Subdomain takeover on one of the subdomain under mozaws.net 2024-1-4 22:8:54 | 阅读: 1 | 收藏 | HackerOne Hacker Activity - hackerone.com

Subdomain takeover on one of the subdomain under mozaws.net 2024-1-4 22:8:12 | 阅读: 2 | 收藏 | HackerOne Hacker Activity - hackerone.com

An attacker can submit a Pentest Opportunity and change the status of the opportunity from submitted to in_review or reviewed 2024-1-4 19:6:17 | 阅读: 3 | 收藏 | HackerOne Hacker Activity - hackerone.com

[PATs] Ability to leak comments from issues without ANY "Issues" repo permissions by utilizing "Pull Request" permissions 2024-1-4 06:52:51 | 阅读: 1 | 收藏 | HackerOne Hacker Activity - hackerone.com

[PATs] Token with Read-Only permissions on Issues able to modify issue comments using content write permission 2024-1-4 06:49:59 | 阅读: 1 | 收藏 | HackerOne Hacker Activity - hackerone.com

1 Click to 'Close Account and Refund' via POSTMESSAGE 2024-1-4 04:35:57 | 阅读: 6 | 收藏 | HackerOne Hacker Activity - hackerone.com

Improper session management - Failure to invalidate old session after password change 2024-1-3 00:4:8 | 阅读: 3 | 收藏 | HackerOne Hacker Activity - hackerone.com

Buffer Overflow Vulnerability in WebSocket Handling 2024-1-2 16:15:26 | 阅读: 2 | 收藏 | HackerOne Hacker Activity - hackerone.com

DNS pin middleware can be tricked into DNS rebinding allowing SSRF 2024-1-1 13:9:12 | 阅读: 0 | 收藏 | HackerOne Hacker Activity - hackerone.com

Remote code execution via crafted pentaho report uploaded using default credentials for pentaho business server 2024-1-1 05:8:44 | 阅读: 3 | 收藏 | HackerOne Hacker Activity - hackerone.com

access list owner can escalate his role to the highest roles 2023-12-30 05:8:31 | 阅读: 4 | 收藏 | HackerOne Hacker Activity - hackerone.com

RCE on Wordpress website 2023-12-28 19:11:0 | 阅读: 7 | 收藏 | HackerOne Hacker Activity - hackerone.com

Authentication bypass on JetPack SSO manager - Allows to access the administration panel of wordpress without user interaction 2023-12-28 15:44:4 | 阅读: 2 | 收藏 | HackerOne Hacker Activity - hackerone.com

Text Injection/ Content Spoofing on https://cloud.e.khanacademy.org by breaking out of input tag. 2023-12-23 07:41:40 | 阅读: 1 | 收藏 | HackerOne Hacker Activity - hackerone.com

Possibility of Request smuggling attack 2023-12-22 14:22:36 | 阅读: 3 | 收藏 | HackerOne Hacker Activity - hackerone.com

curl cookie mixed case PSL bypass 2023-12-22 12:11:1 | 阅读: 1 | 收藏 | HackerOne Hacker Activity - hackerone.com

OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304) 2023-12-22 07:18:22 | 阅读: 2 | 收藏 | HackerOne Hacker Activity - hackerone.com

CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes 2023-12-22 03:21:28 | 阅读: 4 | 收藏 | HackerOne Hacker Activity - hackerone.com

RCE in ███ [CVE-2021-26084] 2023-12-22 01:47:17 | 阅读: 6 | 收藏 | HackerOne Hacker Activity - hackerone.com

Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) 2023-12-22 01:45:26 | 阅读: 9 | 收藏 | HackerOne Hacker Activity - hackerone.com