Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

X (Formerly Twitter) - HackerOne Reports

View on HackerOne

164

Total Reports

14

Critical

24

High

56

Medium

25

Low

Html Injection and Possible XSS via MathML

Reported by: z41b1337_ | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Generic

The Deleted Polls is Still Accessable after 30 Days

Reported by: eissen5c | Disclosed:

High

Weakness: Privacy Violation

Bounty: $560.00

Bypassing Digits bridge origin validation

Reported by: filedescriptor | Disclosed:

Weakness: Improper Authentication - Generic

Insufficient OAuth callback validation which leads to Periscope account takeover

Reported by: filedescriptor | Disclosed:

Weakness: Improper Authentication - Generic

IDOR and statistics leakage in Orders

Reported by: updatelap | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $289.00

Delete direct message history without access the proper conversation_id

Reported by: soareswallace | Disclosed:

Low

Weakness: Business Logic Errors

Bounty: $560.00

DOMXSS in Tweetdeck

Reported by: filedescriptor | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Bypassing callback_url validation on Digits

Reported by: filedescriptor | Disclosed:

Weakness: Open Redirect

Multiple XSS on account settings that can hijack any users in the company.

Reported by: giddsec | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $700.00

Multiple DOMXSS on Amplify Web Player

Reported by: filedescriptor | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Potential pre-auth RCE on Twitter VPN

Reported by: orange | Disclosed:

Critical

Weakness: OS Command Injection

Bounty: $20160.00

CVEs: CVE-2019-11539 CVE-2019-11510 CVE-2019-11540 CVE-2019-11542 CVE-2019-11538 CVE-2019-11508

Private list members disclosure via GraphQL

Reported by: ryotak | Disclosed:

Low

Weakness: Improper Access Control - Generic

login csrf in analytics.mopub.com

Reported by: protostar0 | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $280.00

User input validation can lead to DOS

Reported by: meepmerp | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Bounty: $560.00

Bypass Password Authentication to Update the Password

Reported by: a13h1 | Disclosed:

High

Weakness: Improper Authentication - Generic

Add tweet to collection CSRF

Reported by: indoappsec | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Bypass Password Authentication to Update the Password

Reported by: a13h1 | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Subdomain takeover of images.crossinstall.com

Reported by: ian | Disclosed:

High

Weakness: Business Logic Errors

Twitter Periscope Clickjacking Vulnerability

Reported by: eo420 | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Bounty: $1120.00

Safe Redirect Bypass

Reported by: asdasdasdasdasda | Disclosed:

Low

Weakness: Security Through Obscurity

Bounty: $560.00

Previous Page 5 of 9 Next