Staff without Manage Themes permissions can update themes 2024-1-24 02:10:59 | 阅读: 2 | 收藏 | HackerOne Hacker Activity - hackerone.com

PII Disclosure At `theperfumeshop.com/register/forOrder` 2024-1-23 16:54:50 | 阅读: 2 | 收藏 | HackerOne Hacker Activity - hackerone.com

curl HSTS long file name clears contents 2024-1-21 01:17:40 | 阅读: 8 | 收藏 | HackerOne Hacker Activity - hackerone.com

ASAR Integrity bypass via filetype confusion 2024-1-21 00:43:37 | 阅读: 11 | 收藏 | HackerOne Hacker Activity - hackerone.com

Cookie headers are not cleared in cross-domain redirect in undici-fetch 2024-1-21 00:37:10 | 阅读: 5 | 收藏 | HackerOne Hacker Activity - hackerone.com

Path traversal through path stored in Uint8Array in Node.js 20 Request throttled. Try again in 1 seconds. ... 2024-1-21 00:26:31 | 阅读: 11 | 收藏 | HackerOne Hacker Activity - hackerone.com throttled

Remote code execution and exfiltration of secret tokens by poisoning the mozilla/fxa CI build cache 2024-1-20 10:43:11 | 阅读: 4 | 收藏 | HackerOne Hacker Activity - hackerone.com

Some limited confidential information can still be accessed after a user exits a private program 2024-1-19 21:11:44 | 阅读: 3 | 收藏 | HackerOne Hacker Activity - hackerone.com

Weak Email Verification: Newly Registered Users Can Bypass Email Verification Step and Log In 2024-1-19 20:1:3 | 阅读: 3 | 收藏 | HackerOne Hacker Activity - hackerone.com

Revocation API Token by Bypassing The XSRF Token 2024-1-19 19:58:20 | 阅读: 2 | 收藏 | HackerOne Hacker Activity - hackerone.com

Authentication bypass in Global Site Selector allows an attacker to log in as any user 2024-1-18 21:20:3 | 阅读: 5 | 收藏 | HackerOne Hacker Activity - hackerone.com

Improper handling of request URLs in nextcloud/guests allows guest users to bypass app allowlist 2024-1-18 21:18:47 | 阅读: 8 | 收藏 | HackerOne Hacker Activity - hackerone.com

Non-admin users can reset app allowlist to the default 2024-1-18 21:18:24 | 阅读: 6 | 收藏 | HackerOne Hacker Activity - hackerone.com

Open redirect in user_saml via RelayState parameter Request throttled. Try again in 1 seconds. ... 2024-1-18 21:18:1 | 阅读: 13 | 收藏 | HackerOne Hacker Activity - hackerone.com throttled

Self XSS when sending HTML as a comment in the Deck app 2024-1-18 18:33:42 | 阅读: 7 | 收藏 | HackerOne Hacker Activity - hackerone.com

Reflected XSS on https://travel.line.me 2024-1-18 11:21:21 | 阅读: 13 | 收藏 | HackerOne Hacker Activity - hackerone.com

Non-store owners can transfer Shopify-managed domain to another domain provider 2024-1-18 06:23:43 | 阅读: 4 | 收藏 | HackerOne Hacker Activity - hackerone.com

[h1-2102] [Oberlo] Least privileged user can cancel account owner's subscription via POST on /payments/subscribe 2024-1-18 02:26:30 | 阅读: 4 | 收藏 | HackerOne Hacker Activity - hackerone.com

Bruteforce protection in password verification can be bypassed 2024-1-17 16:27:33 | 阅读: 4 | 收藏 | HackerOne Hacker Activity - hackerone.com

Bypass password confirmation via Context-dependent access control (CDCA) 2024-1-17 16:26:39 | 阅读: 6 | 收藏 | HackerOne Hacker Activity - hackerone.com