Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

X (Formerly Twitter) - HackerOne Reports

View on HackerOne

164

Total Reports

14

Critical

24

High

56

Medium

25

Low

Insufficient validation on Digits bridge

Reported by: filedescriptor | Disclosed:

Weakness: Improper Authentication - Generic

Twitter iOS fails to validate server certificate and sends oauth token

Reported by: floyd | Disclosed:

High

Weakness: Cryptographic Issues - Generic

Bounty: $2100.00

Ability to add arbitrary images/descriptions/titles to ohter people's issues via IDOR on getrevue.co

Reported by: mirhat | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

[IDOR][translate.twitter.com] Opportunity to change any comment at the forum

Reported by: kedrischh | Disclosed:

Low

Weakness: Privilege Escalation

Protected Tweets setting overridden by Android app

Reported by: alexiaya | Disclosed:

Low

Bounty: $560.00

GNIP subdomain take over

Reported by: hussein98d | Disclosed:

High

Twitter for android is exposing user's location to any installed android app

Reported by: mishre | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $560.00

Blind XSS in Mobpub Marketplace Admin Production | Sentry via demand.mopub.com (User-Agent)

Reported by: harisec | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

XSS via Direct Message deeplinks

Reported by: 0xsobky | Disclosed:

Weakness: Cross-site Scripting (XSS) - DOM

Bypass Password Authentication for updating email and phone number - Security Vulnerability

Reported by: jayesh25 | Disclosed:

High

Weakness: Improper Authentication - Generic

Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App

Reported by: slickrockweb | Disclosed:

High

Weakness: UI Redressing (Clickjacking)

Bypassing Digits origin validation which leads to account takeover

Reported by: filedescriptor | Disclosed:

Weakness: Improper Authentication - Generic

niche s3 buckets are readable/writeable/deleteable by authorized AWS users

Reported by: yaworsk | Disclosed:

Weakness: Improper Authentication - Generic

Reports Modal in app.mopub.com Disclose by any user

Reported by: updatelap | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $280.00

Verify any unused email address

Reported by: seifelsallamy | Disclosed:

Weakness: Improper Access Control - Generic

Bounty: $560.00

PI leakage By Brute Forcing and Phone number deleting without using password

Reported by: a13h1 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

protected Tweet settings overwritten by other settings

Reported by: jaka-tingkir | Disclosed:

Medium

Account Takeover in Periscope TV

Reported by: ngalog | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

[dev.twitter.com] XSS and Open Redirect

Reported by: bobrov | Disclosed:

Medium

Bounty: $1120.00

Twitter Subscriptions Information Disclosure

Reported by: mirhat | Disclosed:

Medium

Weakness: Information Disclosure

Previous Page 6 of 9 Next