

http request smuggling in twitter.com

Reported by: protostar0 | Disclosed:

High

Weakness: HTTP Request Smuggling

Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506

Reported by: alesandroortiz | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $560.00

CVEs: CVE-2020-6506

AppLovin API Key hardcoded in a Github repo

Reported by: hackbotone_ | Disclosed:

High

Weakness: Cleartext Storage of Sensitive Information

Bounty: $280.00

character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error

Reported by: exit_n0de | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Stored XSS in https://app.mopub.com

Reported by: august1808 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Highly wormable clickjacking in player card

Reported by: filedescriptor | Disclosed:

Weakness: UI Redressing (Clickjacking)

Information Disclosure through .DS_Store in ██████████

Reported by: lewerkun | Disclosed:

Weakness: Information Disclosure

Bounty: $560.00

POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)

Reported by: omespino | Disclosed:

Weakness: Cryptographic Issues - Generic

CVEs: CVE-2014-3566

Ability to bruteforce mopub account’s password due to lack of rate limitation protection using {ip rotation techniques}

Reported by: updatelap | Disclosed:

Low

Weakness: Improper Restriction of Authentication Attempts

Bounty: $420.00

Blind XSS on Twitter's internal Big Data panel at █████████████

Reported by: iambouali | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

CRLF injection

Reported by: s3c | Disclosed:

Medium

Sensitive Information Disclosure https://cards-dev.twitter.com

Reported by: hassham | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $280.00

[Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME

Reported by: ysx | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Subdomain takeover on dev-admin.periscope.tv

Reported by: h1ch3ro | Disclosed:

Medium

Weakness: Privilege Escalation

lack of input validation that can lead Denial of Service (DOS)

Reported by: meepmerp | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Bounty: $560.00

Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ]

Reported by: 0xprial | Disclosed:

Critical

Weakness: Information Disclosure

Previous Page 4 of 9 Next