How to build custom scanners for web security research automationJames Kettle (@albinowax)Race condition03-10-202303-10-2023
The Path to the Cloud is Filled with Holes: Exploiting 4G Edge RoutersNoam MosheConnected IOIoT03-10-202303-10-2023
nOAuth: Account Takeover via Microsoft OauthBibek ShahOAuth02-10-202303-10-2023
You can add extra zeroes. XSS bypass on a private bug bounty programsnoopy (@snoopy101101)Reflected XSS50001-10-202303-10-2023
root with a single command: sudo logrotateJoshua Rogers (@MegaManSec)Local Privilege Escalation01-10-202303-10-2023
Exploiting ASP.NET TemplateParser — Part II: SharePoint (CVE-2023-33160)Markus Wulftange (@mwulftange)Microsoft (Sharepoint)RCE29-09-202303-10-2023
Using Cloudflare To Bypass CloudflareStefan ProkschCloudflareWAF bypass28-09-202303-10-2023
A QUIC Shutdown: DoS Vulnerability in Windows Servers Running SMB over QUICBen Barnea (@nachoskrnl)Microsoft (Windows)DoS28-09-202303-10-2023
Getting SYSTEM on Windows in styleSector 7 (@sector7_nl)Microsoft (Windows)RCE28-09-202303-10-2023
Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and MoreAdnan Khan (@adnanthekhan)MicrosoftCI/CD26-09-202327-09-2023
SCCM Hierarchy TakeoverChris Thompson (@_Mayyhem)SCCM site takeover26-09-202327-09-2023
[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955)Nguyễn Tiến Giang (@testanull)Microsoft (Sharepoint)RCE25-09-202303-10-2023
$1,250 worth of Host Header InjectionSalman Khan (@salman_ashlor)Host header injection1,25025-09-202303-10-2023
Exploiting stale ADIDNS entriesAlain Mowat (@plopz0r)Internal pentest25-09-202303-10-2023
Rooting Xiaomi WiFi RoutersJulien R.XiaomiOS command injection25-09-202303-10-2023
Exploiting ASP.NET TemplateParser — Part I: Sitecore (CVE-2023-35813)Markus Wulftange (@mwulftange)SitecoreRCE25-09-202327-09-2023
Discovering 7 Open Redirect Bypasses and 3 XSS Bypasses Within a Single Program Using the Same ParametersMohamed Anani (@0xM5awy)XSS24-09-202303-10-2023
Staff and Triage can modify the initial post of a reportAbhinav Kumar (@abhinavsecond)HackerOneLogic flaw23-09-202327-09-2023
DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code ExecutionAdam CrosserQlikRCE22-09-202303-10-2023
Van1338: Design Flaw in Riot Vanguard: $6,000Kento Oki (@kento932376)Riot GamesGame hacking6,00022-09-202303-10-2023
Uncovering a Critical Vulnerability in Samsung Mobile Security: A Bug Bounty JourneyDavid AlbertSamsungAndroid22-09-202322-09-2023
Finding Deserialization Bugs In The Solarwind PlatformPiotr Bazydło (@chudyPB)SolarWindsRCE21-09-202322-09-2023
How 2 Cute Bugs offered me a reward of 650€Anirudh KrishnakumarXSS69121-09-202322-09-2023
One Bug at a Time: $1,500 worth of XSSGavin Kramer (@atomiczsec)Stored XSS1,50020-09-202303-10-2023
Tricky 2FA Bypass Leads to 4 digit Bounty $$$$Rohaangupta (@roohaa_n)MFA bypass1,00020-09-202322-09-2023
Remote Code Execution in Tutanota Desktop due to Code FlawPaul GersteTutanotaXSS20-09-202322-09-2023
How I Got 4 SQLI Vulnerabilities At One Target Manually Using The Repeater Tabbug4you (@bug4you)SQL injection19-09-202303-10-2023
From Oversight to Ownership: How I Discovered the Path to Root on ISP’s Multiple ServersHektorInformation disclosure19-09-202303-10-2023
Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346)Tobias Ospelt (@floyd_ch)Wind RiverPath traversal19-09-202319-09-2023
Phar Deserialization (CVE-2023-28115 Patch Bypass)Rémi Matasse (@_remsio_)knplabs/knp-snappyPhar deserialization18-09-202303-10-2023
challenge writeup content-type shenanigansMathias Karlsson (@avlidienbrunn)k-XSS18-09-202303-10-2023
How i found an Stored XSS on Google BooksSokol Çavdarbasha (@sokolicav)GoogleStored XSS18-09-202327-09-2023
Weird LFI and escalating the impact from High to Criticalsnoopy (@snoopy101101)LFI18-09-202327-09-2023
Insecure Authentication Tokens leading to Account TakeoverThomas DelfinoAccount takeover18-09-202322-09-2023
38TB of data accidentally exposed by Microsoft AI researchersHillai Ben-Sasson (@hillai)MicrosoftCloud18-09-202319-09-2023
Okta For Red TeamersAdam Chester (@_xpn_)Post-exploitation18-09-202319-09-2023
22.6k+ GitHub Stars Note-Taking App Hit by XSS VulnerabilityChirag Agrawal (@__Raiders)TrilliumStored XSS17-09-202303-10-2023
A Easy Vertical Privilege Escalation via Session StorageAmjad AliPrivilege escalation16-09-202322-09-2023
CVE-2023-34040 Spring Kafka Deserialization Remote Code Executionpyn3rd (@pyn3rd)VMware (Spring Kafka)Insecure deserialization15-09-202303-10-2023
The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency TreeAsi Greenholts (@TupleType)VeracodeCI/CD14-09-202303-10-2023
Neighbourhood Watch – Hikvision Intercom EavesdroppingPeter SzotHikvisionIoT14-09-202322-09-2023
CraftCMS RCEThanhCraft CMSRCE14-09-202319-09-2023
Uncursing the ncurses: Memory corruption vulnerabilities found in libraryMicrosoft Threat Intelligence (@MsftSecIntel)ncursesMemory corruption14-09-202319-09-2023
Unauthenticated Massive PII LeakCristi Vlad (@CristiVlad25)Rate limiting bypass13-09-202303-10-2023
CVE-2023-38146: Arbitrary Code Execution via Windows Themesgabe_kMicrosoft (Windows)RCE5,00013-09-202319-09-2023
Azure HDInsight Riddled With XSS Vulnerabilities via Apache ServicesLidor Ben ShitritMicrosoft (Azure HDInsight)Stored XSS13-09-202319-09-2023
Can’t Be Contained: Finding a Command Injection Vulnerability in KubernetesTomer Peled (@tomerpeled92)KubernetesRCE13-09-202319-09-2023
Finding A Pop Chain On A Common Symfony Bundle: Part 1Rémi Matasse (@_remsio_)doctrine-bundle (Symfony package)Insecure deserialization12-09-202322-09-2023
Code Vulnerabilities Put Skiff Emails at RiskPaul GersteSkiffXSS12-09-202322-09-2023
From MQTT Fundamentals to CVEMischa Bachmann (@MischaBachmann)Eclipse FoundationDoS12-09-202322-09-2023
Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at RiskElad Rapoport (@eladrapoport)GitHubRepojacking12-09-202313-09-2023
CVE-2023-4039: GCC’s -fstack-protector fails to guard dynamic stack allocations on ARM64Tom HebbGCCMemory corruption12-09-202313-09-2023
Blog: OmniSpace, from automated 0day XSS to RCEFlorent (@Pepito_oh)Agora-Project (OmniSpace)RCE12-09-202313-09-2023
MyBB Admin Panel RCE CVE-2023-41362Sorcery IE (@SorceryIE)MyBBRCE11-09-202313-09-2023
Account hijack for anyone using Google sign-in with , due to response-type switch + leaking href to XSS on login.redacted.comsudi (@sudhanshur705)OAuth10-09-202319-09-2023
Single XSS with Earn $600Yeyinthtet (@ye_yint_htet)XSS60009-09-202313-09-2023
Leaked Database and SMTP credentials through .env fileNithisshInformation disclosure08-09-202303-10-2023
Hacking a Large Company in MINUTES by Reading Docsdan.ligBroken Access Control08-09-202327-09-2023
Orbeon Forms: The Final Form? On A Journey To RCEwatchTowr (@watchtowrcyber)OrbeonRCE08-09-202319-09-2023
Unveiling RCE on Dutch Government WebsiteNayeem Islam (@nayeems3c)Dutch GovernmentRCE08-09-202313-09-2023
How I got $$$ from AT&TAhmed BadryAT&TMissing authentication07-09-202319-09-2023
My debut with a Critical Bug: How I found my first bug (API misconfiguration)whit3ros3Hardcoded API keys07-09-202313-09-2023
Paranoids Vulnerability Research: Ivanti Issues Security AlertBlaine HerroIvantiRCE07-09-202313-09-2023
Back to the 90s: Fujitsu “IP series” Real-time Video Transmission Gear Hard Coded CredentialsAdnan Khan (@adnanthekhan)FujitsuHardcoded credentials06-09-202327-09-2023
Kirby < 3.9.6 XML External Entity (XXE) vulnerability — CVE-2023-38490Bastian Allgeier (@bastianallgeier)KirbyXXE06-09-202307-09-2023
Apache Superset Part II: RCE, Credential Harvesting and MoreNaveen SunkavallyApache SupersetRCE06-09-202307-09-2023
Again? Subdomain takeover via ideanote.ioHasyimSubdomain takeover06-09-202307-09-2023
Part 3: Learning iOS App Pentesting and Application Security with Real-World Case StudiesSwaroop Yermalkar (@swaroopsy)iOS05-09-202322-09-2023
From NTAuthCertificates to “Silver” Certificateap (@decoder_it)ADCS05-09-202313-09-2023
Subdomain takeover via nolt.ioHasyimSubdomain takeover05-09-202307-09-2023
Blog: CVE-2023-4634 – Tricky Unauthenticated RCE on Wordpress Media Library Assistant Plugin using a good old ImagickFlorent (@Pepito_oh)Media Library Assistant (WordPress plugin)LFI05-09-202305-09-2023
When URL parsers disagree (CVE-2023-38633)Zac SimsCanvaPath traversal05-09-202305-09-2023
Code Vulnerabilities Put Proton Mails at RiskPaul GersteProton MailXSS75004-09-202313-09-2023
GPOddity: Exploiting Active Directory GPOs Through NTLM Relaying, And More!Quentin Roland (@ROLANDQuentin2)Active Directory Privilege Escalation04-09-202313-09-2023
Bypass WAF by a simple trick gained $1000 bounty0xBartita (@0xBaRtiTa)WAF bypass1,00004-09-202305-09-2023
RCE on Application’s Tracking Admin PanelNithisshRCE03-09-202303-10-2023
How I was able to find the P4 vulnerability in the United States Department of Agriculture by phone.Prince RoyUnited States Department of AgricultureInformation disclosure01-09-202305-09-2023
How I could view any Facebook Groups Notes media, and they paid me a $10,000Raja Sudhakar (@Rajasudhakar)Meta / FacebookIDOR10,00031-08-202305-09-2023
ZeroQlik: Achieving Unauthenticated Remote Code Execution via HTTP Request Tunneling and Path TraversalAdam CrosserQlikRCE31-08-202305-09-2023
How I was able to modify and delete any user’s data file (filestack API)Spideynati (@yashparwekar)Hardcoded API keys31-08-202305-09-2023
SSD Advisory – File History Service (FHSVC.DLL) Elevation Of PrivilegeMicrosoft (Windows)Local Privilege Escalation31-08-202305-09-2023
Leveraging VSCode Extensions for Initial AccessMatt Johnson (@breakfix)Phishing31-08-202305-09-2023
Technical Details for CVE-2023-29301: Adobe ColdFusion Access Control Bypass for a CFAdmin Authentication ComponentBrian (@hoyahaxa)AdobeBroken Access Control30-08-202305-09-2023
PII at Your Fingertips: How I Stumbled Upon an Easy-to-Find Data Leakage Vulnerability @ SwisscomHussein AyoubSwisscomInformation disclosure30-08-202305-09-2023
Playing Dominos with Moodle’s Security (2/2)Yaniv Nizry (@YNizry)MoodleSelf-XSS28-08-202305-09-2023
Leaking File Contents with a Blind File Oracle in FlarumAdam Kues (@hash_kitten)FlarumPHP filter chain28-08-202305-09-2023
Hacking GTA V RP Servers Using Web Exploitation Techniquesveritas (@blastbots)Rockstar Games (FiveM)Game hacking28-08-202305-09-2023
Bypassing Hardened Android ApplicationsSanjay Gondaliya (@devsecboy)Android27-08-202305-09-2023
CVE-2023-36844 And Friends: RCE In Juniper DeviceswatchTowr (@watchtowrcyber)JuniperRCE25-08-202305-09-2023
RCE via Account TakeoverKarthikeyan.V (@karthithehacker)RCE25-08-202305-09-2023
Implement a Blind Error-Based SQLMap payload for SQLitesoka (@pentest_soka)SQL injection24-08-202325-08-2023
Hacking a Tapo TC60 CameraJames (@two06)TapoIoT23-08-202305-09-2023
Exploits Explained: Persisting Through a Client-Side Prototype PollutionVirendra PawarClient-side prototype pollution23-08-202325-08-2023
CVE-2023-35150: Arbitrary Code Injection In XWiki.Org XWikiSimon HumbertXWikiCode injection23-08-202325-08-2023
Shambles: The Next-Generation IoT Reverse Engineering Tool to Discover 0-Day VulnerabilitiesOlivier Laflamme (@olivier_boschko)IoT23-08-202325-08-2023
(CVE-2023-32530) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCEPoh Jia Hao (@Chocologicall)Trend MicroRCE22-08-202305-09-2023
My First Bug: How I Was Able to Bypass the WAF and Uncover a Reflected XSSFares Elsadek (@err0rbyn1ght)WAF bypass22-08-202305-09-2023
ATO | How I exploited security issue to take over admin accountar1fshaikh (@ar1fshaikh)Account takeover22-08-202305-09-2023
Bypass Two-Factor Authentication of Facebook Accounts ($25,300)Bassem M Bazzoun (@bassemmbazzoun)Meta / Facebook (Instagram)MFA bypass25,30022-08-202325-08-2023
Exploitation of Openfire CVE-2023-32315Jacob Baines (@Junior_Baines)OpenfirePath traversal22-08-202325-08-2023
Technical Details of CVE-2023-30988 – IBM Facsimile Support Privilege EscalationpzIBMLocal Privilege Escalation22-08-202325-08-2023
Playing Dominos with Moodle’s Security (1/2)Yaniv Nizry (@YNizry)MoodleStored XSS21-08-202325-08-2023
An IDOR lead joins any group makes me $2,500Arman (@M7arm4n)IDOR2,50019-08-202321-08-2023
Google Extensions (Awarded $18833.7)NDevTK (@ndevtk)GoogleRCE18,833.7018-08-202321-08-2023
(IDOR) How do I find the first vulnerability with a $2500 bounty on hackerone.Muhammad ImanIDOR2,50018-08-202321-08-2023
InfluxDB NoSQL InjectionRafael da Costa Santos (@rafabyte_)InfluxData (InfluxDB)NoSQL injection17-08-202303-10-2023
SAMLjacking a poisoned tenantLuke JenningsSAMLjacking17-08-202305-09-2023
mTLS: When certificate authentication is done wrongMichael Stepankin (@artsploit)KeycloakmTLS17-08-202321-08-2023
Code Injection Vulnerability In Reportlab Python Librarysudi (@sudhanshur705)HTML injection16-08-202305-09-2023
ScienceLogic Dumpster Fireb0yd (@rwincey)Default credentials16-08-202305-09-2023
Privilege Escalation In Ibm Spectrum VirtualizeWolfgang EttlingerIBMPrivilege Escalation15-08-202321-08-2023
Istio outboundTrafficPolicy Egress Control BypassDenis AndzakovicIstioKubernetes15-08-202321-08-2023
Podman API service listening on TCP can be used from websitesDennis DastPodmanContainer security15-08-202321-08-2023
Authenticated Arbitrary File Download (Path Traversal)Chris McCurley (@chrisrmccurley)PaperCutPath traversal14-08-202314-08-2023
Customer account takeover in Shopify storesOphion Security (@OphionSecurity)ShopifyAccount takeover13-08-202314-08-2023
From Revealing Emails to Taking Over Accounts (Hacking Telecom)Ahmad Halabi (@Ahmad_Halabi_)OTP bypass13-08-202314-08-2023
My first Critical on hackerone with a $6,400 bounty — SQL InjectionTengku Arya Saputra (@AryaaSec)SQL injection6,40013-08-202314-08-2023
[IDOR] $400 — Deleting Other Project in ShopeeTengku Arya Saputra (@AryaaSec)IDOR40013-08-202314-08-2023
What the Function: Decrypting Azure Function App Keys Thomas EllingMicrosoft (Azure)Cloud12-08-202305-09-2023
Site Takeover via SCCM’s AdminService APIGarret Foster (@garrfoster)NTLM10-08-202321-08-2023
How I got Two RCE at BBP Program @0xbartita0xBartita (@0xBaRtiTa)RCE10-08-202314-08-2023
A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: Synology DS920+ EditionVera MensSynologyRCE09-08-202321-08-2023
A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: WD PR4100 EditionNoam MosheWestern DigitalAuthentication bypass09-08-202321-08-2023
Advisory | NetModule Router Software Race Condition Leads to Remote Code ExecutionNuri ÇilengirNetModuleRace condition09-08-202321-08-2023
“Please do not make it public” – Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdroppingJeffrey KnockelTencentCryptographic issues09-08-202321-08-2023
Smashing the state machine: the true potential of web race conditionsJames Kettle (@albinowax)DeviseRace condition09-08-202314-08-2023
Finding and Exploiting Citrix NetScaler Buffer Overflow (CVE-2023-3519) (Part 3)Dylan PindurCitrix Systems (NetScaler)Buffer Overflow09-08-202314-08-2023
My secret to API privesc: Tapping compromised web serversDana Epp (@DanaEpp)Persistence08-08-202321-08-2023
Spring WebFlux – CVE-2023-34034 – Write-Up and Proof-of-ConceptYair MizrahiSpringBroken Access Control08-08-202321-08-2023
HackerOne redacted usernames disclosure in “Export as .pdf” featureJapz Divino (@japzdivino)Information disclosure50008-08-202314-08-2023
Phishing the anti-phishers: Exploiting anti-phishing tools for internal accessRojan Rijal (@uraniumhacker)AtlassianPhishing07-08-202308-08-2023
PII-nacles of Discovery: Deep Recon, Fourth-Level Subdomains, and Abusing Exposed .git RepositoriesArmand Jasharaj.git folder disclosure07-08-202308-08-2023
Privilege Escalation — Playing with the various stages of a session stateAshlyn Lau (@ashlyn_lau)Logic flaw06-08-202321-08-2023
$1000 for a simple Stored XSSsnoopy (@snoopy101101)Stored XSS1,00006-08-202308-08-2023
Cross-Tenant Information Disclosure: Unraveling Microsoft Connections, Custom Connectors, and OAuth 2.0 in Power AutomateFiras Fatnassi (@Fatnass1F1ras)MicrosoftOAuth04-08-202308-08-2023
Using Browser Tools For Bug Hunting: An Interesting 0$ Write IDOR On InstagramFaizan Ahmad WaniMeta / Facebook (Instagram)IDOR04-08-202308-08-2023
Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards PlatformIan Carroll (@iangcarroll)points.comPath traversal03-08-202308-08-2023
Hook, Line, and Phishlet: Conquering AD FS with EvilginxDaniel Underhay (@dunderhay)Phishing03-08-202308-08-2023
“PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-WildOleg ZaytsevSalesforcePhishing02-08-202321-08-2023
Identifying and Exploiting Unsafe Deserialization in RubyPlenum (@plenumlab)Insecure deserialization02-08-202308-08-2023
Anchor Tag XSS Exploitation in Firefox with Target=”_blank”Soroush Dalili (@irsdl)XSS01-08-202324-08-2023
Knocking on the Front Door (client side desync attack on Azure CDN)Jeti (@0xJeti)Microsoft (Azure)Client-Side Desync attack7,50031-07-202314-08-2023
How Cross-Site Frame Counting Exposes Private Repositories On GithubMedi (@medi_0ne)GitHubCross-Site Frame Counting31-07-202308-08-2023
Desperate XSSRamkumar NadarReflected XSS31-07-202308-08-2023
Bypassing Samesite Cookie Restrictions with Method OverrideHazana (@HazanaSec)Samesite cookie bypass30-07-202308-08-2023
HTML Over the WireRyan (@healthyoutlet)Hotwire TurboCSRF30-07-202331-07-2023
Bypassing email verification of high-profile tech company ($$$)can1337 (@canmustdie)Email verification bypass30-07-202331-07-2023
Access of Android protected components via embedded intent | Android App PentestingAbhishek Karle (@AbhishekKarle3)Android30-07-202331-07-2023
CSRFing VS Code’s Debug Adapter ProtocolDan McNulty (@_Z7mcnulty)Microsoft (VS Code)CSRF28-07-202308-08-2023
How I found two api vulnerabilities by analyzing JS source codeMohammed WaleedIDOR28-07-202331-07-2023
GameOver(lay): Easy-to-exploit local privilege escalation vulnerabilities in Ubuntu Linux affect 40% of Ubuntu cloud workloadsSagi Tzadik (@sagitz_)UbuntuLocal Privilege Escalation27-07-202331-07-2023
No keys attached: Exploring GitHub-to-AWS keyless authentication flawsChristophe Tafani-Dereeper (@christophetd)UK Cabinet OfficeOpenID Connect27-07-202331-07-2023
Huawei Theme Manager Arbitrary Code ExecutionLuca Carettoni (@lucacarettoni)HuaweiArbitrary Code Execution26-07-202331-07-2023
AWS WAF Bypass: invalid JSON object and unicode escape sequencesAndrea Menin (@AndreaTheMiddle)AWSWAF bypass26-07-202331-07-2023
Opinions are like Bugs – Every Spec has one.Ryan (@healthyoutlet)HTML injection24-07-202331-07-2023
Analysis of CVE-2023-3519 in Citrix ADC and NetScaler GatewayDylan PindurCitrix SystemsRCE24-07-202324-07-2023
Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)Shubham Shah (@infosec_au)MetabaseRCE22-07-202331-07-2023
Hijacking Cloud CI/CD Systems for Fun and ProfitDivyanshu (@gh0st_r1d3r_0x9)Google (GCP)Cloud50,00022-07-202324-07-2023
How I was Able To Bypass The Admin PanelMohamed Ibrahim (@mOhamedd7w)Information disclosure20-07-202308-08-2023
A Tale of OG XSSMullangisashank (@manisashankm)XSS20-07-202324-07-2023
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agentQualys Threat Research Unit (TRU)OpenSSHRCE20-07-202324-07-2023
Escalating Privileges With SSRFKuldeep Pandya (@kuldeepdotexe)SSRF20-07-202324-07-2023
One LFI bypass to rule them all (using base64)matan-hLFI20-07-202324-07-2023
CVE-2023-36934: Progress Software MOVEit Transfer SQL Injection Remote Code Execution VulnerabilityGuy Lederfein (@glederfein)Progress (MOVEit Transfer)SQL injection20-07-202324-07-2023
Shifting boundaries: Exploiting an Integer Overflow in Apple SafariVignesh RaoAppleInteger overflow20-07-202324-07-2023
SSD Advisory – TP-Link TL-WR840N Stack Buffe Overflow DOSydelsploit (@delsploit)TP-LinkBuffer Overflow20-07-202324-07-2023
Session Token Enumeration in RWS WorldServerRedTeam Pentesting (@RedTeamPT)Trados (WorldServer)Session management issue19-07-202303-10-2023
Escalating Privileges via Third-Party Windows InstallersAndrew Oliveau (@AndrewOliveau)AteraLocal Privilege Escalation19-07-202331-07-2023
A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application StateStefan Schiller (@scryh_)Apache OpenMeetingsAccount takeover19-07-202324-07-2023
CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]Stephen Fewer (@stephenfewer)AdobeBroken Access Control19-07-202324-07-2023
Lenovo Update Your PrivilegesRaphael RosenastLenovoLocal Privilege Escalation19-07-202324-07-2023
Shodan Recon to $1000 bounty in 2 minsAditya Singh (@CyberBeast10100)Missing authentication1,00018-07-202331-07-2023
Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain AttackRoi Nisimi (@roinisimi)GoogleCloud18-07-202324-07-2023
Absuing Amazon VPC CNI Plugin For KubernetesBeme Carnpbell (@BerneCampbell)Kubernetes17-07-202324-07-2023
Blind SQL injection with a little WAFtbBlind SQL injection17-07-202317-07-2023
The Buffer Curse: A tale of unusual exploitation in Web ApplicationFelix Alexander (@felixalexxx)CSP bypass16-07-202317-07-2023
Poch, Poch, is this thing on? Bypass AMSI with Divide & ConquerpfiatDe (@pfiatde)Microsoft (Windows Defender)AMSI bypass15-07-202324-07-2023
PenTales: Old Vulns, New TricksAustin GuidryInternal pentest14-07-202317-07-2023
Let’s Go For Whole CompanyArman (@M7arm4n)Default credentials13-07-202308-08-2023
Demo: Brute-forcing a macOS user’s real name from a browser using mDNSKonstantin DarutkinApple (macOS)Privacy issue13-07-202308-08-2023
Modeling Malicious Code: Hacking In 3DZach BevilacquaPhishing13-07-202324-07-2023
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementationAleksandar NikolicApple (macOS)Kernel hacking13-07-202317-07-2023
Major Security Flaws in Popular QuickBlox Chat And Video Framework Expose Sensitive Data Of MillionsAmir PremingerQuickBloxIDOR12-07-202324-07-2023
Performance, Diagnostics, and WMISteven Flores (@0xthirteen)Lateral movement12-07-202324-07-2023
How Private Cache Can Lead to Mass Account Takeover – pentest caseMateusz KowalczykAccount takeover12-07-202317-07-2023
Security Feature Bypass In ASP.NET and Visual Studio – Race ConditionJack MoranMicrosoftRace condition12-07-202312-07-2023
Story of Clickjacking on Microsoft Leads To Privilege Escalation & Account Takeover Of AdminAbdul Rehman ParkarMicrosoftClickjacking12-07-202312-07-2023
Executing Arbitrary Code & Executables in Read-Only FileSystemsGolan MyersKubernetes12-07-202312-07-2023
Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs – CVE-2023-35803Lachlan Davidson (@lachlan2k)Extreme NetworksMemory corruption12-07-202312-07-2023
Proof of Concept Developed for Ghostscript CVE-2023-36664 Code Execution VulnerabilityDave TrumanArtifex GhostscriptRCE11-07-202324-07-2023
Exploiting JMeter via RMIChristopher EllisApache JMeterInsecure deserialization11-07-202317-07-2023
All your parcel are belong to us – Talk at Troopers 2023Dennis KnielDHLPrivacy issue11-07-202317-07-2023
Exploiting XSS in hidden inputs and meta tagsGareth Heyes (@garethheyes)XSS11-07-202312-07-2023
An interesting RCE on a Synack Red Team target!Daly Whyte (@_d4ly_)RCE11-07-202312-07-2023
Critical Foswiki Vulnerablities: A Logic Error Turned Remote Code ExecutionChristian PöschlFoswikiRCE11-07-202312-07-2023
CVE-2023-29298: Adobe ColdFusion Access Control BypassStephen Fewer (@stephenfewer)AdobeBroken Access Control11-07-202312-07-2023
Unexpected Zero in MySQL InjectionDimaz Arno (@dimazarno)SQL injection11-07-202312-07-2023
Unveiling Access Control Flaws: How a Viewer Became an EditorAmjad AliBroken Access Control10-07-202324-07-2023
How I got Two RCE at EPAM-Bounty Program0xBartita (@0xBaRtiTa)EPAMSAP10-07-202317-07-2023
Account (of the CEO) Takeover via Password ResetCristi Vlad (@CristiVlad25)Account takeover10-07-202311-07-2023
AWS CodeBuild + S3 == Privilege EscalationPaolo Cavaglià (@Paupu_95)Cloud10-07-202311-07-2023
From Blackbox .NET Remoting to Unauthenticated Remote Code ExecutionFlorian Hauser (@frycos)act!RCE10-07-202311-07-2023
IDN Homograph Attack and Response Manipulation – The Rarest CaseJerry Shah (@Jerry)IDN homograph attack09-07-202317-07-2023
CVE-2023-36934 Analysis: MOVEit Transfer SQL InjectionRahul Maini (@iamnoooob)Progress (MOVEit Transfer)SQL injection09-07-202311-07-2023
macOS Atlassian Companion Remote Code ExecutionWojciech Reguła (@_r3ggi)AtlassianRCE09-07-202311-07-2023
Account Takeover via Custom OTP, No User Interaction Required!Bhavuk Jain (@bhavukjain1)Account takeover08-07-202311-07-2023
[REL] A Journey Into Hacking Google Search ApplianceDEVCORE (@d3vc0r3)GoogleRCE07-07-202312-07-2023
New Vulnerability in protobufjs: Prototype Pollution – CVE-2023-36665Peter SamarinprotobufjsPrototype pollution06-07-202324-07-2023
PenTales: “User enumeration is not a vulnerability” – I beg to differBen LeidenUsername enumeration06-07-202317-07-2023
Full Disclosure – DOM-based XSS And Failures In Bug Bounty HuntingKuldeep Pandya (@kuldeepdotexe)DOM XSS06-07-202311-07-2023
RCE In GitLab’s CLI Toolameya (@0xtakemyhand)GitLabRCE06-07-202311-07-2023
Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)clem (@clavoillotte)Microsoft (Windows)Local Privilege Escalation06-07-202311-07-2023
Story Of My First RCE 🙂0utlawh4ck3r (@outlawh4ck3r)RCE06-07-202311-07-2023
Recon only bugs are sweet!Hazem Hussien (@_bughunter)Information disclosure05-07-202324-07-2023
Chaining for Critical: Unauthorized to Cloud AdministratorJake WnukSSRF05-07-202311-07-2023
Sometimes What Sounds Benign Can Bite You: An Unexpected Implication of Lambda PrivilegesErmetic TeamAWSCloud04-07-202324-07-2023
Exploiting Non-Cloud SSRF for More Fun & ProfitBasavaraj Banakar (@basu_banakar)SSRF04-07-202317-07-2023
Linux local electron application script-src: self bypassMizu (@kevin_mizu)Electron04-07-202312-07-2023
Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489)Dylan PindurCitrix (ShareFile)RCE04-07-202311-07-2023
Getting email address of any HackerOne user worth $7,500Japz Divino (@japzdivino)HackerOneInformation disclosure7,50004-07-202304-07-2023
Partial File Read in phpList <= 3.6.12 (CVE-2023-35834)Vincent HerbulotphpListArbitrary file read04-07-202304-07-2023
Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory UsageRichard Warren (@buffaloverflow)Nullsoft Scriptable Installer System (NSIS)Local Privilege Escalation03-07-202324-07-2023
On ColdFusion, AES, and Padding Oracle Attacks: Hic Sunt DraconesBrian (@hoyahaxa)Padding oracle attack03-07-202304-07-2023
Hunting for Nginx Alias Traversals in the wildDaniel (Celesian) Matsumoto (@c3l3si4n)BitwardenPath traversal6,50003-07-202304-07-2023
How We Found Another GitHub Action Environment Injection Vulnerability in a Google ProjectNoam DotanGoogle (Orbit)CI/CD03-07-202304-07-2023
Technical Details of CVE-2023-30990 – Unauthenticated RCE in IBM i DDM ServicepzIBMRCE03-07-202304-07-2023
Patch Diffing CVE-2023-28121 to Compromise a WooCommerceJulien Ahrens (@MrTuxracer)Authentication bypass03-07-202303-07-2023
How Abusing AWS CloudFormation Led to a Total Takeover of an AWS EnvironmentNightbane (@Nightbanes)Cloud02-07-202303-07-2023
How did I get 200$ with WordPress vulnerability!!!NguhuynhInformation disclosure20002-07-202303-07-2023
Multiple vulnerabilities on Chamilo 1.11.18Aituglo (@aituglo)ChamiloOS command injection01-07-202317-07-2023
How i was able to get Account Takeover via Insecure Data Storage and WebView With Exported ActivityMohamed Reda (@M0x0101)Account takeover01-07-202303-07-2023
Multiple Vulnerabilities In Cockpit CMS <= V2.5.2GhostCcamm (@GhostCcamm)Cockpit CMSCSRF30-06-202312-07-2023
Domain Takeover Without Domain Admin PermissionsJoe Helle (@joehelle)Active Directory Privilege Escalation30-06-202304-07-2023
Server-side Template Injection Leading to RCE on Google VRPmizzleneupane (@mizzle_neupane5)GoogleSSTI30-06-202304-07-2023
Chaining Self Blind XSS with Broken Access Control To Make it Non Self Blind XSSsudhanshu Kumar kashyap (@ReebootToInit5)Blind XSS30-06-202304-07-2023
CVE-2023-33298 – Perimeter81 Local Privilege EscalationNSEcho (@lateralusd_)Perimeter81Local Privilege Escalation30-06-202304-07-2023
SSO Gadgets II: Unauthenticated Client-Side Template Injection to Account Takeover using SSO Gadget ChainLauritz Holtmann (@_lauritz_)CSTI30-06-202303-07-2023
Laravel debug mode left on at Zouikwatzeggen.nl leaks admin credentials & potentially submitted reports of improper behaviour at Amsterdam University Medical CentersJonathan Bouman (@JonathanBouman)AmsterdamUMCDebug mode enabled30-06-202303-07-2023
How I get 1000$ bounty for Discovering Account Takeover in Android ApplicationAmol BhavarAccount takeover1,00030-06-202303-07-2023
Exploiting the HP Printer without the printer (Pwn2Own 2022)Interrupt Labs (@InterruptLabs)HPPrinter hacking29-06-202304-07-2023
Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL APIPeter M (@pmnh_)Stored XSS29-06-202303-07-2023
Reversing Citrix Gateway for XSSDylan PindurCitrix SystemsReflected XSS29-06-202303-07-2023
Weakness of IntegrationAhmed Elmorsi (@0Xhunterx)Logic flaw29-06-202303-07-2023
CVE-2023-20864: Remote Code Execution In VMware Aria Operations For LogsDustin ChildsVMwareRCE29-06-202303-07-2023
Libcurl CRLFWorty (@_Worty)PHP libcurl libraryCRLF injection28-06-202303-07-2023
CVE-2023-26258 – Remote Code Execution in ArcServe UDP BackupJuan Manuel Fernandez (@TheXC3LL)ArcServeRCE28-06-202303-07-2023
Process Mockingjay: Echoing RWX In Userland To Achieve Code ExecutionSecurity Joes (@SecurityJoes)DLL injection27-06-202312-07-2023
The massive bug at the heart of the npm ecosystemDarcy Clarke (@darcy)Supply chain attack27-06-202303-07-2023
How BAC(Broken Access Control) got me a Pre Account TakeoverBharat SinghPre-account takeover27-06-202327-06-2023
Unleashing the Power of Recon: How I Earned $2500 in 5 MinutesKarthikeyan.V (@karthithehacker)OGNL injection2,50027-06-202327-06-2023
iOS App Pentesting and Security with Real-World Case Studies Part 2Swaroop Yermalkar (@swaroopsy)iOS26-06-202303-10-2023
Why ORMs and Prepared Statements Can’t (Always) WinThomas Chauchefoin (@swapgs)SokoSQL injection26-06-202312-07-2023
Multiple vulnerabilities in UCOPIA <= 6.0.7 (CVE-2022-44719 / CVE-2022-44720)Jean BonnevieWeblib (Ucopia)Security misconfiguration26-06-202312-07-2023
ServiceNow Insecure Access Control To Full Admin TakeoverRezk0n (@Rezk0n)ServiceNowBroken Access Control26-06-202304-07-2023
DOS attack possible on Reset 2FA feature of #HackeroneLokesh RanjanHackerOneApplication-level DoS26-06-202327-06-2023
A Classical Account Takeover Case via Multiple BypassesKamil Onur Özkaleli (@ko2sec)Account takeover26-06-202327-06-2023
Account Takeover: Unraveling IDOR + Stored XSS Flaws in an NFT MarketplacePratik Yadav (@PratikY9967)IDOR26-06-202327-06-2023
Stored XSS via Exif Data0 day exploit (@0day_exploit_)Stored XSS26-06-202327-06-2023
My first two valid and rewarded Web Cache Deceptions, earning $2250Benja (bronxi) (@hbenja_m)Web cache deception2,25025-06-202327-06-2023
Using Dark Web in Bug BountyMuhammad Mater (@micro0x00)Credential stuffing25-06-202327-06-2023
How I Hacked Scopely and Got $$$Aryan W13DOM (@NeuRosis23)ScopelySelf-XSS25-06-202327-06-2023
One mistake, Three bugs: Comprehensive android pentesting.Kushal JainAndroid60024-06-202327-06-2023
Pulling SYSTEM out of Windows GINAPedro Ribeiro (@pedrib1337)Zoho (ManageEngine ADSelfService Plus)Authentication bypass23-06-202311-07-2023
GraphQL API Hacking!Mahmuduzzaman KamolGraphQL23-06-202327-06-2023
How I found a SQL Injection bug in using my cellphone.Naeem Ahmed Sayed (@0xNaeem)SQL injection50023-06-202325-06-2023
My First Bug is RCE via SQL injection!z3r0xk (@z3r01k)SQL injection23-06-202325-06-2023
Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]Ron Bowes (@iagox86)Fortra (Globalscape)Out-of-bounds Read23-06-202325-06-2023
Netskope Client Service Local Privilege EscalationJean-Jamil KhalifeNetskopeLocal Privilege Escalation22-06-202327-06-2023
Gaps in Azure Service Fabric’s Security Call for User VigilanceDavid FiserCloud21-06-202317-07-2023
UNCONTAINED: Uncovering Container Confusion in the Linux KernelJakob KoschelLinux Kernel OrganizationKernel hacking21-06-202317-07-2023
My first bounty on Synack Red TeamOctavian Mihail RomanescuStored XSS923.521-06-202327-06-2023
How I hacked NASA and got 8 bugs ?EL Sayed Mohammed (@ElsayedMo77amed)NASAOpen redirect21-06-202327-06-2023
AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design ChoiceMarc Olivier BergeronMicrosoftSQL injection21-06-202325-06-2023
Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce MalwareMax Corbridge (@CorbridgeMax)Microsoft (Teams)IDOR21-06-202325-06-2023
Leaking secrets through caching with Bunny CDNTim Perry (@pimterry)bunny.netWeb cache poisoning20-06-202327-06-2023
Bypassing Okta SSO=> HTTPS/HTTPInderjeet Singh (@3nc0d3dGuY)Yahoo! / Verizon MediaSSO20-06-202325-06-2023
nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account TakeoverDescope (@descopeinc)Microsoft (Azure AD)OAuth20-06-202321-06-2023
Leveraging Android Permissions: A Solver ApproachJérémy BretonGoogle (Android)Android20-06-202321-06-2023
RCE via Path Traversal vulnerability in Onlyoffice CommunityServer < 12.5.2 (CVE-2023-34939)Kirill Firsov (@k_firsov)OnlyOfficePath traversal19-06-202304-07-2023
How I Unveiled a Critical Vulnerability: Exposing All Buyers’ Invoices PII with a Single TrickAymanInformation disclosure19-06-202327-06-2023
Unleashing the Cloud: A Journey into Hacking College Servers and Uncovering Security VulnerabilitiesSmukx (@Smukx07)Authentication bypass19-06-202327-06-2023
DLL Hijacking – Finding Vulnerabilities In pestudio 9.52Matei JosephspestudioDLL Hijacking19-06-202327-06-2023
chonked pt.1: minidlna 1.3.2 http chunk parsing heap overflow (cve-2023-33476) root cause analysishyper (@hyprdude)MiniDLNAMemory corruption19-06-202327-06-2023
LibreOffice Arbitrary File Write (CVE-2023-1883)Gregor KopfLibreOfficeArbitrary file write19-06-202325-06-2023
The Unexpected “0” Master ID for Account Data ManipulationYoKo Kho (@YokoAcc)IDOR2,50019-06-202321-06-2023
How we tried to book a train ticket and ended up with a databreach with 245,000 recordszerforschung (@zerforschung)DiscoverEUSubdomain takeover19-06-202321-06-2023
[CVE-2023-32695] Socket.IO DoS Trought Javascript Property Manipulation on WebSocketsRafael da Costa Santos (@rafabyte_)Socket.IODoS18-06-202303-10-2023
FortiNAC – Just a few more RCEsFlorian Hauser (@frycos)FortinetRCE18-06-202321-06-2023
Exploiting HTTP Parsers InconsistenciesRafael da Costa Santos (@rafabyte_)NginxParsing issue17-06-202303-10-2023
From Bug Bounty Hunter to Risk Analyst: My Cybersecurity Journey at Deloittehimanshu pdy (@himanshu_pdy)DeloitteAccount takeover17-06-202327-06-2023
One Electron to Rule Them AllUriel Kosayev(@MalFuzzer)Electron16-06-202321-06-2023
Admin Panel Bypass without the credentialsSayim0x (@sayim0x)PfizerAuthentication bypass15-06-202327-06-2023
Brute-forcing ButterflyMX Virtual Keys and Hacking Time LimitsRobert FoggiaButterflyMXBruteforce15-06-202321-06-2023
PII Data Leakage and US$1500 Bountyferferof (@ferferof_)Information disclosure1,50014-06-202327-06-2023
SQL Injection in The HTTP Custom Headeryoshi m lutfi (@yoshiahmadlutfi)SQL injection14-06-202327-06-2023
Pwning Admin Panel To Change Movie Ticket Prices at DisneyInderjeet Singh (@3nc0d3dGuY)DisneyBruteforce14-06-202325-06-2023
Two XSS Vulnerabilities in Azure with Embedded postMessage IFramesLidor Ben ShitritMicrosoft (Azure)XSS14-06-202321-06-2023
The Old, The New and The Bypass – One-click/Open-redirect to own Samsung S22 at Pwn2Own 2022Nguyễn Tiến Giang (@testanull)SamsungOpen redirect14-06-202321-06-2023
Learning iOS App Pentesting and Security Part 1Swaroop Yermalkar (@swaroopsy)iOS13-06-202303-10-2023
Patch Diffing Progress MOVEIt TransferDylan PindurProgress (MOVEit Transfer)RCE13-06-202327-06-2023
IDOR, unpin posts for fun.Omar AhmedLinkedInIDOR13-06-202327-06-2023
Reflected XSS Injection & Permanent Open Redirection0 day exploit (@0day_exploit_)Reflected XSS2,00013-06-202327-06-2023
Jasper Reports Library Code InjectionDennis HeinzeJasper ReportsRCE13-06-202325-06-2023
Pre-Authenticated RCE In VMware VRealize Network Insight – CVE-2023-20887Sina Kheirkhah (@SinSinology)VMwareRCE13-06-202313-06-2023
XORtigate: Pre-authentication Remote Code Execution on Fortigate VPN (CVE-2023-27997)Charles Fol (@cfreal_)Fortinet (Fortigate VPN)RCE13-06-202313-06-2023
Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)Ross BradleyDynamic LINQRCE13-06-202313-06-2023
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos TrustDirk-jan Mollema (@_dirkjan)Azure AD13-06-202313-06-2023
can I speak to your manager? hacking root EPP servers to take control of zonesSam Curry (@samwcyo)CoCCAXXE12-06-202313-06-2023
Taking Over an Entire Organization – A Journey Through Multiple BugsHacktus (@H4cktus)Broken Access Control12-06-202313-06-2023
googlesource.com access_token leak (Awarded $7500)NDevTK (@ndevtk)GoogleURL validation bypass$7,50011-06-202312-06-2023
Kubernetes pentest — Bypassing load balancerhosein vita (@HoseinVita)Security code review10-06-202312-06-2023
XSS in GMAIL Dynamic Email (AMP for Email)asdqw3GoogleXSS$6,00009-06-202303-10-2023
My First Bug: A Unique $500 XSS.f3tchXSS$75009-06-202312-06-2023
Sony Bravia Remote Code Execution DisclosureBrett DeWall (@xbadbiddyx)SonyRCE09-06-202312-06-2023
Hunting for Bitwarden master passwords stored in memoryNaz Markuta (@NazMarkuta)BitwardenInformation disclosure08-06-202304-07-2023
Confused Deputy Vulnerability in Cloudflare CASBAlbert Pedersen (@AlbertSPedersen)CloudflareConfused deputy3,30008-06-202313-06-2023
Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code ExecutionNick Powers (@zyn3rgy)Phishing08-06-202312-06-2023
How I Hacked 100K+ Godaddy Users And Help To Secure For FreeBishal Shrestha (@bishal0x01)GoDaddy.git folder disclosure08-06-202312-06-2023
Abusing Client-Side Desync on WerkzeugMizu (@kevin_mizu)WerzeugClient-Side Desync attack07-06-202312-06-2023
KeePass Triggers Are Dead, Long Live KeePass Triggers!Julien Bedel (@d3lb3_)KeePassLocal Privilege Escalation07-06-202312-06-2023
MSSQL linked servers: abusing ADSI for password retrievalPablo Martínez (@xassiz)ADSI07-06-202312-06-2023
OneDrive To Enum Them Allnyxgeek (@nyxgeek)Microsoft (OneDrive)Username enumeration06-06-202312-06-2023
How I was able to get account takeover via IDOR form JWTMohamed Reda (@M0x0101)JWT06-06-202306-06-2023
Compromising Honda’s power equipment / marine / lawn & garden dealer eCommerce platform through a vulnerable password reset APIEaton Z. (@XeEaton)HondaPassword reset06-06-202306-06-2023
Turning a 50$ Tab-Nabbing vulnerability into a 1000$ Account takeoverMalek Mohamed (@MalekMohamed0)Reverse tabnabbing1,00006-06-202306-06-2023
Kanboard – Spraying Malicious Tasks Across all ProjectsCastilho (@castilho101)KanboardBroken Access Control06-06-202306-06-2023
SSD Advisory – Roundcube MarkAsJunk RCESelim Enes Karaduman (@Enesdex)RoundcubeRCE06-06-202306-06-2023
CVE-2022-32902: Patch One Issue and Introduce TwoMickey Jin (@patch1t)Apple (macOS)TCC bypass06-06-202306-06-2023
Multiple vulnerabilities in Delmia Apriso 2017 to 2022Mehdi ElyassaDassault Systèmes (Delmia Apriso)Insecure deserialization05-06-202312-06-2023
A short white box code audit of avoPaul WertherAvoStored XSS05-06-202306-06-2023
Storing Passwords – A Journey Of Common PitfallsRedTeam Pentesting (@RedTeamPT)STARFACEPass-the-Hash05-06-202306-06-2023
Bypassing CSP via DOM clobberingGareth Heyes (@garethheyes)DOM Clobbering05-06-202305-06-2023
Send email from anyone to any(user outlook Microsoft)Abbas Heybati (@abbas_heybati)MicrosoftOpen mail relay04-06-202305-06-2023
Breaking TikTok: Our Journey to Finding an Account Takeover VulnerabilitymrhavitTikTokXSS04-06-202305-06-2023
AWS Chain Attack- Thousands of Vulnerable EKS ClustersChen Shiri (@ChenShiri73)AWS Kubernetes04-06-202305-06-2023
How a misconfigured Lotus Domino Server can lead to Disclosure of PII Data of Employees, Configuration Details about the Active Directory, etcAayush Vishnoi (@AayushVishnoi10)Lotus Domino04-06-202305-06-2023
Rate Limit Bypass Leads to 0 Click ATOZeroXUF (@ZeroXUF)Rate limiting bypass04-06-202305-06-2023
Prototype Pollution AkamaiSudhanshu Rajbhar (@sudhanshur705)Client-side prototype pollution03-06-202305-06-2023
RCE via LDAP truncation on hg.mozilla.orgjoernchen (@joernchen)MozillaRCE03-06-202305-06-2023
Bypassing An Industry-Leading WAF and Exploiting SQLiAdeeb ShahSQL injection01-06-202305-06-2023
CVE-2023-24941: Microsoft Network File System Remote Code ExecutionQuinton CristMicrosoft (Windows)RCE01-06-202305-06-2023
Anatomy of an IoT Exploit, from Hands-On to RCEDavid BakerWavlinkIoT01-06-202305-06-2023
Ghost Sites: Stealing Data From Deactivated Salesforce CommunitiesNitay BachrachSalesforce31-05-202305-06-2023
Reverse Engineering Coin Hunt World’s Binary ProtocolqkchambersCoin Hunt WorldReverse engineering31-05-202305-06-2023
Kramer VIA GO² – Multiple issuesJim Rush (@JimSRush)KramerRCE31-05-202305-06-2023
an offensive look at docker desktop extensionsLeon Jacobs (@leonjza)DockerOS command injection30-05-202312-06-2023
Vulnerabilities In Apache Commons-Text 1.10.0Chris (@mc_0wn)Apache Commons TextPath traversal30-05-202305-06-2023
New macOS vulnerability, Migraine, could bypass System Integrity ProtectionJonathan Bar Or (@yo_yo_yo_jbo)Apple (macOS)SIP bypass30-05-202305-06-2023
VSCode Remote Code Execution advisoryAmmar AskarMicrosoft VSCode)RCE30-05-202305-06-2023
Hunting For Password Reset Tokens By Spraying And Using HTTP PipeliningTom NeavesPassword reset30-05-202301-06-2023
Exploit an unexploitable XSS via an open redirect — A Real-Life Scenario from a Hacker’s MindsetZiad AliXSS29-05-202301-06-2023
XSS in WordPress via open embed auto discoveryJakub Żoczek (@zoczus)WordPressXSS29-05-202329-05-2023
The 30000$ Bounty Affair.Gokulsspace (@GokTest)RCE30,00028-05-202329-05-2023
Anonymised Penetration Test ReportVolkis (@VolkisAU)Internal pentest28-05-202329-05-2023
Find out the IP address through a call to Telegram…Igor S. BederovTelegramPrivacy issue28-05-202329-05-2023
Utilizing Historical URLs of an Organization to successfully execute SQL queries — Blind SQLiAayush Vishnoi (@AayushVishnoi10)Blind SQL injection26-05-202305-06-2023
Exploring Three Remote Code Execution Vulnerabilities in RPC RuntimeBen Barnea (@nachoskrnl)Microsoft (Windows)RCE26-05-202329-05-2023
CVE-2023-2825 Analysis And ExploitOccamSec (@occamsec)GitLabPath traversal25-05-202327-06-2023
Exploiting The Sonos One Speaker Three Different Ways: A Pwn2Own Toronto HighlightThe ZDI Research Team (@thezdi)SonosMemory corruption1,05,00025-05-202305-06-2023
Ericsson Sensitive Data Exposure via Trace.axdDavid Sopas (@dsopas)EricssonInformation disclosure25-05-202329-05-2023
XSS Via Qr CodeAhmed Osama (A0G)XSS25-05-202329-05-2023
Hacking my “smart” toothbrushCyrill KünziIoT24-05-202305-06-2023
how I found a tricky XSSZiad AliXSS24-05-202301-06-2023
Unintended Path to Exam Domination – AWS EC2 Meta-DataDr. Michael Gschwender (@rootcathacking)Cloud24-05-202329-05-2023
GCP CloudSQL Vulnerability Leads to Internal Container Access and Data ExposureOfir Balassiano (@ofir_balassiano)Google (GCP)Cloud24-05-202329-05-2023
Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online servicesAviad Carmel (@AviadCarmel)ExpoOAuth24-05-202329-05-2023
From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take OverTom NeavesGraphQL23-05-202305-06-2023
Tampering with Conditional Access Policies Using Azure AD Graph APISecureworks Counter Threat Unit (@Secureworks)Microsoft (Azure)Cloud23-05-202329-05-2023
Multiple vulnerabilities in Danfoss Storeview WebFlorent SicchioDanfossOS command injection22-05-202308-08-2023
CVE 2023 25690 – Proof of Conceptdhmosfunk (@DSkfunk)Apache HTTP ServerHTTP Request Smuggling22-05-202301-06-2023
Red team: Journey from RCE to have total control of cloud infrastructureQuang Vo (@mr_r3bot)RCE22-05-202322-05-2023
Azure DNS Takeover @ SwisscomHussein AyoubSwisscomDNS takeover22-05-202322-05-2023
I helped a top Indian health benefits management platform from major PII leak by hacking their SQL Servers, AWS instance, DCs etc.nav1n (@nav1n0x)SQL injection22-05-202322-05-2023
2FA Bypass Using Custom Cookie ParameterSharat Kaikolamthuruthil (@sharp488)MFA bypass22-05-202322-05-2023
AEM Bug in AdobeMuhammad Mater (@micro0x00)AdobeAEM20-05-202322-05-2023
Exploiting SQL Error SQLSTATE[42000] To Own MariaDB of A Large Online Media Leadernav1n (@nav1n0x)SQL injection3,00020-05-202322-05-2023
Why You Should Always Check The Audit Log [Medium] — $500Emanuel Beni HarijantoInformation disclosure50020-05-202322-05-2023
Exposing iCloud user’s Name, phone numbers, and email addresses.Renganathan (@IamRenganathan)Apple (iCloud)Information disclosure20-05-202322-05-2023
DNS Recursion Leads to DoS Attack Vivo Play (IPTV) — CVE-2023–31893ShooterVivoDoS20-05-202322-05-2023
Official extension spoofing attacks: when trusted add-ons are not so trustedYesenia Trejo (@Yess_2021xD)Extension spoofing19-05-202322-05-2023
Blind OS Command Injection via Activation RequestNguyễn Hoàng Thạch (@hi_im_d4rkn3ss)VMwareMemory corruption80,00018-05-202329-05-2023
Blind OS Command Injection via Activation RequestArumusutakimu (@arumusutakimu)OS command injection18-05-202322-05-2023
Stored Iframe Injection & Permanent Open Redirection – Zero DayJerry Shah (@Jerry)DiscourseHTML injection18-05-202322-05-2023
How Misconfigured and Vulnerable Devices Could Expose Your Company to Physical and Cyber ThreatsArben Shala (@arbennsh)IoT18-05-202322-05-2023
A $1,000,000 bounty? The KuCoin User Information LeakCorben Leo (@hacker_)Information disclosure5,00018-05-202318-05-2023
KeePass Master Password Exploit – CVE-2023-32784 – Proof Of Concept (POC)Luke KavanaghKeePassPlaintext Storage of a Password17-05-202305-06-2023
Arbitrary email forgery in WebflowAntoine CarrincazeauxWebflowEmail spoofing17-05-202322-05-2023
DLL Hijacking Strikes Back: Exploiting Windows on ARM RDP Client (CVE-2023-24905)Dor DaliMicrosoft (Windows)DLL Hijacking17-05-202322-05-2023
LOLBINed — Finding “LOLBINs” In AV UninstallersNasreddine Bencherchali (@nas_bench)KasperskyLocal Privilege Escalation17-05-202322-05-2023
DOS via cache poisoningAllam Rachid (@blank_cold)Web cache deception17-05-202318-05-2023
From DA to EA with ESC5Andy Robbins (@_wald0)Active Directory Privilege Escalation17-05-202318-05-2023
From GitHub To Account Takeover: Misconfigured Actions Place GCP & AWS Accounts At RiskRezonateAccount takeover16-05-202322-05-2023
Hardcore RCE via directory name for $3.000Lev ShmelevRCE3,00016-05-202318-05-2023
Unauthenticated Remote Command Execution in Multiple WAGO ProductsQuentin Kaiser (@QKaiser)WAGORCE16-05-202318-05-2023
‘FriendlyName’ Buffer Overflow Vulnerability in Wemo Smart Plug V2Amit Serper (@0xAmit)Belkin (Wemo)IoT16-05-202318-05-2023
Bypassing open redirect protection site-wide on web2py applicationsMohamed Dief (@DemoniaSlash)Web2pyOpen redirect15-05-202329-05-2023
Avast Anti-Virus privileged arbitrary file create on virus restore (CVE-2023-1586)Denis Skvortcov (@Denis_Skvortcov)AvastTOCTOU15-05-202322-05-2023
Triple Threat: Breaking Teltonika Routers Three WaysRoni GavrilovTeltonikaIoT15-05-202322-05-2023
Finding and reporting a Gatekeeper bypass exploit with help from Mac MonitorBrandon Dalton (@PartyD0lphin)Apple (macOS)GateKeeper bypass15-05-202322-05-2023
Linux IPv6 “Route of Death” 0dayMax VA (@maxpl0it)Linux Kernel OrganizationDoS15-05-202318-05-2023
Pimcore: One click, two security vulnerabilitiesYaniv Nizry (@YNizry)PimcorePath traversal15-05-202318-05-2023
CVE-2023-26818 – Bypass TCC with Telegram in macOSDan Revah (@danrevah)Apple (macOS)TCC bypass15-05-202318-05-2023
CS:GO: From Zero to 0-dayFelipeValve (CS:GO)Game hacking22,50013-05-202315-05-2023
Container security: Infecting images to establish backdoorsEmilien Socchi (@emiliensocchi)Container security12-05-202312-06-2023
The Printer Goes Brrrrr, Again!Rémi Jullian (@netsecurity1)CanonPrinter hacking12-05-202315-05-2023
One Bug at a Time: I failed my quiz on purpose to get $1,000!atomiczsec (@atomiczsec)IDOR1,00012-05-202315-05-2023
Discovering a Hidden Security Loophole: Rent luxury Cars for a Single DollarYash SanchetiPayment tampering12-05-202315-05-2023
Hacking HackerOne: How computer vision helped uncover hidden vulnerabilities?Abdullah Mohamed (@3bodymo_)HackerOneInformation disclosure11-05-202325-06-2023
Rendezvous with a Chatbot: Chaining Contextual Risk VulnerabilitiesAbeer Banerjee (@bugasur)Chatbot11-05-202315-05-2023
Hacking Chess.com: My Journey to Unlock Premium Bots on the Android AppFr4 (@_icebre4ker_)Chess.comAndroid10-05-202315-05-2023
What is kong & why we’re relying on itLaluka (@TheLaluka)KongaRCE10-05-202312-05-2023
Bypass IIS Authorisation with this One Weird Trick – Three RCEs and Two Auth Bypasses in Sitecore 9.3Dylan PindurSitecoreRCE10-05-202311-05-2023
From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows APIBen Barnea (@nachoskrnl)Microsoft (Outlook)Privilege escalation10-05-202311-05-2023
RCE due to Dependency Confusion — $5000 bounty!Chevon Phillip (@ChevonPhillip)Dependency confusion5,00010-05-202311-05-2023
Testing a new encrypted messaging app’s extraordinary claimsCrnkovićConversoAndroid10-05-202311-05-2023
Discovery of an XSS on OperaArman (@M7arm4n)OperaXSS10-05-202311-05-2023
PwnAssistant – Controlling /home’s Via A Home Assistant RCEelttam (@elttam)Home AssistantAuthentication bypass09-05-202311-05-2023
Subdomain Takeover leading to Full Account TakeoverHacktus (@H4cktus)Subdomain takeover3,00008-05-202317-07-2023
A deep-dive on Pluck CMS vulnerability CVE-2023-25828Matthew HoggPluck CMSUnrestricted file upload08-05-202322-05-2023
Escaping Parallels Desktop with Plist Injectionkn32ParallelsLocal Privilege Escalation08-05-202311-05-2023
Sorting Your Way to Stolen PasswordsNightbane (@Nightbanes)Bruteforce08-05-202311-05-2023
IPv6 DNS Takeover via mitm6 (Write Up)Evan Ricafort (@evanricafort)MiTM08-05-202308-05-2023
How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomainAayush Vishnoi (@AayushVishnoi10)RCE07-05-202308-05-2023
How I discovered XSS via triple URL encodeMuhammed MubarakXSS50007-05-202308-05-2023
Size matters! When capital letters introduce vulnerabilitiesMario StathakopoulosMicrosoftXSS06-05-202313-05-2023
Dependabot Confusion: Gaining Access to Private GitHub Repositories using DependabotGiraffe SecurityGitHubDependency confusion2,50006-05-202308-05-2023
CSS Injection via PostMessages to stealing Credit Card InfoCastilho (@castilho101)postMessage05-05-202308-05-2023
Mass Assignment leads to the victim’s account being inaccessible foreverArman (@M7arm4n)Mass assignment05-05-202308-05-2023
Bullied by Bugcrowd over Kape CyberGhost disclosureCeri Coburn (@_ethicalchaos_)Kape (CyberGhost)Local Privilege Escalation05-05-202308-05-2023
Cookie Bugs – Smuggling & InjectionAnkur Sundara (@ankursundara)Eclipse Foundation (Jetty)Cookie smuggling05-05-202306-05-2023
A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF…Julien Cretel (@jub0bs)postMessage20005-05-202306-05-2023
When Good APIs Go Bad: Uncovering 3 Azure API Management VulnerabilitiesLiv Matan (@terminatorLM)Microsoft (Azure)SSRF04-05-202306-05-2023
Privilege Escalations through IntegrationsColin McQueenPrivilege escalation04-05-202306-05-2023
OpenAI Allowed “Unlimited” Credit on New AccountsDavid Sopas (@dsopas)OpenAILogic flaw04-05-202304-05-2023
CVE-2023-25394 – VideoStream Local Privilege EscalationDan Revah (@danrevah)VideostreamLocal Privilege Escalation03-05-202318-05-2023
The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics ComponentBing SunMicrosoft (Windows)Out-of-bounds Read03-05-202308-05-2023
Accessing Admin Dashboard in 5 seconds: Hall of Fame.Sumedh DawadiDefault credentials03-05-202304-05-2023
Automating SQL Injection On Encrypted RequestJanirudranshSQL injection03-05-202304-05-2023
When you’re so bored, you start debugging someone else’s code: bug hunting in a random Cloud-Native projectONSEC.io Research TeamForemanSSTI03-05-202304-05-2023
Exploiting misconfigured Google Cloud Service Accounts from GitHub ActionsRevblock (@revbl0ck)OpenID Connect02-05-202318-05-2023
Securing Databricks cluster init scriptsElia FlorioDatabricksPrivilege escalation02-05-202304-05-2023
How do I Bypass Payment when a Subscription ends so I don’t have to pay for my subscriptionAidil AriefPayment bypass02-05-202304-05-2023
CVE-2023-28231: RCE In The Microsoft Windows DHCPv6 ServiceGuy Lederfein (@glederfein)Microsoft (Windows)RCE02-05-202304-05-2023
SSD Advisory – KerioControl Remote Code ExecutionSimon JanzGFI Software (KerioControl)RCE02-05-202304-05-2023
AWS Identity Center (formerly known as AWS SSO): A Guide to Privilege Escalation and Identity and Access ManagementJason KaoAWSPrivilege escalation01-05-202308-05-2023
Placeholder for Dayzzz: Abusing placeholders to extract customer informationsOphion Security (@OphionSecurity)GitHubSSTI01-05-202304-05-2023
Apache Solr 8.3.1 RCE from exposed administration interfaceNicolas BrunnerApache SolrRCE01-05-202304-05-2023
Azure Devops CICD Pipelines – Command Injection With Parameters, Variables And A Discussion On Runner HijackingSana Oshika (@bigshika)Microsoft (Azure DevOps Pipelines)CI/CD01-05-202304-05-2023
Unauthorized access to the admin panel via leaked credentials on the WayBackMachineArman (@M7arm4n)Information disclosure01-05-202304-05-2023
Bug Bounty Writeup: Stored XSS Vulnerability WAF BypassRafael Silva “lopseg”Stored XSS01-05-202304-05-2023
TENDA–N301-v6–(CVE-2023–29680,CVE-2023–29681)Mateus PantojaTendaSensitive Information Sent Over an Unencrypted Channel30-04-202308-05-2023
Exploiting an Order of Operations Bug to Achieve RCE in Oracle OperaShubham Shah (@infosec_au)Oracle (Opera)RCE30-04-202304-05-2023
Netflix — Bypassing Multi-Factor Authentication (MFA)Lyubomir Tsirkov (@lyubo_tsirkov)NetflixMFA bypass30-04-202304-05-2023
How I Chained an Information Disclosure Bug with SQL InjectionMba-oji Chiagoziem (@g0ziem)SQL injection30-04-202304-05-2023
Privilege Escalation in Microsoft WindowsTobias Neitzel (@qtc_de)Microsoft (Windows)Local Privilege Escalation28-04-202322-05-2023
Ambushed by AngularJS: a hidden CSP bypass in Piwik PROGareth Heyes (@garethheyes)PiwikCSP bypass28-04-202329-04-2023
Redash SAML Authentication BypassAn Trinh (@_tint0)RedashSAML28-04-202328-04-2023
Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707)Nguyễn Tiến Giang (@testanull)Microsoft (Exchange)RCE28-04-202328-04-2023
Avast Anti-Virus privileged arbitrary file create on virus quarantine (CVE-2023-1585 and CVE-2023-1587)Denis Skvortcov (@Denis_Skvortcov)AvastTOCTOU26-04-202304-05-2023
Alias file to rule them all — One click code execution with alias file in macOSMikko Kenttälä (@Turmio_)Apple (macOS)Arbitrary Code Execution26-04-202328-04-2023
Git Arbitrary Configuration Injection (CVE-2023-29007)André Baptista (@0xacb)GitLogic flaw26-04-202327-04-2023
Finding XSS in a million websites (cPanel CVE-2023-29489)Shubham Shah (@infosec_au)cPanelReflected XSS26-04-202327-04-2023
Never Connect to RDP Servers Over Untrusted NetworksOlivier Bilodeau (@obilodeau)MicrosoftRDP26-04-202327-04-2023
API Misconfiguration – Algolia API KeyJerry Shah (@Jerry)Hardcoded API keys26-04-202327-04-2023
Methodological approach to find business logic bugsFady Othman (@Fady_Othman)Logic flaw25-04-202322-05-2023
New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)Pedro UmbelinoService Location Protocol (SLP)DoS25-04-202308-05-2023
CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code ExecutionNaveen SunkavallyApache SupersetRCE25-04-202327-04-2023
Odoo: Get your Content Type right, or else!Dennis Brinkrolf (@DBrinkrolf)OdooXSS24-04-202328-04-2023
Vocera Report Server Pwnageb0yd (@rwincey)StrykerRCE24-04-202327-04-2023
No Portals NeededChen Levy Ben AroyMFA bypass24-04-202327-04-2023
Discord Rich Presence LeonardSSH.vscordSudhanshu Rajbhar (@sudhanshur705)vscordInformation disclosure23-04-202322-05-2023
How careless default credentials impact to massive account takeoverM Maulana AbdullahAuthentication bypass22-04-202324-04-2023
Stealing GitHub staff’s access token via GitHub ActionsRyotaK (@ryotkak)GitHubCI/CD22-04-202324-04-2023
Compromising Garmin’s Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual MachineTao SauvageGarminIoT21-04-202327-04-2023
Exploits Explained: Permission misconfiguration within Salesforce JavaScript Remoting tokens used for Apex ControllersMahmoud Gamal (@Zombiehelp54)Salesforce21-04-202327-04-2023
From BitLocker-Suspended to Virtual MachineReino MostertInternal pentest21-04-202327-04-2023
XS-Leak: Deanonymize Microsoft Skype Users by any 3rd-party websitesJayateertha Guruprasad (@JayateerthaG)Microsoft (Skype)XSLeaks21-04-202327-04-2023
CVE-2023-23525: Get Root via A Fake InstallerMickey Jin (@patch1t)Apple (macOS)Local Privilege Escalation20-04-202304-05-2023
Turning Vulnerability into Bounty: How CVE-2020–17453 XSS Earned Me a $500 BountyKarthikeyan.V (@karthithehacker)Components with known vulnerabilities50020-04-202304-05-2023
GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accountsAstrix Security (@AstrixSecurity)Google (GCP)Cloud20-04-202329-04-2023
Bypassing Link Sharing Protection in Messenger Kids Parent’s Control Feature | Meta Bug BountySyd Ricafort (@devsyd11)Meta / FacebookURL validation bypass50020-04-202327-04-2023
The Fuzzing Guide to the Galaxy: An Attempt with Android System ServicesAnthony RemySamsungAndroid20-04-202327-04-2023
Turning Vulnerability into Bounty: How CVE-2020–17453 XSS Earned Me a $500 BountyKarthikeyan.V (@karthithehacker)Components with known vulnerabilities50020-04-202324-04-2023
Uncovering a Critical Vulnerability: My Journey of Discovering CVE-2021–31589, a Reflected XSS in LinkedInKarthikeyan.V (@karthithehacker)LinkedInComponents with known vulnerabilities20-04-202324-04-2023
CVE-2022-29844: A Classic Buffer Overflow On The Western Digital My Cloud Pro Series PR4100Luca Moro (@johncool__)Western DigitalBuffer Overflow40,00020-04-202324-04-2023
How I hacked hackers in Voorivex Hunt Eventsnoopy (@snoopy101101)Cloudflare bypass19-04-202308-05-2023
Vulnerability Spotlight: CVE-2023-0264Timo Müller (@mtimo44)KeycloackOpenID Connect19-04-202327-04-2023
How I Manipulated My Rank on the Bugcrowd PlatformMuhammad Khizer Javed (@khizer_javed47)BugcrowdLogic flaw90019-04-202324-04-2023
Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 2Eviatar GerziDockerLocal Privilege Escalation19-04-202324-04-2023
Weblogic CVE-2023-21931 vulnerability exploration technique: post-deserialization exploitationGoby (@GobySec)Oracle (WebLogic)Insecure deserialization19-04-202324-04-2023
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database ServicesRonen Shustin (@ronenshh)AlibabaCloud19-04-202324-04-2023
How Material Security Uncovered a Vulnerability in the Gmail APIChris Long (@Centurion)GoogleBroken Access Control18-04-202308-05-2023
My First Case of SSRF Using DirsearchMba-oji Chiagoziem (@g0ziem)SSRF18-04-202308-05-2023
Popping Tags: Exploiting Template Injections in PRTG Network MonitorPeter SzotPaesslerReflected XSS18-04-202327-04-2023
Impersonating Other Players with UDP Spoofing in MirrorIncludeSec (@IncludeSecurity)Unity (Mirror)Game hacking18-04-202327-04-2023
Break the Logic: Playing with product ratings on a shopping site(600$)FıratLogic flaw60018-04-202327-04-2023
[Responsible Disclosure] How we could have deleted any Linkedin postAnand Prakash (@anandpraka_sh)LinkedInIDOR10,00018-04-202324-04-2023
Identifying vulnerabilities in GitHub Actions & AWS OIDC ConfigurationsRojan Rijal (@uraniumhacker)AWSCI/CD18-04-202324-04-2023
Multiple Critical Vulnerabilities In Strapi Versions <=4.7.1GhostCcamm (@GhostCcamm)StrapiAuthentication bypass17-04-202324-04-2023
A Big company Admin Panel takeover $4500nanwnAuthentication bypass4,50017-04-202324-04-2023
(CVE-2023-2017) Shopware 6 Server-side Template Injection (SSTI) via Twig Security ExtensionNgo Wei Lin (@Creastery)ShopwareSSTI17-04-202324-04-2023
Bypassing the 2FA /MFA — An Easy winShobhit MehtaMathWorksMFA bypass16-04-202329-04-2023
From payload to 300$ bounty: A story of CRLF injection and responsible disclosure on HackerOneKarthikeyan.V (@karthithehacker)CRLF injection30016-04-202324-04-2023
How do I get cross site scripting(“xss”) in “Nokia”EL Sayed Mohammed (@ElsayedMo77amed)NokiaXSS16-04-202324-04-2023
From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDORAayush Vishnoi (@AayushVishnoi10)Debug mode enabled14-04-202308-05-2023
User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264)Jordi Zayuelas i MuñozKeycloackOAuth14-04-202328-04-2023
Remote Code Execution Vulnerability in Google They Are Not Willing To FixGiraffe SecurityGoogleDependency confusion50014-04-202324-04-2023
How I got RCE in + 10 websites…m4cddr (@m4cddr)RCE13-04-202315-04-2023
TOPdesk vulnerable to XML Signature Wrapping AttacksPaulo A. Silva (@pauloasilva_com)TOPdeskXML Signature Wrapping12-04-202318-05-2023
Rooting A Common-criteria Certified Printer To Improve OpsecRedTeam Pentesting (@RedTeamPT)CanonPrinter hacking12-04-202328-04-2023
CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwdTom Neavesshadow-utilsLocal Privilege Escalation12-04-202315-04-2023
SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897)Julien Ahrens (@MrTuxracer)SecurePointMemory leak12-04-202315-04-2023
How ChatGPT helped me find a bugAbhishekgkXSS20011-04-202329-04-2023
Losing control over Schneider’s EcoStruxure Control ExpertRuben Santamarta (@reversemode)Schneider ElectricRCE11-04-202327-04-2023
Java Exploitation Restrictions in Modern JDK TimesFlorian Hauser (@frycos)Insecure deserialization11-04-202327-04-2023
SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620)Julien Ahrens (@MrTuxracer)SecurePointAuthentication bypass11-04-202315-04-2023
Pretalx Vulnerabilities: How to get accepted at every conferenceStefan Schiller (@scryh_)PretalxArbitrary file read11-04-202315-04-2023
Shell in the Ghost: Ghostscript CVE-2023-28879 writeupsigabrt9 (@sigabrt9)Artifex GhostscriptBuffer Overflow11-04-202315-04-2023
From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account KeysRoi Nisimi (@roinisimi)Microsoft (Azure)Cloud11-04-202315-04-2023
CVE-2023-1767 – Stored XSS on Snyk Advisor service can allow full fabrication of npm packages health scoreGal Weizman (@WeizmanGal)SnykStored XSS10-04-202304-05-2023
Hijacking Arch Linux Packages by Repo Jacking GitHub RepositoriesJoren VranckenRepojacking10-04-202329-04-2023
Account Take Over (Via an API)Thabiso MokoenaAccount takeover10-04-202324-04-2023
A successful prototype pollution chained to a DOM XSSAllam Rachid (@blank_cold)Prototype pollution10-04-202315-04-2023
How I was able to change password of any corporate userCH3TANAccount takeover09-04-202324-04-2023
Steal authentication token with one-click on misconfigured WebView.Kerolos A. Saber (@0xWise)Android3,00008-04-202324-04-2023
SQL Wildcard DoS – Hang Till DeathJerry Shah (@Jerry)DoS08-04-202324-04-2023
Stored Cross-Site Scripting (XSS) in Zimbra version 8.8.15_GA_4059 CVE-2022-41348Guillaume JacquesZimbraStored XSS07-04-202304-05-2023
SharePoint Webpart Property Traversal Vulnerability Analysis (CVE-2022–38053, CVE-2023–21742, CVE-2023–21717)Nguyễn Tiến Giang (@testanull)Microsoft (Sharepoint)Property traversal06-04-202307-04-2023
A web security story from 2008: silently securing JSON.parseMike Samuel (@mvsamuel)JSON.parseParsing issue06-04-202307-04-2023
Escaping Adobe Sandbox: Exploiting an Integer Overflow in Microsoft Windows Crypto ProviderMichele Campa (@s1ckb017)Microsoft (Windows)Integer overflow06-04-202307-04-2023
Let me Unmask my next 👻g30rgy th3 d4rk (@Crypt0g30rgy)TinderIDOR06-04-202306-04-2023
Simple Bugs 0x02: Overwritting Uploaded FilesVitor Falcao (@egl_falcao)Normalization06-04-202306-04-2023
Bash Privileged-mode Vulnerabilities In Parallels Desktop And CDPATH Handling In MacOSReno Robert (@renorobertr)ParallelsMacoS06-04-202306-04-2023
Exploiting insecure exception loggingBogdan CalinBlind XSS05-04-202315-04-2023
Discovering Headroll (CVE-2023–0704) in ChromiumRhys Elsmore (@rhyselsmore)Google (Chromium)SOP bypass2,00005-04-202306-04-2023
Microsoft Intune, Version AdvisoryBen Lincoln (@0x00C651E0)Microsoft (Intune)Unquoted search path04-04-202304-05-2023
Windows Task Scheduler Application, Version 19044.1706 AdvisoryBen Lincoln (@0x00C651E0)Microsoft (Windows)Unquoted search path04-04-202304-05-2023
Post Account Takeover? Account Takeover of Internal Tesla AccountsEvan Connelly (@Evan_Connelly)TeslaAccount takeover04-04-202306-04-2023
Bypassing Amazon Kids+ Parental Controlsn00py (@n00py1)AmazonLogic flaw04-04-202306-04-2023
Pentah0wnage: Pre-Auth RCE in Pentaho Business Analytics ServerHarry WithingtonHitachi Vantara (Pentaho)RCE04-04-202306-04-2023
Holiday Hunting With AquatoneKuldeep Pandya (@kuldeepdotexe)SSRF3,60503-04-202310-04-2023
CyberGhostVPN – the story of finding MITM, RCE, LPE in the Linux clientmmmdsCyberGhostRCE03-04-202307-04-2023
Blind XSS via SMS Support Chat — $1100 Bug Bounty!Chevon Phillip (@ChevonPhillip)Blind XSS1,10003-04-202306-04-2023
Simple Bugs 0x01: Password Changing to Account Takeover!Vitor Falcao (@egl_falcao)Account takeover03-04-202306-04-2023
Two Minor Cross-Tenant Vulnerabilities in AWS App RunnerNick Frichette (@frichette_n)AWSCross-tenant vulnerability03-04-202306-04-2023
Lenovo database of root user credentials exposedASTUTELenovo.git folder disclosure03-04-202306-04-2023
Let’s Hack Citizens BankArman (@M7arm4n)Citizens BankXSS03-04-202306-04-2023
Bug Bounty: como encontrei o bug Unrestricted File UploadPaulo MotaUnrestricted file upload10002-04-202306-04-2023
Finding RCE in NodeJS templating engine ‘Eta’ – CVE-2022-25967Rayhan Ahmed Niloy (@Rayhan0x01)EtaRCE01-04-202306-04-2023
Beware of Java’s String.getBytesRuben Santamarta (@reversemode)Swiss E-VotingHash collision31-03-202306-04-2023
Protected Users: you thought you were safe uh?Aurélien CHALOT (@Defte_)Microsoft (Windows)Active Directory31-03-202331-03-2023
Unveiling the Secrets: My Journey of Hacking Google’s OSS7𝖍3𝖍4𝖈kv157 (@7h3h4ckv157)GoogleCSRF31-03-202331-03-2023
Exposed Docker Registries Server as Critical Reminder on Container SecurityEmad ShawkyDocker Registry31-03-202331-03-2023
From an Innocent api-key to PII datag30rgy th3 d4rk (@Crypt0g30rgy)Information disclosure20030-03-202306-04-2023
Exploiting Hibernate Injection in “Order by” Clause (Oracle database)Mannu Linux (@IndiShell1046)HQL injection30-03-202306-04-2023
How to avoid the aCropalypseHenrik BrodinGooglePrivacy issue30-03-202306-04-2023
Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)Lidor Ben ShitritMicrosoft (Azure)RCE30-03-202331-03-2023
Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain AttackNadav NoyMicrosoft (Azure Pipelines)RCE30-03-202331-03-2023
Found SSRF and LFI in Just 10 minutes of using burp!Khaled Mohamed (@0xElkomy)SSRF30-03-202331-03-2023
Riding the Azure Service Bus (Relay) into Power PlatformNick Landers (@monoxgas)Microsoft (Azure)RCE30-03-202331-03-2023
CVE-2022-37734: graphql-java Denial-of-ServiceArtem Logutovgraphql-javaGraphQL30-03-202331-03-2023
Hacking Admin Panel & Getting free subscriptionZeeshan Mustafa (@by6153)Exposed registration API29-03-202331-03-2023
It’s a (SNMP) Trap: Gaining Code Execution on LibreNMSStefan Schiller (@scryh_)LibreNMSRCE29-03-202331-03-2023
BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explainedHillai Ben-Sasson (@hillai)Microsoft (Bing)Account takeover29-03-202331-03-2023
I’d TAP That PassDaniel Heinsen (@hotnops)Azure AD29-03-202331-03-2023
Attacking Android Antivirus Applications2Dai (@mabenz68)McAfeeAndroid29-03-202331-03-2023
A short tell of LFI from PDF link → Professor the HunterProfessor the Hunter (@bughuntar)LFI29-03-202331-03-2023
High severity vulnerability fixed in WordPress Elementor Pro plugin.Jerome BruandetElementorBroken Access Control28-03-202315-05-2023
The curl quirk that exposed Burp Suite & Google ChromePaul Mutton (@paulmutton)PortSwiggerLFI28-03-202331-03-2023
Dynamic Linking Injection and LOLBAS FunJoseph HenryDLL Hijacking28-03-202331-03-2023
My First Bug, Open redirect at Epic Games → $500 BountyProfessor the Hunter (@bughuntar)Epic GamesOpen redirect50027-03-202331-03-2023
Using an Undocumented Amplify API to Leak AWS Account IDsNick Frichette (@frichette_n)AWSCloud27-03-202331-03-2023
My Journey to Nokia Hall of Fame in just 10 minutesRajdipNokiaDOM XSS27-03-202328-03-2023
How I escalated default credentials to Remote Code ExecutionPawan Chhabria (@heybenchmarkkk)Default credentials26-03-202328-03-2023
CVE-2023–1410 : Stored XSS in the Graphite Function Description tooltipAswin K V (@deep_marketer_)Grafana LabsStored XSS25-03-202328-03-2023
Hacking AI: System and Cloud Takeover via MLflow ExploitDan McInerney (@DanHMcInerney)MLflowLFI25-03-202331-03-2023
Joomla! CVE-2023-23752 to Code ExecutionJacob Baines (@Junior_Baines)Joomla!Broken Access Control23-03-202331-03-2023
Exploiting prototype pollution in Node without the filesystemGareth Heyes (@garethheyes)Server-side prototype pollution23-03-202328-03-2023
Escalating Privileges with Azure Function AppsKarl Fosaaen (@kfosaaen)Microsoft (Azure)Privilege escalation23-03-202328-03-2023
Finding Initial Access on a real life Penetration TestWarren Butterworth (@w88ugs)Old components with known vulnerabilities23-03-202328-03-2023
Story of a Beautiful Account Takeover.Ambush Neupane (@N_ambush)Account takeover23-03-202323-03-2023
Getting Root – A Technical WalkthroughOccamSec (@occamsec)Information disclosure22-03-202327-06-2023
Expression DoS Vulnerability Found In Spring – CVE-2023-20861Dan GlendowneSpringDoS22-03-202323-03-2023
Improper Privilege Management in Grails Spring Security Core <= 5.1.0 (CVE-2022-41923)Benjamin Sepe (@Butanal_C4H8O)GrailsPrivilege escalation21-03-202328-03-2023
PHP Filter Chains: File Read From Error-based OracleRémi Matasse (@_remsio_)Arbitrary file read21-03-202323-03-2023
Windows Installer EOP (CVE-2023-21800)Adrian DenkiewiczMicrosoft (Windows)Local Privilege Escalation21-03-202323-03-2023
How I got access to Essilor International company customer PII INFO by AWS metadata access through SSRFSantosh Kumar Sha (@killmongar1996)SSRF21-03-202323-03-2023
Bypassing CloudTrail in AWS Service Catalog, and Other Logging ResearchNick Frichette (@frichette_n)AWSCloud20-03-202323-03-2023
Parallels Desktop Toolgate VulnerabilityAlexandre Adamski (@NeatMonster_)ParallelsPath traversal20-03-202323-03-2023
Credit card statement disclosure vulnerability in Viseca’s eXpense portalPentagrid (@pentagridsec)VisecaIDOR20-03-202323-03-2023
JMX Exploitation RevisitedMarkus Wulftange (@mwulftange)RCE20-03-202323-03-2023
SSTI leads to RCE on PyroCMScupc4k3PyroCMSSSTI20-03-202323-03-2023
Exploiting aCropalypse: Recovering Truncated PNGsDavid Buchanan (@David3141593)GooglePrivacy issue18-03-202306-04-2023
Easy $$$ via API params manipulation leading to bypassing the email verification blockFares Walid (@SirBagoza)Mass assignment18-03-202323-03-2023
Account Takeover with rate limit bypassShamim Ahamed (@itm4n)Rate limiting bypass18-03-202323-03-2023
Remote code execution in BIRT Viewer ≤ 4.12.0 (CVE-2023-0100)Louis Wolfers (@TG91aXMK)Eclipse FoundationRCE17-03-202308-05-2023
Bypassing PPL in Userland (again)Clément Labro (@itm4n)Microsoft (Windows)Kernel hacking17-03-202323-03-2023
Directory Traversal and LFI worth $400Hritik ThapaPath traversal40017-03-202318-03-2023
Anatomy of a Reflected XSS: My Discovery on a Microsoft’s SubdomainSawrav ChowdhuryMicrosoftReflected XSS17-03-202318-03-2023
How I chained multiple High-impact vulnerabilities to create a critical one.Vinay Jagetiya (@princej_76)Account takeover17-03-202318-03-2023
SSRF Cross Protocol Redirect BypassSzymon DrosdzolSSRF16-03-202321-03-2023
Facebook Creator Studio Misconfiguration $$$$Abdul Rehman ParkarMeta / FacebookSession expiration issue16-03-202318-03-2023
CHECKMATEOded VaanunuChess.comWebsockets16-03-202318-03-2023
OAuth 2.0 Authentication MisconfigurationMohamed Lakhdar Metidji (@minometidjii)OAuth16-03-202318-03-2023
Bypassing Character Limit – XSS Using Spanned PayloadSMHTahsin33 (@SMHTahsin33)XSS15-03-202316-03-2023
Emotional Rollercoaster: A Unique Case Study of Bypassing Antivirus and Firewall by Abusing PostgreSQLYousef Amery (@YousefAmery)RCE15-03-202315-03-2023
LFI – An Interesting TweakJerry Shah (@Jerry)LFI15-03-202315-03-2023
IP spoofing and SQL injection in TextcubeSjoerd LangkemperTextcubeSQL injection15-03-202315-03-2023
Backend Parameter Injection –> RCEAustin (@systemdumb)RCE14-03-202313-06-2023
AD Security Research: Breaking Trust TransitivityCharlie Clark (@exploitph)Microsoft (Windows)Active Directory Privilege Escalation14-03-202323-03-2023
Finding Hundreds of SSRF Vulnerabilities on AWSCarlos PolopAWSSSRF14-03-202316-03-2023
CVE-2023–24625 / IDOR in Faveo Service Deskcupc4k3FaveoIDOR14-03-202316-03-2023
Producing a POC for CVE-2022-42475 (Fortinet RCE)Alain Mowat (@plopz0r)FortinetMemory corruption14-03-202315-03-2023
Vulnerabilities in the TPM 2.0 reference implementation codeFrancisco Falcon (@fdfalcon)MicrosoftMemory corruption20,00014-03-202315-03-2023
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege VulnerabilityDominic Chell (@domchell)Microsoft (Outlook)Privilege escalation14-03-202315-03-2023
Your Browser is Not a Safe SpaceCorey HamLocal Privilege Escalation14-03-202315-03-2023
Hacking the Docker Registry with Burp SuiteH1Xploit (@H1Xploit)Docker Registry14-03-202315-03-2023
Microsoft Defender for Cloud Management Port Exposure ConfusionAaron SawitskyMicrosoftCloud14-03-202315-03-2023
Veeam Backup and Replication CVE-2023-27532 Deep DiveJames Horseman (@JamesHorseman2)VeeamLocal Privilege Escalation13-03-202328-03-2023
The Time I Hacked Google’s Manual Actions DatabaseTom Anthony (@TomAnthonySEO)GoogleBroken Access Control5,00013-03-202315-03-2023
How I Leak Other’s Access Token by Exploiting Evil Deeplink FlawCrisdeo Nuel SiahaanInsecure deeplink13-03-202315-03-2023
Dolibarr : unauthenticated contacts database theftVladimirDolibarrSQL injection13-03-202315-03-2023
P1 Vulnerability by Bypassing the membership payment pageViktor MaresPayment bypass12-03-202315-03-2023
The story of how I was able to chain SSRF with Command Injection VulnerabilityRaj Qureshi (@RajQureshi9)SSRF12-03-202315-03-2023
CCAINDevTK (@ndevtk)GoogleXSS11-03-202312-06-2023
[Netflix][Smart TV] — Chaining Self-XSS with Session poisoning.Lyubomir Tsirkov (@lyubo_tsirkov)NetflixSelf-XSS11-03-202323-03-2023
Account Takeover: An Epic Bug Bounty StoryJaydev AhireAccount takeover11-03-202323-03-2023
CVE-2022-36413 Unauthorized Reset Password of Zoho ManageEngine ADSelfService PlusSkyZoho (ManageEngine)Password reset10-03-202323-03-2023
Bugging Out: My Experience of Earning $300 for Reporting an Unexpected BugCharlie : The HackerSubdomain takeover30010-03-202323-03-2023
Improper Authentication in Android AppoXnoOneXoLogic flaw10-03-202321-03-2023
Default Credentials on Sony- Swag TimeArman (@M7arm4n)SonyHardcoded credentials10-03-202315-03-2023
Rxss inside href attribute – Bypassing lots of weird checks to takeover accounts!Ashutosh Dutta (@maniacmarvel_)Reflected XSS2,00010-03-202315-03-2023
I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability.nav1n (@nav1n0x)SQL injection3,50010-03-202315-03-2023
Clipchamp ( Microsoft Office Product) – Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero Interaction Account takeoverVikas Anil Sharma (@vikzsharma)Microsoft (ClipChamp)Authorization bypass10-03-202315-03-2023
Wait Time Bypass for fun and Profitthe_unluck_guy (@7he_unlucky_guy)AutomatticRate limiting bypass10-03-202310-03-2023
Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)Sean Pesce (@SeanPesce)Local Privilege Escalation09-03-202323-03-2023
EJS – Server Side Prototype Pollution gadgets to RCEMizu (@kevin_mizu)Node.js third-party modules (EJS)Server-side prototype pollution09-03-202310-03-2023
The Silent Spy Among Us: Modern Attacks Against Smart IntercomsClaroty’s Team82 (@Claroty)AkuvoxIoT09-03-202310-03-2023
Self XSS To Stored Through IDOR/Arben Shala (@arbennsh)IDOR08-03-202310-03-2023
CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCEIlay Goldman (@GoldmanIlay)JenkinsRCE08-03-202310-03-2023
How I got Owned A Multi-Billion Dollar Retailer’s MySQL Databases Using Simple SQL Injectionnav1n (@nav1n0x)SQL injection08-03-202310-03-2023
PwnAgent: A One-Click WAN-side RCE in Netgear RAX Routers with CVE-2023-24749Zion Basque (@mahal0z)NetgearRCE08-03-202310-03-2023
The story of becoming a Super AdminÖmer Kepenek (@omer_kepenek)Hardcoded credentials08-03-202308-03-2023
Subdomain Takeover: How a Misconfigured DNS Record Could Lead to a Huge Supply Chain AttackGal Nagli (@naglinagli)GitHubSubdomain takeover08-03-202308-03-2023
Unauthorized access to Codespace secrets in GitHubOphion Security (@OphionSecurity)GitHubLogic flaw07-03-202308-03-2023
[Account Takeover] Don’t Send a Message to anyone Before Reading This [External Audit]Vipul SahuHTTP response manipulation07-03-202308-03-2023
WordPress BuddyForms Plugin — Unauthenticated Insecure Deserialization (CVE-2023–26326)Joshua Martinelle (@J0_mart)Insecure deserialization07-03-202308-03-2023
Feeding Tasty Objects to Visual Studio’s App Center SDK for AppleJenny (@OldM4nHunting)MicrosoftInsecure deserialization07-03-202308-03-2023
Attacking .NET Web Servicesb0yd (@rwincey)SiemensSecurity code review06-03-202310-03-2023
Caveat Implementor! Key Recovery Attacks on MEGAMartin R. Albrecht (@martinralbrecht)MEGACryptographic issues06-03-202310-03-2023
A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved AlgorithmsNicky MouhaPythonCryptographic issues06-03-202308-03-2023
Remote Stealth Brute-force of Oracle Database PasswordsViktor MarkopoulosBruteforce06-03-202308-03-2023
Manipulating Encrypted Traffic for Manual and AutomationSourav Kalal (@Ano_F_)Client-side encryption bypass06-03-202308-03-2023
Insecure Toyota CRM exposed Mexican customer informationEaton Z. (@XeEaton)ToyotaAuthentication bypass06-03-202308-03-2023
Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002)Brian (@hoyahaxa)Mura CMSAuthentication bypass06-03-202308-03-2023
Accessing to Data Sources of any Facebook Business account via IDOR in GraphQLMukund Bhuva (@MukundBhuva)Meta / FacebookIDOR06-03-202308-03-2023
Exposing Users Table From a Leaky GraphQL QueryInderjeet Singh – encodedguy (@3nc0d3dGuY)GraphQL06-03-202306-03-2023
Protecting Android clipboard content from unintended exposureMicrosoft 365 Defender Research TeamSHEINAndroid06-03-202306-03-2023
IDOR on bitdefender.comVivek MBitdefenderIDOR05-03-202308-03-2023
500$ Bounty in just 5 minutes through Recon!!!!Himanshu Pdy (@himanshu_pdy)AWS misconfiguration50005-03-202306-03-2023
Microsoft Word RTF Font Table Heap CorruptionJoshua J. Drake (@jduck)Microsoft (Office)Memory corruption05-03-202306-03-2023
JS file enumeration for bug bounty huntersAadarsh Anand (@ScreamZoro)Information disclosure04-03-202308-03-2023
30-Minute Heist: How I Bagged a $1500 Bounty in Just few Minutes!Charlie : The HackerBroken Access Control1,50004-03-202306-03-2023
Bug in Netflix with my automationAli Mansour (@Ali45598547)NetflixInformation disclosure40004-03-202306-03-2023
Unauthorized Access To Admin Panel via SwaggerArman (@M7arm4n)Coca-ColaMissing authentication04-03-202306-03-2023
Bypass TCC via iCloudWojciech Reguła (@_r3ggi)Apple (macOS)TCC bypass04-03-202306-03-2023
Bypassing Safe-Redirect in Rails 7.0Ryan (@healthyoutlet)Ruby on RailsOpen redirect03-03-202308-08-2023
GitHub Security Lab audited DataHub: Here’s what they foundAlvaro Muñoz (@pwntester)DataHubSSRF03-03-202306-03-2023
Web Cache Poisoning – Capability to disable/deface the app.██████████.com (A tale of poisoning through the layers of caching)Ankit Singh (@AnkitCuriosity)Web cache poisoning1,00003-03-202306-03-2023
CS-Cart PDF Plugin Unauthenticated Command InjectionNgo Wei Lin (@Creastery)CS-CartRCE03-03-202306-03-2023
How Your NFTs Could Have Been Stolen in Just One ClickPermaSecure (@PermaSecure)postMessage03-03-202306-03-2023
Upgrade plan from Free to Paid via Response ManipulationIbrahim Radi (@ibraradi9)Payment bypass03-03-202306-03-2023
How I Earned $$$ for Excessive Data Exposure Through Directory Traversal Leads to Product Price ManipulationMohamed ShibilPath traversal50003-03-202306-03-2023
The Story of My First Reflected XSSAhmed Kamal Abu_Elwafa (@AhmedKa01184061)Reflected XSS03-03-202306-03-2023
Email Verification Bypass Worth $$$the_unluck_guy (@7he_unlucky_guy)Email verification bypass03-03-202306-03-2023
Hacking the Nintendo DSi BrowserNathan Farlow (@0x1337cafe)NintendoMemory corruption02-03-202306-03-2023
Traveling with OAuth – Account Takeover on Booking.comAviad Carmel (@AviadCarmel)Booking.comOAuth02-03-202303-03-2023
Mining Takeovers for Fun and ProfitArtur Marzano (@MacmodSec)Subdomain takeover01-03-202306-03-2023
How a simple IDOR impacted the data of thousands of customers of an Indian automotive giantKushal JainAccount takeover01-03-202306-03-2023
Web Cache Deception Attack on a private bug bounty programsnoopy (@snoopy101101)Web cache deception01-03-202306-03-2023
Introducing AladdinLefteris Panos (@lefterispan)Microsoft (Windows)Insecure deserialization01-03-202306-03-2023
Gitpod remote code execution 0-day vulnerability via WebSocketsElliot WardGitpodRCE01-03-202302-03-2023
Abusing Hop-by-Hop Header to Chain A CRLF Injection VulnerabilitySimon Bräuer (@redshark1802)CRLF injection01-03-202302-03-2023
Exfiltrating AWS Credentials via PDF Rendering of Unsanitized InputCristi Vlad (@CristiVlad25)SSRF01-03-202302-03-2023
How I Earned $1800 for finding a (Business Logic) Account Takeover Vulnerability?Vivek Kumar Yadav (@0xd3vil)Account takeover1,80001-03-202302-03-2023
Broken links hijacking and CDN takeoverBartłomiej Bergier (@_bergee_)Broken link hijacking20028-02-202302-03-2023
A New Vector For “Dirty” Arbitrary File Write to RCEMaxence Schmitt (@maxenceschmitt)Arbitrary file write28-02-202302-03-2023
Empowering weak primitives: file truncation to code execution with GitThomas Chauchefoin (@swapgs)Argument injection28-02-202302-03-2023
CVE-2022-38108: RCE In Solarwinds Network Performance MonitorPiotr Bazydło (@chudyPB)SolarWindsInsecure deserialization28-02-202302-03-2023
A student’s dream: hacking (then fixing) Gradescope’s autograderAditya Saligrama (@saligrama_a)GradescopeRCE28-02-202302-03-2023
[Tips & Tricks] Exfiltrating User’s Data Through CSV InjectionRE:HACK (@rehackxyz)CSV injection28-02-202328-02-2023
My First Un-Expected $$$$ Digit Bounty for an Un-Expected VulnerabilityShobhit MehtaLack of rate limiting1,00028-02-202328-02-2023
Abusing Maven’s pom.xmlGianluca Baldi (@0x_nope)Apache MavenRCE27-02-202302-03-2023
VMware Workspace One AccessSteven Seeley (@steventseeley)VMwareRCE27-02-202302-03-2023
The Vulnerability That Exposed an UN Website to Remote Code ExecutionMullangisashank (@manisashankm)United NationsComponents with known vulnerabilities27-02-202302-03-2023
$10.000 bounty for exposed .git to RCELev Shmelev.git folder disclosure10,00027-02-202328-02-2023
Grand Theft Auto – A peek of BLE relay attack@Kevin2600Bluetooth27-02-202328-02-2023
Interesting Stored XSS in sandboxed environment to Full Account TakeoverAnurag__VermaStored XSS27-02-202328-02-2023
How did I found RCE on SHAREit which rewarded $$$ bountySuprit PandurangiSHAREitLog4shell26-02-202306-03-2023
Using efficient tooling to hunt GraphQL security issuesNishant Jain (@realArcherL)GraphQL26-02-202328-02-2023
The Tale of a Command Injection by Changing the Logo0xrz (@omidxrz)RCE2,40026-02-202328-02-2023
Account Takeover worth of $5Jefferson Gonzales (@gonzxph)OAuth26-02-202328-02-2023
How I got a $2000 bounty with RXSSHashir Sami Khan (@P4n7h3Rx)Reflected XSS2,00026-02-202328-02-2023
Unauthenticated GraphQL Introspection and API callsOsama Avvan (@osamaavvan)GraphQL26-02-202326-02-2023
Give me a browser, I’ll give you a ShellRendLocal Privilege Escalation25-02-202302-03-2023
My P1 — Account TakeoverKullai (@Kullai12)Account takeover25-02-202328-02-2023
From CVE-2022-33679 to Unauthenticated KerberoastingTrampas Howe (@trampashowe)Microsoft (Windows)Kerberos25-02-202326-02-2023
Authenticated XXE vulnerability in IBM Tivoli Workload Scheduler CVE-2022-38389Geoffrey Bertoli (@YofBalibump)IBMXXE24-02-202302-03-2023
draw.io CVEs@caioludersdraw.ioSSRF24-02-202328-02-2023
Exploits Explained: Using APIs to Execute a Server-Side Request Forgery@cor3min3rSSRF24-02-202328-02-2023
Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB ExplorerNgo Wei Lin (@Creastery)Microsoft (Azure)Account takeover24-02-202326-02-2023
Little bug, Big impact. 25k bountyNightbane (@Nightbanes)Hardcoded API keys25,00024-02-202326-02-2023
Blind XSS fired on Admin panel worth $2000Feri Susanto (@feribytex)Blind XSS2,00024-02-202326-02-2023
Escaping well-configured VSCode extensions (for profit)Vasco FrancoMicrosoftElectron7,50023-02-202308-03-2023
How I Used JS files inspection and Fuzzing to do admins/supports stuffFares Walid (@SirBagoza)Broken Access Control23-02-202302-03-2023
How I found DOM-Based XSS on Microsoft MSRC and How they fixed itSupakiad S. (@Supakiad_Mee)MicrosoftDOM XSS23-02-202328-02-2023
How do I take over another user subdomain name worth $$$$Parkerzanta (@parkerzanta)Subdomain takeover125023-02-202328-02-2023
LogicalDOC Vulnerability DisclosureBrett DeWall (@xbadbiddyx)LogicalDOCXXE23-02-202326-02-2023
Exploit Airlines that use T-Mobile for Free WiFicylect.io (@cylect_io)T-MobileWifi23-02-202326-02-2023
The code that wasn’t there: Reading memory on an Android device by accidentMan Yue Mo (@mmolgtm)QualcommKernel hacking23-02-202326-02-2023
Decoding BlazorPackRogan Dawes (@RoganDawes)Websockets22-02-202302-03-2023
How I got into Nokia HOF in 5 MinsAbdelrhman Allam (@sl4x0)NokiaInformation disclosure22-02-202302-03-2023
Insufficient GraphQL API vulnerability due to lack of validation of Authorization Bearer tokenInt (@intlulz)GraphQL70022-02-202328-02-2023
Unauthenticated RCE in GoanywhereYoussef Muhammad (@yosef0x1)Fortra (GoAnywhere)Insecure deserialization22-02-202328-02-2023
Vulnerability write-up – “Dangerous assumptions”Thomas Rinsma (@thomasrinsma)DIVDPrototype pollution22-02-202326-02-2023
Exploiting Parameter Pollution in Golang Web AppsRick Ramgattie (@RRamgattie)ConcourseAuthorization flaw22-02-202326-02-2023
With a single request, you can kill any Gitea serverKhaled Nassar (@knassar702)GiteaApplication-level DoS22-02-202326-02-2023
Access Twitter blue features using deeplink without a subscription.Rahul Kankrale (@RahulKankrale)TwitterInsecure deeplink22-02-202322-02-2023
Information Disclosure Vulnerability in Adobe Experience Manager affecting multiple companies including Microsoft, Apple, Amazon, McDonald’s and many more.Fat Selimi (@fattselimi)AppleInformation disclosure22-02-202322-02-2023
Taking over “Google Cloud Shell” by utilizing capabilities and KubeletChen Shiri (@ChenShiri73)Container escape21-02-202315-05-2023
Exploiting an HTML injection with dangling markupYoan MontoyaHTML injection21-02-202306-03-2023
Multiple vulnerabilities in Dell Unisphere for PowerMax vApp, VASA Provider vApp and Solutions Enabler vApp CVE-2022-45103 / CVE-2022-45104Antoine CarrincazeauxDellParameter injection21-02-202308-03-2023
Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOSAustin Emmitt (@alkalinesec)Apple (macOS)Local Privilege Escalation21-02-202328-02-2023
What the Vuln: ZimbraCarlos YanezZip Slip attack21-02-202326-02-2023
ClamAV Critical Patch ReviewONEKEY (@onekey_sec)ClamAVRCE21-02-202326-02-2023
Multiple vulnerabilities in Nokia BTS Airscale ASIKAGeoffrey Bertoli (@YofBalibump)NokiaBase transceiver station21-02-202326-02-2023
Reflected Cross site scripting on reddit website (bounty awards $5000)ShuttlerTechRedditReflected XSS5,00021-02-202326-02-2023
Escaping misconfigured VSCode extensionsVasco FrancoMicrosoft (SARIF viewer & Live Preview)Path traversal7,50021-02-202322-02-2023
Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding HeaderAdam CrosserAkamaiWAF bypass21-02-202322-02-2023
Bypassing SSO Authentication from the Login Without Password Feature Lead to Account TakeoverAidil AriefAccount takeover20-02-202306-03-2023
Exposing 185M+ Indians’ Personal Information and much moreRobin Justin (@_robinjustin_)AadhaarBroken Access Control20-02-202302-03-2023
Reflected Cross Site Scripting (Awards 3500$ bounty)ShuttlerTechShopifyReflected XSS3,50020-02-202326-02-2023
[1500$ Worth — Slack] vulnerability, bypass invite accept processSirat Sami (@siratsami71)SlackBroken Access Control1,50020-02-202322-02-2023
Disabling ClamAV as an Unprivileged UserArch Cloud Labs (@DLL_Cool_J)ClamAVLocal Privilege Escalation19-02-202326-02-2023
Found an URL in the android application source code which lead to an IDORVengeanceAndroid18-02-202322-02-2023
Hacking the Search Bar: The Story of Discovering and Reporting an XSS Vulnerability on Bing.comNiraj MahajanMicrosoft (Bing)XSS18-02-202322-02-2023
Readline crime: exploiting a SUID logic bugrodduxArch LinuxLocal Privilege Escalation16-02-202306-03-2023
Facebook bug: A Journey from Code Execution to S3 Data LeakBipin Jitiya (@win3zz)Meta / FacebookRCE16-02-202326-02-2023
The Inside Story of Finding a Reverse Transaction Vulnerability in a Financial ApplicationRaja Uzair Abdullah (@UzaiRaja)Logic flaw16-02-202326-02-2023
Hacking Apple: Two Successful Exploits and Positive Thoughts on their Bug Bounty ProgramJoe Gregg (@infiltrateops)AppleRCE16-02-202322-02-2023
EoP via Arbitrary File Write/Overwite in Group Policy Client “gpsvc” – CVE-2022-37955ap (@decoder_it)Microsoft (Windows)Local Privilege Escalation16-02-202322-02-2023
Server-side prototype pollution: Black-box detection without the DoSGareth Heyes (@garethheyes)Server-side prototype pollution15-02-202326-02-2023
Server side prototype pollution, how to detect and exploitBitK (@BitK_)Server-side prototype pollution15-02-202326-02-2023
Detecting Server-Side Prototype PollutionDaniel Thatcher (@_danielthatcher)Server-side prototype pollution15-02-202326-02-2023
Technical Advisory – Azure B2C – Crypto Misuse and Account CompromiseJohn NovakMicrosoft (Azure)Cryptographic issues15-02-202322-02-2023
Abusing Azure App Service Managed Identity AssignmentsAndy Robbins (@_wald0)Microsoft (Azure)Cloud15-02-202322-02-2023
Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day).j00sean (@j00sean)Microsoft (Windows)RCE15-02-202322-02-2023
XSS on The MOST Popular Movie Ticket website.Tarang ParmarXSS15-02-202316-02-2023
I Got United Nation’s Hall Of Fame With This Simple Technique!Faiyaz AhmadUnited NationsHTML injection15-02-202316-02-2023
Assumed Breach Assessment Case Study: Uncovering WeSecureApp’s ApproachWeSecureApp (@wesecureapp)Internal pentest14-02-202308-03-2023
http: properly reject empty http header field namesBahruz Jabiyev (@BahruzJabiyev)HAProxyHTTP header attack14-02-202326-02-2023
Securing Open-Source Solutions: A Study of osTicket VulnerabilitiesMiguel CorreiaosTicketStored XSS14-02-202316-02-2023
cURL audit: How a joke led to significant findingsMaciej DomanskiInternet Bug Bounty (curl)Memory corruption14-02-202316-02-2023
LPE via StorSvcAntón Ortigueira (@antuache)Microsoft (Windows)Local Privilege Escalation13-02-202302-03-2023
SQL Injection: Utilizing XML Functions in Oracle and PostgreSQL to bypass WAFsMahmoud Gamal (@Zombiehelp54)SQL injection13-02-202328-02-2023
Bypassing CORS configurations to produce an Account Takeover for Fun and ProfitJosh Fam (@Pullerze)CORS misconfiguration13-02-202326-02-2023
Blind Time-based SQL injection vulnerability in an Indian government websiteKartikhunt3rNCIIPCSQL injection13-02-202326-02-2023
Bypassing SameSite=lax cookie restrictions to preform CSRF resulting to a horizontal privilege escalation via poor email verification mechanismImad Husanovic (@deadoverflow_)CSRF13-02-202322-02-2023
Hacking our way into internal DBs with hardcoded authentication keysOphion Security (@OphionSecurity)JWT13-02-202316-02-2023
Exploiting A Remote Heap Overflow With A Custom TCP StackEtienne Helluy-LafontWestern DigitalMemory corruption13-02-202316-02-2023
CVE-2022-22655 – TCC – Location Services BypassCsaba Fitzl (@theevilbit)Apple (macOS)MacoS13-02-202316-02-2023
Zip bomb attackRamkumar NadarZip bomb12-02-202302-03-2023
SSRF That Allowed Us to Access Whole Infra Web Services and Many MoreBasavaraj Banakar (@basu_banakar)SSRF12-02-202316-02-2023
XXE with Auto-Update in install4jFlorian Hauser (@frycos)Prosys OPCXXE12-02-202316-02-2023
IDOR Leads to MASS Account TakeoverYaseen ZubairIDOR12-02-202313-02-2023
Vulnerabilities due to XML files processing: XXE in C# applications in theory and in practiceSergey Vasiliev (@_SergVasiliev_)BlogEngine.NETXXE11-02-202326-02-2023
A tale of a full Business Takeover — Red Team DiariesDhanesh Dodia – HeyDanny (@Dhanesh_Dodia)MITM11-02-202311-02-2023
We Hacked GitHub for a Month: Here’s What We FoundShivam Kumar Singh (@MrRajputHacker)GitHubPre-account takeover10,00011-02-202313-02-2023
HubSpot Full Account Takeover in Bug BountyOmar Hashem (@OmarHashem666)HubSpotAccount takeover11-02-202313-02-2023
Disabling js for the winVuk IvanovicUnrestricted file upload10-02-202302-03-2023
LocalPotato – When Swapping The Context Leads You To SYSTEMAndrea Pierini (@decoder_it)MicrosoftWindows10-02-202316-02-2023
Information disclosure or GDPR breach? A Google tale…Luke BernerGooglePrivacy issue50010-02-202313-02-2023
Elevation of privileges from Everyone through Avast Sandbox to System AmPPL (CVE-2021-45335, CVE-2021-45336 and CVE-2021-45337)Denis Skvortcov (@Denis_Skvortcov)AvastLocal Privilege Escalation09-02-202302-03-2023
A-Salt: attacking SaltStackAlex HillSSTI09-02-202316-02-2023
Cracking The Odd Case Of Randomness In JavaJoseph (@josep68_)Cryptographic issues09-02-202313-02-2023
How I got $$$$ Bounty within 5 minsHashir Khan (@P4n7h3Rx)RCE09-02-202313-02-2023
Azure Ad Kerberos Tickets: Pivoting To The CloudEdwin DavidActive Directory09-02-202313-02-2023
Exploits Explained: Default Credentials Still a Problem TodayPopeaxDefault credentials09-02-202313-02-2023
Exploit Development – A Sincere Form of FlatterymothMS-RPC09-02-202313-02-2023
Pwn2Owning Two Hosts At The Same Time: Abusing Inductive Automation Ignition’s Custom DeserializationPiotr Bazydło (@chudyPB)Inductive Automation IgnitionInsecure deserialization08-02-202306-03-2023
Chaining Bugs to get my First Bug Bountyag3n7 (@ag3n7apk)CSRF08-02-202302-03-2023
Reflected XSS on Target with tough WAF ( WAF Bypass )Eagle_92Reflected XSS08-02-202316-02-2023
Dota 2 Under Attack: How a V8 Bug Was Exploited in the GameJan VojtěšekValveV8 JavaScript engine08-02-202313-02-2023
Bypassing API Restrictions for Fun and ProfitArnav TripathyPayment bypass07-02-202308-03-2023
How I Got +1000$ by ClickjackingAryan W13DOM (@NeuRosis23)Clickjacking1,00007-02-202302-03-2023
[CVE-2023-22855] Kardex MLOG – Insecure path join to RCE via SSTIPatrick Hener (@C1sc01)RCE07-02-202326-02-2023
Code Injection via Python Sandbox Escape — how I got a shell inside a network.Viktor MaresCode injection07-02-202316-02-2023
Post-Exploitation: Abusing the KeePass Plugin CacheKevin MinacoriKeePassLocal Privilege escalation07-02-202313-02-2023
The Linux Kernel and the Cursed DriverAlon Zahavi (@Alon_Z4)Linux Kernel OrganizationKernel hacking07-02-202313-02-2023
A zero day for the government’s “demo servers” and internal networksfopwnXSS06-02-202326-02-2023
Hacking into Toyota’s global supplier management networkEaton Z. (@XeEaton)ToyotaAuthentication bypass06-02-202316-02-2023
Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS ConsoleChristophe Tafani-Dereeper (@christophetd)AWSRate limiting bypass06-02-202313-02-2023
Apache SCXML Remote Code Executionpyn3rd (@pyn3rd)Apache SCXMLRCE06-02-202313-02-2023
GoAnywhere MFT – A Forgotten BugFlorian Hauser (@frycos)Fortra (GoAnywhere)Insecure deserialization06-02-202309-02-2023
How we made $120k bug bounty in a year with good automationDawid Moczadło (@kannthu1)XSS1,20,00006-02-202307-02-2023
Easy Account Takeover on dell subdomainMohamed Fares (@_2os5)DellPassword reset05-02-202308-03-2023
I was able to see likes count even though it was hidden by the victim | YouTube App 16.15.35R ando (@Rando02355205)Google (Youtube)Logic flaw05-02-202316-02-2023
SSO Gadgets: Escalate (Self-)XSS to ATOLauritz Holtmann (@_lauritz_)SSO04-02-202307-02-2023
postMessage DOM XSS vulnerability in Gartner Peer Insights widgetJustin Steven (@justinsteven)GartnerpostMessage04-02-202307-02-2023
A weird bug that leaked PIIJawad Mahdi (@hunter0x1)Information disclosure03-02-202325-06-2023
Authentication Bypass in Izanami Docker image 1.10.22 CVE-2023-22495Raphaël LobIzanamiAuthentication bypass03-02-202306-03-2023
Play with Google, Twitter, Apple, Dellrezaduty (@rezaduty)GoogleXSS03-02-202313-02-2023
Azure security — Internal recon leveraging lack of access controlMolx32Microsoft (Azure)Azure AD02-02-202327-04-2023
WEEKEND DESTROYER – RCE in Western Digital PR4100 NASPedro Ribeiro (@pedrib1337)Western DigitalRCE02-02-202302-03-2023
Discovering 5 XSS Vulnerabilities In a Simple Way With Xssor.goFares Walid (@SirBagoza)Reflected XSS02-02-202302-03-2023
Host Header Injection to Complete Organization takeoverMuhammad Umer AdeemSSRF02-02-202302-03-2023
IDOR – Inside the Session StorageJerry Shah (@Jerry)IDOR02-02-202316-02-2023
Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1Eviatar GerziDockerLocal Privilege Escalation02-02-202316-02-2023
WEEKEND DESTROYER – RCE in Western Digital PR4100 NASPedro Ribeiro (@pedrib1337)Western DigitalRCE02-02-202313-02-2023
Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on RailsMaxwell Garrett (@TheGrandPew)IBMRCE02-02-202303-02-2023
Exploits Explained: Java JMX’s Exploitation Problems and ResolutionsNicolas Krassas (@Dinosn)RCE02-02-202303-02-2023
Vulnerability Causing Deletion of All Users in CrushFTP Admin AreaJean Calvin MugaboCrushFTPApplication-level DoS02-02-202303-02-2023
CentreStack DisclosureMichael RandGladinet (CentreStack)Authentication bypass02-02-202303-02-2023
ImageMagick: The hidden vulnerability behind your online imagesBryan GonzalezImageMagickApplication-level DoS01-02-202307-02-2023
An IDOR vulnerability often hides many othersAllam Rachid (@blank_cold)IDOR50001-02-202307-02-2023
RCE in Avaya Aura Device ServicesDylan PindurAvayaRCE01-02-202303-02-2023
CVE-2023-22374: F5 BIG-IP Format String VulnerabilityRon Bowes (@iagox86)F5Format string vulnerability01-02-202303-02-2023
Broken Function Level Authorization leads to disclosing PII Information of all company usersMirza Muhammad FauzanBroken Function Level Authorization31-01-202308-03-2023
Mass Account takeover by bypassing 2 FAZeeshan Mustafa (@by6153)MFA bypass31-01-202316-02-2023
Reversing UK mobile rail ticketsZeeshan Mustafa (@by6153)Reverse engineering31-01-202316-02-2023
Remote Command Execution in binwalkQuentin Kaiser (@QKaiser)ReFirm Labs (binwalk)RCE31-01-202307-02-2023
Can’t Wait to Shut You Down — Remote DoS Using Wininit.exeStiv Kupchik (@kupsul)MicrosoftDoS31-01-202307-02-2023
Unserializable, But Unreachable: Remote Code Execution On vBulletinCharles Fol (@cfreal_)vBulletinRCE31-01-202303-02-2023
How I bypassed the registration validation and logged-in with the company emailKhaledyassenEmail verification bypass30-01-202308-03-2023
How i hacked all Zendesk sites 265,000 site by one lineAhmed Salah Abdalhfaz (@Elsfa7-110)ZendeskWeb cache poisoning30-01-202331-01-2023
How I Found an Insecure Direct Object Reference in TikTokmrhavitTikTokIDOR5,50029-01-202313-02-2023
Discovered a Critical IDOR and Earned $900 for My First P1 Vulnerability!Abhisek R (@abh1sek_r)IDOR90029-01-202307-02-2023
The 100+ Million Person Data DisclosureJason Haddix (@Jhaddix)IDOR29-01-202307-02-2023
How I was able to find 4 Cross-site scripting (XSS) on vulnerability disclosure program ?DrakenKunXSS29-01-202307-02-2023
Blind XSS To SSRFAkash cBlind XSS50029-01-202303-02-2023
DOM-XSS in Instant Games due to improper verification of supplied URLsYoussef Sammouda (@samm0uda)Meta / FacebookDOM XSS62,50029-01-202331-01-2023
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validationYoussef Sammouda (@samm0uda)Meta / FacebookAccount takeover62,50029-01-202331-01-2023
Account takeover of Facebook/Oculus accounts due to First-Party access_token stealingYoussef Sammouda (@samm0uda)Meta / FacebookAccount takeover44,25029-01-202331-01-2023
Froxlor v2.0.6 Remote Command Execution (CVE-2023-0315)Askar (@mohammadaskar2)FroxlorRCE29-01-202331-01-2023
Bypassing account lockout through password reset functionalityAkash cRate limiting bypass28-01-202302-03-2023
Adobe Acrobat Reader – resetForm – CAgg UaF – RCE Exploit – CVE-2023-21608Ashfaq Ansari (@HackSysTeam)AdobeMemory corruption28-01-202328-02-2023
CVE-2022-44789Alvin Ng (@alngpwn)Artifex MuJSMemory corruption28-01-202322-02-2023
PHP Development Server <= 7.4.21 - Remote Source DisclosureRahul Maini (@iamnoooob)PHPSource code disclosure28-01-202331-01-2023
Disclosing Facebook page admins by playing a gameSudip ShahMeta / FacebookLogic flaw2,07528-01-202331-01-2023
Bypassing OGNL sandboxes for fun and charitiesAlvaro Muñoz (@pwntester)AtlassianOGNL injection27-01-202308-05-2023
How I Found My First Bug in Android AppBarath StalinAndroid26-01-202302-03-2023
Ransacking your password reset tokensLukas EulerRansack libraryAccount takeover26-01-202331-01-2023
OpenEMR – Remote Code Execution in your Healthcare SystemDennis Brinkrolf (@DBrinkrolf)OpenEMRRCE26-01-202331-01-2023
Kamailio’s exec module considered harmfulAli NorouziKamailioOS command injection26-01-202331-01-2023
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPITomer Peled (@tomerpeled92)MicrosoftWindows25-01-202316-02-2023
MyBB <= 1.8.31: Remote Code Execution ChainAleksey SolovevMyBBRCE25-01-202326-01-2023
Easy 2000$ Race ConditionDeshineRace condition2,00025-01-202326-01-2023
Unleashing the power of CSS injection: The access key to an internal APISander Wind (@SanderWind)CSS injection24-01-202326-02-2023
Jumping into SOCKSJacques Coertze (@JCoertze)Lateral movement24-01-202313-02-2023
Exploiting Hardcoded Keys to achieve RCE in Yellowfin BIMaxwell Garrett (@TheGrandPew)Yellowfin BIRCE24-01-202326-01-2023
Using 0days to Protect the United NationsFlorian Hauser (@frycos)United NationsRCE24-01-202326-01-2023
CrossTalk and Secret Agent: Two Attack Vectors on Okta’s Identity SuiteTal PelegOktaInsecure storage of sensitive information23-01-202326-01-2023
CVE from 2018 Strikes AgainColin McQueenRCE23-01-202326-01-2023
Activation Context Cache Poisoning: Exploiting CSRSS For Privilege EscalationSimon ZuckerbraunMicrosoftLocal Privilege Escalation23-01-202326-01-2023
How i Hacked Scopely with “Sign in with Google”Ph.HitachiScopelyAccount takeover23-01-202323-01-2023
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for EspionageJohn Jackson (@johnjhacking)SignalThick client22-01-202316-02-2023
How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon]Orwa Atyat (@GodfatherOrwa)GoogleInformation disclosure22-01-202323-01-2023
Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft FormsSupakiad S. (@Supakiad_Mee)MicrosoftReflected XSS3,00022-01-202323-01-2023
How I found XSS on Admin Page without login!Abdelrhman Allam (@sl4x0)Reflected XSS22-01-202323-01-2023
Bypassing Cloudflare WAF: XSS via SQL InjectionUku SõrmusReflected XSS21-01-202331-01-2023
Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”Valentina Palmiotti (@chompie1337)Microsoft (Windows)Kernel hacking20-01-202310-03-2023
Vulnerabilities in ManageEngine ADSelfService Plus 6.1 build 6117Antoine Cervoise (@acervoise)Zoho (ManageEngine)RCE20-01-202302-03-2023
CSRF + Stored XSS Leading to Full Account TakeoverFares Walid (@SirBagoza)Stored XSS20-01-202323-01-2023
Bypassing E2E encryption leads to multiple high vulnerabilities.Asem Eleraky (@melotover)IDOR20-01-202323-01-2023
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)Ken Gannon (@Yogehi)SamsungAndroid20-01-202323-01-2023
Two Factor Authentication Bypass On FacebookGtm Mänôz (@Gtm0x01)Meta / FacebookMFA bypass20-01-202323-01-2023
AWS Cognito pitfalls: Default settings attackers love (and you should know about)Lorenzo Vogelsang (@ptrac3)Amazon cognito misconfiguration19-01-202310-03-2023
CVE-2022-35690: Unauthenticated RCE In Adobe ColdFusionrgodAdobeRCE19-01-202326-01-2023
CVE-2022-47966 SAML ShowStopperKhoa Dinh (@_l0gg)Zoho (ManageEngine)SAML19-01-202326-01-2023
The easiest way I used to bypass an admin panelSirat Sami (@siratsami71)HTTP request smuggling19-01-202323-01-2023
EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.Liv Matan (@terminatorLM)Microsoft (Azure)RCE30,00019-01-202323-01-2023
API Misconfiguration – No Swag of SwaggerUIJerry Shah (@Jerry)Security misconfiguration19-01-202323-01-2023
Azure Active Directory Flaw Allowed SAML PersistenceSecureworks Counter Threat Unit (@Secureworks)Microsoft (Azure)Azure AD18-01-202308-05-2023
Nothing new under the Sun – Discovering and exploiting a CDE bug chainMarco Ivaldi / Raptor (@0xdea)OraclePrinter hacking18-01-202302-03-2023
The MarkdownTime Vulnerability: How to Avoid This DoS Attack on Business Critical ServicesTor Beer (@tor19951)GitLabDoS18-01-202316-02-2023
How I identified and reported vulnerabilities in Oracle and the rewards of responsible disclosure:From Backup Leak to Hall of FameParagBagulOracleInformation disclosure18-01-202326-01-2023
Sudoedit bypass in Sudo <= 1.9.12p1 (CVE-2023-22809)Matthieu Barjole (@aevy__)SudoLocal Privilege Escalation18-01-202323-01-2023
From Error_Log File(P4) To Company Account Takeover(P1) and Unauthorized Actions On APIMuhanad Israiwi (@IsrewyMohand)Information disclosure17-01-202308-03-2023
Security Audit of GitMarkus Vervier (@marver)GitMemory corruption17-01-202328-01-2023
XML Security in JavaPieter De Cremer (@0xDC0DE)XXE17-01-202323-01-2023
Centreon map vulnerabilityVladimirCentreonAuthentication bypass17-01-202323-01-2023
How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure ServicesLidor Ben ShitritMicrosoft (Azure)SSRF17-01-202318-01-2023
DOM-Based XSS for fun and profit $$$! | Bug Bounty POCHaroon Hameed (@HaroonHameed40)DOM XSS17-01-202318-01-2023
AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypassNick Frichette (@frichette_n)AWSCloud17-01-202318-01-2023
Unauthenticated Configuration Export in Multiple WAGO ProductsONEKEY (@onekey_sec)WAGOPath traversal16-02-202326-02-2023
2022 Microsoft Teams RCE@adm1nkyj1MicrosoftRCE16-01-202328-02-2023
CVE-2022-21587 (Oracle E-Business Suite Unauthenticated RCE)@vudq16OracleRCE16-01-202326-01-2023
Full Account Take Over by very simple trick.XeRox01 (@xerox0x1)Account takeover16-01-202318-01-2023
Account Take Over Due To AWS Cognito MisconfigurationDeshineAmazon cognito misconfiguration16-01-202318-01-2023
thisclosed_#2 – PostgreSQL Database Exfiltration through the abuse of PostgREST requestsSamuele Gugliotta (@indevi0us)SQL injection16-01-202318-01-2023
Critical Vulnerability through OSINT onlyViktor MaresInformation disclosure15-01-202326-01-2023
XSS using postMessage in Google Cloud Theia notebooks [Google VRP]Sreeram KL (@kl_sree)GoogleXSS3,133.7015-01-202318-01-2023
YAFPC — Unauthenticated Remote Code ExecutionLuke ParisAuthentication bypass14-01-202316-02-2023
How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415)Jayateertha Guruprasad (@JayateerthaG)Mozilla (Firefox)RCE14-01-202318-01-2023
Exploiting Application Logic to Phish Internal Mailing ListsTanner Emek (@itscachemoney)Phishing13-01-202310-03-2023
Bypassing authorization in Google Cloud Workstations [Google VRP]Sivanesh Ashok (@sivaneshashok)GoogleAccount takeover3,133.7013-01-202323-01-2023
Bad things come in large packages: .pkg signature verification bypass on macOSSector 7 (@sector7_nl)AppleLocal Privilege Escalation13-01-202318-01-2023
SSH key injection in Google Cloud Compute Engine [Google VRP]Sivanesh Ashok (@sivaneshashok)GoogleOS command injection6,00012-01-202323-01-2023
DER Entitlements: The (Brief) Return of the Psychic PaperIvan Fratric (@ifsecure)AppleiOS12-01-202318-01-2023
Client-Side SSRF to Google Cloud Project Takeover [Google VRP]Dohyun LeeGoogleSSRF5,00012-01-202318-01-2023
Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being StolenRon Masas (@RonMasas)Google (Chrome & Chromium)Local Privilege Escalation11-01-202316-02-2023
SSD Advisory – MacOS Mozilla Firefox Download Protections Were Bypassed By .atloc / .ftploc FilesDohyun LeeMozilla (Firefox)Local Privilege Escalation11-01-202311-01-2023
How I Earned $1000 From Business Logic Vulnerability (account takeover)andikaLogic flaw1,00010-01-202311-01-2023
Full Team TakeoverTuhin Bose (@tuhin1729_)Account takeover09-01-202328-02-2023
Practical Example Of Client Side Path ManipulationAntoine Roly (@aroly)Client-side Path Traversal09-01-202311-01-2023
“2022: A Year of Fascinating Discoveries”dhakal_bibek (@dhakal__bibek)CSRF09-01-202311-01-2023
Full Team TakeoverTuhin Bose (@tuhin1729_)Broken Access Control09-01-202311-01-2023
Hacking Hackers for fun and profitValeriy Shevchenko (@Krevetk0Valeriy)Self-XSS5,00009-01-202311-01-2023
Lexmark MC3224adwe RCE exploitblasty (@bl4sty)LexmarkRCE09-01-202311-01-2023
Meta Quest: Attacker could make any Oculus user to follow (subscribe) him without any approvalDzmitry Lukyanenka (@vulnano)Meta / FacebookIDOR1,72609-01-202311-01-2023
Uploading the Webshell using filename of Content-Disposition Header Story!Yashar MohagheghiUnrestricted file upload09-01-202311-01-2023
Bug hunting: Open access to S3 bucketRaghul RajAWS misconfiguration09-01-202311-01-2023
The SSRF that Brought down a Serverg30rgy th3 d4rk (@Crypt0g30rgy)SSRF07-01-202309-03-2023
The Bug That Kept On Giving :: PaymentBypass :: QR CODEg30rgy th3 d4rk (@Crypt0g30rgy)Payment bypass07-01-202318-01-2023
Advanced CSRF ExploitationSandro EinfeldtCSRF07-01-202311-01-2023
Identity-Aware Proxy Misconfiguration- Google Cloud VulnerabilityBorna Nematzadeh (@LogicalHunter)GoogleCORS misconfiguration2,33706-01-202311-01-2023
I scanned every package on PyPi and found 57 live AWS keysTom ForbesAmazonInformation disclosure06-01-202311-01-2023
PandoraFMS – Pre-Auth Remote Code Executionesj4y (@esj4y)PandoraFMSRCE06-01-202311-01-2023
Blind XSS in Email Field; 1000$ bountyYaseen ZubairBlind XSS1,00005-01-202306-01-2023
Prototype Pollution in PythonAbdulraheem Khaled (@Abdulrah33mK)Prototype pollution04-01-202308-03-2023
CVE-2022-25026 & CVE-2022-25027: Vulnerabilities in Rocket TRUfusion EnterpriseTom WedgburyRocket SoftwareAuthentication bypass04-01-202306-01-2023
Cacti: Unauthenticated Remote Code ExecutionStefan Schiller (@scryh_)CactiRCE03-01-202311-01-2023
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and MoreSam Curry (@samwcyo)KiaAccount takeover03-01-202306-01-2023
Fetch DiversionNicolas Christin (@acut3hack)DOM XSS03-01-202306-01-2023
Vue JS Reflected XSSsid0krypt (@Siddhar07949650)Reflected XSS03-01-202306-01-2023
Access to page with default credentials that require authenticate $$$.Adham sayed (doosec101)Default credentials03-01-202306-01-2023
Bypass firewalls with of-CORs and typo-squattingChris GraysonTeslaCORS misconfiguration02-01-202306-01-2023
Instagram vulnerability : Turn off all type of message requests using deeplink (Android)Rahul Kankrale (@RahulKankrale)Meta / FacebookInsecure deeplink02-01-202306-01-2023
Exploiting thousands of Domains for XSSKailash (@Corrupted_brain)GoDaddyXSS02-01-202306-01-2023
Web-Cache Poisoning $$$? Worth it?Yaseen ZubairWeb cache poisoning20002-01-202306-01-2023
An amazing way to turn a xss into an ATONakaXSS02-01-202306-01-2023
India’s Aadhar card source code disclosure via exposed .svn/wc.db0xLittleSpidy (@0xLittleSpidy)AadhaarSource code disclosure02-01-202306-01-2023
Bypass Premium Account Payment (GetPocket)querylabMozilla (GetPocket)Payment bypass01-01-202306-01-2023
$500 in 5 minutesCoffeeAddictDropboxBroken link hijacking50001-01-202302-01-2023
How I took over an admin panel and got $500Muhammed MubarakBlind XSS01-01-202302-01-2023
Subdomain Hijacking Of Any Qwilr’s CustomerPrial Islam Khan (@prial261)Subdomain takeover01-01-202302-01-2023
CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise buildingOmar Hashem (@OmarHashem666)SQL injection30-12-202202-01-2023
Exploring the World of ESI InjectionSudhanshu Rajbhar (@sudhanshur705)ESI injection29-12-202202-01-2023
How I got a Bug At Apple that lead’s to takeover accounts of any user who view my profileAbdelkader Mouaz (@hamzadzworm)AppleXSS29-12-202230-12-2022
Account Takeover Due to Cognito Misconfiguration Earns Me €xxxxMukund Bhuva (@MukundBhuva)Amazon cognito misconfiguration29-12-202230-12-2022
Getting Secret Key to Building Custom Burp ExtensionAshlyn Lau (@ashlyn_lau)SQL injection29-12-202230-12-2022
Feedback Analyzer Exploitationhacker_mightInformation disclosure28-12-202202-01-2023
Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000Manav Bankatwala (@ManavBankatwala)Exposed registration page2,00028-12-202230-12-2022
LDAP anonymous login story of my 3 simple P3 findingsTamim Hasan (@tamimhasan404)Department of Homeland SecurityLDAP anonymous login28-12-202230-12-2022
Hunting for Amazon Cognito Security misconfigurationsYassine Aboukir (@Yassineaboukir)Amazon cognito misconfiguration27-12-202230-12-2022
Hacking a .NET API in the real worldDana Epp (@DanaEpp)LFI27-12-202230-12-2022
Stored XSS vulnerability in Microsoft bookingMrtechghostMicrosoftStored XSS27-12-202227-12-2022
[ GCP 2022 ] Few bugs in the google cloud shellObmiGoogleCSRF20,00026-12-202212-07-2023
The OWASSRF + TabShell exploit chainRskvp93 (@rskvp93)MicrosoftSSRF26-12-202226-01-2023
Turning Google smart speakers into wiretaps for $100kMattGoogleIoT1,07,50026-12-202230-12-2022
How I found multiple critical bugs in Red BullBartłomiej Bergier (@_bergee_)Red BullAuthentication bypass26-12-202230-12-2022
Uncovering a Bug I Found in Outlook: How Could an Account Has Been Compromised?Cem Onat KaragunMicrosoftXSS5,00026-12-202227-12-2022
Authentication Bypass in Nexus manager (version 3.37.3–02)SHARAN.KComponents with known vulnerabilities26-12-202227-12-2022
How I Pwned 10 Admin Panels and got rewarded 8000$+?Inderjeet Singh (@3nc0d3dGuY)Information disclosure8,00025-12-202211-01-2023
Unusual 403 Bypass to a full website takeover [External Pentest]Viktor Mares403 bypass25-12-202227-12-2022
Bypassing SSRF ProtectionsTobydavennSSRF24-12-202227-12-2022
Bypass Apple’s redirection process with the dot (“.”) charactercan1337 (@canmustdie)AppleOpen redirect24-12-202227-12-2022
CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?Proviesec (@proviesec)CRLF injection50024-12-202227-12-2022
Microsoft bug reports lead to ranking on Microsoft MSRC Quarterly Leaderboard (Q3 2022)Supakiad S. (@Supakiad_Mee)MicrosoftXSS23-12-202202-01-2023
$350 XSS in 15 minutesAnton (@therceman)DOM XSS35023-12-202226-12-2022
Flickr Stored XSSGuilherme Keerok (@k33r0k)FlickrStored XSS3,26322-12-202225-06-2023
ENLBufferPwn (CVE-2022-47949)PabloMK7 (@Pablomf6)NintendoBuffer Overflow22-12-202202-01-2023
ACSESSED: Cross-tenant network bypass in Azure Cognitive SearchEmilien Socchi (@emiliensocchi)Microsoft (Azure)Cloud22-12-202223-12-2022
Puckungfu: A NETGEAR WAN Command InjectionMcCaulay Hudson (@_mccaulay)NetgearOS command injection22-12-202223-12-2022
Multiple authenticated blind SQL Injections in Sage XRT Business Exchange applicationMickaël Benassouli (@mickaelweb)SageBlind SQL injection21-12-202202-03-2023
How Race Condition helped me break Business Logic of the applicationInderjeet Singh (@3nc0d3dGuY)Race condition21-12-202211-01-2023
Passwordless Persistence and Privilege Escalation in AzureAndy Robbins (@_wald0)MicrosoftPrivilege escalation21-12-202202-01-2023
0 click Facebook Account Takeover and Two-Factor Authentication Bypassabdellah yaala (@yaalaab)Meta / FacebookAuthentication bypass3,00021-12-202223-12-2022
Delete any Video or Reel on Facebook (11,250$)Bassem M Bazzoun (@bassemmbazzoun)Meta / FacebookIDOR11,25021-12-202223-12-2022
Zero Click To Account Takeover (IDOR + XSS)Arman (@M7arm4n)IDOR21-12-202223-12-2022
RCE on admin panel of web3 websiteT VAMSHIRCE21-12-202223-12-2022
Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951)smaury (@smaury92)CiscoSSRF21-12-202223-12-2022
My First Bug In Bugcrowd PlatformEX_097Race condition21-12-202223-12-2022
A Technical Analysis of CVE-2022-22583 and CVE-2022-32800Mickey Jin (@patch1t)Apple (macOS)MacOS21-12-202206-01-2023
Owning half of a government assets through AWSg30rgy th3 d4rk (@Crypt0g30rgy)Information disclosure20-12-202206-01-2023
Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass VulnerabilitiesMickey Jin (@patch1t)Apple (macOS)MacOS20-12-202206-01-2023
From PostAuth RCE to PreAuth RCE on Liferay PortalRV SharmaRCE20-12-202226-12-2022
How I got a 4 digits(₹) bounty from an Indian companyRV SharmaBroken link hijacking20-12-202223-12-2022
[GraphQL IDOR]Leaking credit card information of 1000s of usersVipul SahuIDOR1,50020-12-202223-12-2022
How I found my first XSS on a Bug Bounty ProgramVikas Anand (@kingcoolvikas)CoinbaseXSS20020-12-202223-12-2022
Cengage LTI Session Management LeakageTony PorterfieldCengageSSO20-12-202223-12-2022
Better Make Sure Your Password Manager Is Securekuekerino (@kuekerino)Click StudiosHardcoded credentials19-12-202220-12-2022
How I was able to steal users credentials via Swagger UI DOM-XSSMohamed Reda (@M0x0101)DOM XSS18-12-202220-12-2022
Directory Traversal Vulnerability in Huawei HG255s ProductsIsmail TasdelenHuaweiPath traversal17-12-202202-01-2023
Gatekeeper’s Achilles heel: Unearthing a macOS vulnerabilityJonathan Bar Or (@yo_yo_yo_jbo)Apple (macOS)Local Privilege Escalation17-12-202220-12-2022
I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSSEugene Lim (@spaceraccoonsec)ZoomStored XSS17-12-202220-12-2022
The Bug That Kept On Giving :: PaymentBypass :: Response Manipulationg30rgy th3 d4rk (@Crypt0g30rgy)Payment bypass50016-12-202226-02-2023
Simple CORS misconfig leads to disclose the sensitive token worth of $$$RamalingasamyLinearCORS misconfiguration16-12-202220-12-2022
CVE-2022-42710: A journey through XXE to Stored-XSSOmar Hashem (@OmarHashem666)LinearStored XSS16-12-202220-12-2022
Param Hunting to Injections302 FoundHTML injection16-12-202220-12-2022
Foxit PDF Reader – Use after Free – Remote Code Execution Exploit – CVE-2022-28672Ashfaq Ansari (@HackSysTeam)FoxitMemory corruption16-12-202220-12-2022
Missing Bricks: Finding Security Holes in LEGO APIsShiran YodevLEGOXSS15-12-202215-12-2022
FlowscreenComponents Basepack, Version 3.0.7 AdvisoryMatthew RutledgeUnofficialSFXSS15-12-202215-12-2022
Unprotected API endpoint at HAwebsso.nl leads to data leak of +15k medical doctor usernames & password hashesJonathan Bouman (@JonathanBouman)HAwebsso.nlSSO14-12-202220-12-2022
CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code ExecutionIain Wallace (@strawp)OnlyOfficeWebsockets14-12-202220-12-2022
Unusual Cache Poisoning between Akamai and S3 bucketsSpyD3r (@TarunkantG)AkamaiWeb cache poisoning14-12-202215-12-2022
CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code ExecutionIain Wallace (@strawp)OnlyOfficeWebsockets14-12-202215-12-2022
You’ve Crossed the Line — Disturbing a Host’s RestBen Barnea (@nachoskrnl)MicrosoftWindows14-12-202215-12-2022
Privilege escalation leads to deleting other user’s account and company Workspace [Access Control]Pratik GaikwadPrivilege escalation40014-12-202215-12-2022
How I Hacked A Company (My First Red Team Engagement 🚩)PermalinkMonish Kumar (@aidenpearce369)SQL injection13-12-202202-01-2023
Doing it the researcher’s way: How I Managed to Get SSTI (Server Side Template Injection) which lead to arbitrary file reading on One of the Leading Payment Systems in AsiaJzeeRxSSTI13-12-202215-12-2022
Exploiting an SQL injection with WAF bypassBenoit PhilippeSQL injection13-12-202215-12-2022
AWS ECR Public VulnerabilityGafnit Amiga (@gafnitav)AWSCloud13-12-202215-12-2022
CVE-2019–6238: Apple XAR directory traversal vulnerabilityYiğit Can YılmazAppleLocal Privilege Escalation13-12-202215-12-2022
CVE-2022-20942: It’s not old functionality, it’s vintageSilver Security (@SugarFiendSec)CiscoInformation disclosure13-12-202202-01-2023
Not usual CSP bypass caseKarol MazurekUnrestricted file upload12-12-202215-12-2022
PII data exfiltration within minutesMayank GargInformation disclosure12-12-202215-12-2022
How I became a millionaire in 3h | Fintech Bug Bounty — Part 10x4KD (@0x4kd)IDOR12-12-202212-12-2022
How “I hacked the Dutch government and got the lousy t-shirt”IamDEADDutch GovernmentXSS11-12-202212-12-2022
IDOR allows to assign deleted tasks to other members in Google Chat SpaceVivek MGoogleIDOR11-12-202212-12-2022
Source code leakage due to exposed sourcemapVivek MGoogleSource code disclosure11-12-202212-12-2022
User names and email addresses are exposed to unprivileged admins in the Google Marketing PlatformVivek MGoogleInformation disclosure11-12-202212-12-2022
Custom role details are exposed in Google groups.Vivek MGoogleInformation disclosure11-12-202212-12-2022
Users of other organizations can be confirmed on the Google Marketing Platform – User enumeration Error basedVivek MGoogleUsername enumeration11-12-202212-12-2022
Scoring $$$ for a very simple bug : You don’t always need proxy toolsMRD7 (@_mrd7_)IDOR10-12-202220-12-2022
Automate Cross-Site Scripting (XSS) exploitation with unusal events and Burp IntruderRiccardo Malatesta (@seeu_inspace)XSS10-12-202212-12-2022
Public Report – VPN by Google One Security AssessmentDaniel Romero (@daniel_rome)GoogleAndroid09-12-202209-03-2022
The first step to PWN2OWN – A sad oneVương Quốc HuyNetgearCommand injection09-12-202212-12-2022
Privilege Escalation to remove the owner from the organizationHemant KumarPrivilege escalation09-12-202209-12-2022
STRIPE Live Key Exposed:: Bounty: $1000Vipul SahuInformation disclosure1,00009-12-202209-12-2022
{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAFNoam MoshePalo Alto NetworksWAF bypass08-12-202209-12-2022
CORS Misconfig on Out of scope domain Bug Bounty Writeup (300 USD Reward )Eagle_92CORS misconfiguration30008-12-202209-12-2022
Race Condition vulnerability in Azure Video Indexer allowed trial account users use Advance / Premium featureVikas Anil Sharma (@vikzsharma)Microsoft (Azure)Race condition07-12-202215-03-2023
DataBinding2Shell: Novel Pathways to RCE Web FrameworksHaowen Mu (@meizjm3i)SpringRCE07-12-202220-12-2022
A03:2021 — [Injection] SQL Injection through internal directory discloseTusharSQL injection07-12-202209-12-2022
How you can find your first bug using googleshbugger1Information disclosure07-12-202209-12-2022
Cool Vulns Don’t Live Long – Netgear And Pwn2OwnKevin DenisNetgearCode injection06-12-202209-12-2022
The Last Breath of Our Netgear RAX30 Bugs – A Tragic Tale before Pwn2Own Toronto 2022Vu Thi Lan (@lanleft_)NetgearCommand injection06-12-202209-12-2022
How we breached ZDFheute live on televisionCyberCitizenZweites Deutsches FernsehenInformation disclosure06-12-202209-12-2022
TheHole New World – how a small leak will sink a great browser (CVE-2021-38003)Bruce Chen (@bruce30262)Google (Chrome)Memory corruption06-12-202212-12-2022
[BAC/IDOR] How my father credit card help me to find this access control issueXcoder(Joy ahmed) (@xcoder074)IDOR35005-12-202205-12-2022
OTP Leaking Through Cookie Leads to Account Takeoverag3n7Information disclosure05-12-202205-12-2022
Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF BypassPeter M (@pmnh_)GitHubSSTI04-12-202209-12-2022
Hijacking GitHub Repositories by Deleting and Restoring ThemJoren VranckenGitHubRepojacking4,00004-12-202205-12-2022
The most underrated injection of all time — CYPHER INJECTION. How I found and exploited it ?Ashutosh Dutta (@maniacmarvel_)Cypher injection2,00004-12-202205-12-2022
URL Validation Bypass Using Browser URI NormalizationMarx Chryz Del MundoURL validation bypass04-12-202205-12-2022
Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip VulnerabilityEgidio Romano / EgiXDrupalZip Slip attack03-12-202220-12-2022
Manipulating AES Traffic using a Chain of Proxies and Hardcoded KeysAditya Dixit (@zombie007o)Android03-12-202205-12-2022
Account Takeover – Inside The TenantJerry Shah (@Jerry)Account takeover15003-12-202205-12-2022
A $$$ worth of cookies! | Reflected DOM-Based XSS | Bug Bounty POCHaroon Hameed (@HaroonHameed40)DOM XSS03-12-202205-12-2022
3 Step IDOR in HackerResumeSwapnil Maurya (@swapmaurya20)HackerResumeIDOR03-12-202205-12-2022
SysmonEoPFilip Dragovic (@filip_dragovic)MicrosoftLocal Privilege Escalation03-12-202212-12-2022
Hacking on a plane: Leaking data of millions and taking over any accountrez0 (@rez0__)IDOR02-12-202205-12-2022
Pre-Auth RCE with CodeQL in Under 20 MinutesFlorian Hauser (@frycos)pgAdminSecurity code review02-12-202205-12-2022
CertPotato – Using ADCS to privesc from virtual and network service accounts to local systemHocine Mahtout (@Sant0rryu)MicrosoftLocal Privilege Escalation02-12-202205-12-2022
Multiple Vulnerabilities in Proxmox VE & Proxmox Mail GatewayJianTao Li (@cursered)ProxmoxXSS02-12-202205-12-2022
[WRITE-UP] Irremovable comments on the FB Lite app | A story of a simple FB Lite bug that I found just by observation (Bounty: 500 USD)Shubham Bhamare (@theshubh77)Meta / FacebookLogic flaw50002-12-202205-12-2022
Interesting find on the Invite linkSathvikaLogic flaw02-12-202209-12-2022
Command Injection in Asus M25 NASQuentin Kaiser (@QKaiser)AsusOS command injection01-12-202220-12-2022
From Zero to Hero Part 2: From SQL Injection to RCE on Intel DCM (CVE-2022-21225)Julien Ahrens (@MrTuxracer)IntelSQL injection10,00001-12-202220-12-2022
How I found my first RCE!302FoundRCE01-12-202212-12-2022
Bypassing The Client Side Encryption To Read Internal Windows Server FilesAbhishek Morla (@abhishekmorla)Client-side encryption bypass01-12-202205-12-2022
Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database accessRonen Shustin (@ronenshh)IBMCloud01-12-202205-12-2022
Novel Pipeline Vulnerability Discovered; Rust Found VulnerableNoam DotanGitHubSupply chain attack01-12-202205-12-2022
XSS on account.leagueoflegends.com via easyXDM [2016]Luke Young (@TheBoredEng)Riot GamesXSS2,00001-12-202209-12-2022
VLC : Integer overflow in vnc module <= 3.0.18 CVE-2022-413250xMitsurugiVLCMemory corruption30-11-202205-12-2022
The space creators can still see the members of the space, even after they have been removed from the space.Vivek MGoogleIDOR30-11-202205-12-2022
Stored XSS at https://www.tiktok.com/ the name of the attacker’s account carrying XSS payload will be triggered when the victim Send VideoAidil AriefTikTokStored XSS50030-11-202230-11-2022
Unrestricted file upload in Rocket TRUfusion Enterprise <= ElyassaRocket SoftwareUnrestricted file upload30-11-202230-11-2022
Brocade Fabric OS ≤ v8.0.2c rbash escape to read system filesBitcrack (@bitcrack_cyber)Broadcomrbash escape29-11-202210-03-2023
RCE on Apache Struts 2.5.30Chris (@mc_0wn)Apache StrutsRCE29-11-202205-12-2022
VoIP Spoofing (Intigriti) 1,250€0xJin (@0xJin)VoIP1,29629-11-202230-11-2022
Cross-Site Scripting in CodeIgniter version 3.1.13Antoine CervoiseCodeIgniterReflected XSS29-11-202230-11-2022
discord.exe – Improper Input ValidationRiotSecTeam (@RiotSecTeam)DiscordSecurity code review28-11-202223-11-2022
Broken access control + misconfiguration = Beautiful privilege escalationHossam Mesbah (@m359ah)Broken Access Control28-11-202230-11-2022
Improper error handling leads to exposing internal tokensAgnieszka PietruczukInformation disclosure28-11-202230-11-2022
The Untold SendBird MisconfigurationsLTiDi (@dunglt140150)SendBirdBroken Access Control27-11-202230-11-2022
Multiple Vulnerabilities found in Airtel Android ApplicationGaurang Bhatnagar (@hax0rgb)AirtelArbitrary Code Execution4,00027-11-202230-11-2022
2FA Enabled Accounts Can Bypass Authentication & Access Account After DeactivationSharat Kaikolamthuruthil (@sharp488)Authentication bypass27-11-202230-11-2022
Unique Rate limit bypass worth 1800$Manav Bankatwala (@ManavBankatwala)Rate limiting bypass1,80027-11-202230-11-2022
Firebase Exploit bug bountyDamaidecSecurity misconfiguration27-11-202230-11-2022
Access Any Owner Account without Authentication (Auth bypass + 2FA bypass)Sharat Kaikolamthuruthil (@sharp488)Authentication bypass27-11-202230-11-2022
Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture FramesNick M (@1oopho1e)OurphotoIDOR26-11-202212-12-2022
A Real World Example Of Classic Remote Command Execution (RCE)Bhashit Pandya (@x30r_)OS command injection26-11-202209-12-2022
[Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking ApplicationAbdelhak KharroubiAndroid26-11-202230-11-2022
A great weekend hack(worth $8k)Manas Harsh (@ManasH4rsh)SQL injection8,00026-11-202230-11-2022
WebView XSS, account takeovershafouWebview XSS2,50026-11-202230-11-2022
Exploiting CORS Misconfigurationsscarlet / attack ships on fireAppleCORS misconfiguration26-11-202226-11-2022
How I hacked into a government e-learning websiteiamgk808 (@iamgk808)IDOR26-11-202226-11-2022
Hacking Dutch Government-Broken Authentication To Full Website Takeover (P1)V1dr4XDutch GovernmentExposed registration page26-11-202226-11-2022
Exploiting an N-day vBulletin PHP Object Injection VulnerabilityEgidio Romano / EgiXvBulletinPHP Object Injection26-11-202230-11-2022
Able to Mass-change profile section leads to my first $BOUNTY$SYRINEHTML injection1,00025-11-202212-12-2022
CVE-2022–43781Petrus Viet (@VietPetrus)AtlassianOS command injection25-11-202225-11-2022
Hacker’s Guide to Directory/Endpoint EnumerationInderjeet Singh (@3nc0d3dGuY)40x bypass50024-11-202211-01-2023
Legally hacking a Government Satellite?RiotSecTeam (@RiotSecTeam)Missing authentication24-11-202220-12-2022
Contrast discovers zero-day flaw in popular Quarkus Java frameworkJoseph BeetonQuarkusDrive-by attack23-11-202212-12-2022
Multiple vulnerabilities in H2O ≤ément AmicH2OInsecure deserialization23-11-202230-11-2022
From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942)Julien Ahrens (@MrTuxracer)IntelAuthentication bypass10,00023-11-202225-11-2022
Dodging OAuth origin restrictions for Firebase spelunkingAditya Saligrama (@saligrama_a)OAuth23-11-202225-11-2022
CVE-2022-40300: SQL Injection In Manageengine Privileged Access ManagementJustin HungZoho (ManageEngine)SQL injection23-11-202225-11-2022
Account Takeover in KAYAKCarlos BelloKAYAKAccount takeover23-11-202225-11-2022
How I get +10 SQLi and +30 XSS via Automation ToolMahmoud Attia (@0xElkot)SQL injection23-11-202225-11-2022
CVE-2022-32898: ANE_ProgramCreate() multiple kernel memory corruptionsimo (@_simo36)AppleMemory corruption23-11-202225-11-2022
XSS Vulnerability Found in ConnectWise Remote Access Platform With Great Potential For Misuse by ScammersNati TalConnectWiseStored XSS23-11-202226-11-2022
CVE-2021-40662 Chamilo LMS 1.11.14 RCEFebinChamilo LMSStored XSS23-11-202112-12-2022
CVE-2022-41924 – RCE in Tailscale, DNS Rebinding, and YouJamie McClymont (@JJJollyjim)TailscaleRCE10,00022-11-202230-11-2022
SSRF via DNS Rebinding (CVE-2022–4096)Basavaraj Banakar (@basu_banakar)AppsmithSSRF22-11-202223-11-2022
Interesting Stored XSS via meta dataVeshraj Ghimire (@GhimireVeshraj)Stored XSS22-11-202223-11-2022
SSD Advisory – NETGEAR R7800 AFPD PreAuthNetgearMemory corruption22-11-202223-11-2022
Till REcollapse – Fuzzing the web for mysterious bugsAndré Baptista (@0xacb)Regex21-11-202223-11-2022
A Confused Deputy Vulnerability in AWS AppSyncNick Frichette (@frichette_n)AWSConfused deputy21-11-202222-11-2022
Header spoofing via a hidden parameter in Facebook Batch GraphQL APIsDavid Schütz (@xdavidhu)Meta / FacebookGraphQL3,00021-11-202222-11-2022
Fastly Subdomain Takeover $2000ValluvarSploit (@ValluvarSploit)Subdomain takeover2,00021-11-202222-11-2022
My Account Takeover Writeup: $5000MRD7 (@_mrd7_)Lack of rate limiting5,00021-11-202225-11-2022
Hacking Smartwatches for Spear PhishingCybervelia (@cybervelia)IoT20-11-202230-11-2022
Email Graffiti: hacking old emailDylan Ayrey (@insecurenature)Google (Youtube)Broken link hijacking20-11-202223-11-2022
How i found 29 stored XSS in modern frameworkDewanand Vishal (@dewcode91)Stored XSS20-11-202222-11-2022
System misconfiguration is the number one vulnerability, at least for MastodonLenin Alevski (@Alevsk)infosec.exchangeSecurity misconfiguration19-11-202221-11-2022
Russian roulette XSSSplintersec (@splint3rsec)Blind XSS19-11-202221-11-2022
Remediation Archeology — Finding and Decoding an Ancient XSSBend Theory (@bendtheory)XSS18-11-202221-11-2022
From Static domain to Account TakeoverDemon (@R29k_)Account takeover18-11-202221-11-2022
Remote Command Execution in a Bank ServerBipin Jitiya (@win3zz)RCE18-11-202221-11-2022
SyncJacking: Hard Matching Vulnerability Enables Azure AD Account TakeoverTomer Nahum (@TomerNahum1)MicrosoftAccount takeover18-11-202221-11-2022
macOS Sandbox Escape vulnerability via TerminalWojciech Reguła (@_r3ggi)AppleMacOS18-11-202221-11-2022
$250 for Email account enumeration using “NameToMail” toolsnoopy (@snoopy101101)Username enumeration25018-11-202221-11-2022
How i found 8 vulnerabilities in 24h?Mohamed Anani (@0xM5awy)Logic flaw18-11-202221-11-2022
Bypassing XSS filters using Double Encodingag3n7 (@ag3n7apk)XSS18-11-202212-12-2022
[RE:SCRUTINY] Delay Then Migrate Your MeterpreterRE:HACK (@rehackxyz)Internal pentest17-11-202210-03-2023
MEGA’s Unlimited Cloud Storage VulnerabilityNirmal Dahal (@TheNittam)MEGALogic flaw17-11-202223-11-2022
Security concerns with the e-Tugra certificate authorityIan Carroll (@iangcarroll)e-TugraDefault credentials17-11-202221-11-2022
Got Another XSS using Double Encodingag3n7XSS17-11-202218-11-2022
Information Exposure — My Fourth Finding on Hackerone!mehedishakeel (@mehedishakeel)Directory listing17-11-202218-11-2022
Account Takeover Worth of $2500Jefferson Gonzales (@gonzxph)Account takeover2,50016-11-202218-11-2022
The Story Of A Strange / Stored IDOR.Hassan FarooqIDOR16-11-202218-11-2022
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and ExposuresRon Bowes (@iagox86)F5CSRF16-11-202217-11-2022
Chromium: Same Origin Policy bypass within a single site a.k.a. “Google Roulette”Michał Bentkowski (@SecurityMB)Google (Chromium)SOP bypass16-11-202217-11-2022
Control Your Types Or Get Pwned: Remote Code Execution In Exchange Powershell BackendPiotr Bazydło (@chudyPB)CheckmkRCE16-11-202217-11-2022
Relaying to AD Certificate Services over RPCSylvain Heiniger (@sploutchy)Active Directory16-11-202217-11-2022
Remote Code Execution in Spotify’s Backstage via vm2 Sandbox Escape (CVSS Score of 9.8)Gal Goldsthein (@G4lGo89)SpotifyRCE15-11-202221-11-2022
Stealing passwords from infosec Mastodon – without bypassing CSPGareth Heyes (@garethheyes)MastodonHTML injection15-11-202217-11-2022
Varonis Threat Labs Discovers SQLi and Access Flaws in ZendeskTal PelegZendeskSQL injection15-11-202217-11-2022
Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3)Stefan Schiller (@scryh_)CheckmkRCE15-11-202217-11-2022
Winning QR with DOM-Based XSS | Bug Bounty POCHaroon Hameed (@HaroonHameed40)DOM XSS77515-11-202218-11-2022
Firebase: Insecure by Default (feat. that one time our classmates tried to sue us)Aditya Saligrama (@saligrama_a)FizzHardcoded API keys14-11-202217-11-2022
SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of PrivilegeCiscoHardcoded credentials14-11-202214-11-2022
SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code ExecutionCiscoSQL injection14-11-202214-11-2022
CVE-2022-32929 – Bypass iOS backup’s TCC protectionCsaba Fitzl (@theevilbit)AppleLocal Privilege Escalation14-11-202214-11-2022
Path Traversal Vulnerability in Payara PlatformMichael BaerPayaraPath traversal14-11-202221-11-2022
How i get $100 in just 10 minutes !Jody ritongaRace condition10013-11-202214-11-2022
Finding Reflected XSS In A Strange WayRaymond LindXSS11-11-202214-11-2022
CVE-2019-8561: A Hard-to-Banish PackageKit Framework Vulnerability in macOSMickey Jin (@patch1t)AppleMacOS11-11-202214-11-2022
Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.jsMikhail ShcherbakovRocket.ChatRCE11-11-202211-11-2022
Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML SignaturesSimon RohlmannMicrosoftSignature bypass11-11-202211-11-2022
Security and Privacy Failures in Popular 2FA AppsConor GilsenanLastPassCryptographic issues11-11-202211-11-2022
From Shodan Dork to Grafana 📊Local File InclusionAnurag__VermaLFI11-11-202211-11-2022
Windows Kernel: Exploit CVE-2022-35803 in Common Log File Systemluckyu (@uuulucky)MicrosoftWindows11-11-202218-11-2022
Discovering vendor-specific vulnerabilities in AndroidOversecured (@OversecuredInc)SamsungAndroid10-11-202221-11-2022
Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web ServerArtur Avetisyan (@3v1LMonk3y)LiteSpeedRCE10-11-202217-11-2022
How Sigstore quickly patched an upstream vulnerabilityJoern SchneeweiszSigstoreOAuth10-11-202214-11-2022
Accidental $70k Google Pixel Lock Screen BypassDavid Schütz (@xdavidhu)GoogleLock screen bypass70,00010-11-202211-11-2022
Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2ndCaesar Evan SantosoGoogleIDOR10-11-202211-11-2022
Sleep SQL injection on Name Parameter While Updating ProfileUmer YousufSQL injection50010-11-202211-11-2022
Chaining Path Traversal with SSRF to disclose internal git repo data in a Bank AssetNikhil (niks) (@niksthehacker)SSRF09-11-202118-11-2022
Jit-Picking: Differential Fuzzing of JavaScript EnginesLukas Bernhard (@bernhl)MozillaBrowser hacking10,00009-11-202214-11-2022
My First Account TakeoverJAI NIRESH JAccount takeover09-11-202214-11-2022
Netgear Nighthawk R7000P AWS_JSON Unauthenticated Double Stack Overflow VulnerabilityJean-Jamil KhalifeNetgearMemory corruption09-11-202214-11-2022
Some Tips to Finding IDORs more easily and Fixing themXenonIDOR08-11-202218-11-2022
Compromising Plesk Via Its REST APIAdrian Tiron (@Adrian__T)PleskCORS misconfiguration08-11-202211-11-2022
Comodo: From .Git to TakeoverMaor Dayan (@mord1234)Comodo.git folder disclosure08-11-202211-11-2022
Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)Kuba Gretzky (@mrgretzky)MicrosoftLocal Privilege Escalation08-11-202211-11-2022
How we ‘hacked’ Telenet’s cybersecurity quizMickey De BaetsTelenetLogic flaw07-11-202208-11-2022
Stormshield SNS cleartext password leakMehdi AlouacheStormshieldUse of GET request Method With sensitive query strings07-11-202208-11-2022
IDOR on Unsubscribe emails to $200 bounty.shbugger1IDOR20006-11-202208-11-2022
Exploit Feature To Get High Bug impactMohamed Anani (@0xm5awy)Logic flaw05-11-202214-11-2022
CVE-2022-26730 | ColorSync | Hoyt LLCDavid Hoyt (@h02332)AppleMacOS05-11-202211-11-2022
Story of a $1k bounty — SSRF to leaking access token and other sensitive informationFaique (@imfaiqu3)SSRF1,00005-11-202208-11-2022
Directory traversal in PDF viewing application. Leading to full database takeoverTom WrinnPath traversal05-11-202208-11-2022
PENTEST TALES: EXIF Data ManipulationArmand JasharajUnrestricted file upload05-11-202205-11-2022
Practical Client Side Path Traversal AttacksMedi (@medi_0ne)AcronisPath traversal$25004-11-202208-11-2022
CSRF Leads to Delete User AccountOmarbakreyCSRF04-11-202205-11-2022
How I hacked into a Cambridge’s server and got appreciation letter.PrathamrajgorCambridgeUnrestricted file upload04-11-202205-11-2022
Case of Admin Bypass for RCE, XSS, and Information DisclosureSam Paredes (@caffeinevulns)RCE03-11-202205-11-2022
Invitation HijackingvFlexo (@vflexo)Authorization flaw03-11-202205-11-2022
The power of adaptability through experience.Mike Saunders (@hardwaterhacker)Lateral movement03-11-202205-11-2022
Get Blind XSS within 5 Minutes — $100Narayanan MBlind XSS10003-11-202205-11-2022
How I could have been the administrator for all Dutch companies and create invoices. And still can be…bob van der staakDutch GovernmentLogic flaw03-11-202203-11-2022
Gregor Samsa: Exploiting Java’s XML Signature VerificationFelix Wilhelm (@_fel1x)OpenJDKInteger truncation02-11-202203-11-2022
Chaining Multiple Vulnerabilities Leads to Remote Code Execution (RCE) on One of the Payment Service Companies.Rohit Soni (@streetofhacker)Exposed registration page02-11-202203-11-2022
Fuzzing For Hidden ParamscalfcrusherSQL injection02-11-202203-11-2022
Improper Access Control — My Third Finding on Hackerone!mehedishakeel (@mehedishakeel)HTML injection02-11-202203-11-2022
How 403 Forbidden Bypass got me NOKIA Hall Of Fame (HOF)Jaydeepsinh Thakor (@thakor_jd_)Nokia403 bypass02-11-202203-11-2022
How I Get 5x Swag From SonyNaeem Ahmed Sayed (@0xNaeem)SonyDOM XSS02-11-202203-11-2022
CVE−2022-3602: Punycode buffer overflow in OpenSSLColm MacCárthaigh (@colmmacc)OpenSSLMemory corruption01-11-202218-11-2022
urlscan.io’s SOAR spot: Chatty security tools leaking private dataFabian BräunleinInformation disclosure01-11-202203-11-2022
Safari is hot-linking images to semi-random websitesGareth Heyes (@garethheyes)AppleBrowser hacking31-10-202201-11-2022
Blind SQL Injection on Delete RequestJawad Mahdi (@hunter0x1)Blind SQL injection1,30030-10-202201-11-2022
A tale of a simple Apple kernel bugJordy Zomer (@pwningsystems)AppleOut-of-bounds Read31-10-202201-11-2022
Vulnerabilities In Apache Batik Default Security Controls – SSRF And RCE Through Remote Class LoadingPiotr Bazydło (@chudypb)Apache BatikSSRF31-10-202201-11-2022
2FA Bypass due to information disclosure & Improper access control.Akash Hamal (@AkashHamal0x01)DoS31-10-202231-10-2022
Old RCE worth $3362.nanwnRCE3,36230-10-202231-10-2022
Exploiting Static Site Generators: When Static Is Not Actually StaticShubham Shah (@infosec_au)NetlifySSRF28-10-202201-11-2022
How i was able to get free money via sending negative tokensMohamed Anani (@0xM5awy)Logic flaw28-10-202229-10-2022
Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 – Part 1: Root Cause AnalysisZscaler Threatlabz (@Threatlabz)MicrosoftLocal Privilege Escalation28-10-202201-11-2022
CVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple VulnerabilitiesPaulos Yibelo (@PaulosYibelo)JuniperRCE28-10-202228-10-2022
Blind SSRF in Skype (Microsoft)Jayateertha Guruprasad (@JayateerthaG)MicrosoftBlind SSRF28-10-202228-10-2022
RCE docker api, but …nanwnRCE28-10-202228-10-2022
Abusing Windows’ tokens to compromise Active Directory without touching LSASSAurélien Chalot (@Defte_)Local Privilege Escalation27-10-202201-11-2022
AWS SSRF to Root on production instance — A bug worth 1.75LacsAvinash Jain (@logicbomb_1)SSRF27-10-202228-10-2022
Visual Studio Code Jupyter Notebook RCELuca Carettoni (@lucacarettoni)MicrosoftRCE27-10-202228-10-2022
A 250$ CSS Injection — My First Finding on Hackerone!DsonbackerCSS injection25027-10-202228-10-2022
Misconfigured AWS S3 Bucket (Information Disclosure & Subdomain Takeover)Gokhan Guzelkokar (@gkhck_)AWS misconfiguration1,00027-10-202228-10-2022
RC4 Is Still Considered HarmfulJames Forshaw (@tiraniddo)Microsoft (Windows)Kerberos27-10-202228-10-2022
Hijacking AUR Packages by Searching for Expired DomainsJoren VranckenSubdomain takeover26-10-202229-04-2023
Client Side Desync Attack (CL.0 Request Smuggling) — Bounty of $150Bodhendu PandaHTTP Request Smuggling15026-10-202208-05-2023
SiriSpy – iOS bug allowed apps to eavesdrop on your conversations with SiriGuilherme Rambo (@_inside)AppleiOS7,00026-10-202201-11-2022
Attacking The Software Supply Chain With A Simple RenameAviad Gershon (@aviadgershon)GitHubRepojacking26-10-202228-10-2022
SSD Advisory – Galaxy Store Applications Installation/Launching without User InteractionSamsungXSS26-10-202228-10-2022
SSRF Bug Leads To AWS Metadata ExposureRaymond LindSSRF26-10-202228-10-2022
Stored XSS To Cookie ExfiltrationRaymond LindStored XSS26-10-202228-10-2022
GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware TeardownOlivier Laflamme (@olivier_boschko)GL.iNetOS command injection26-10-202228-10-2022
Microsoft SharePoint Server Post-Authentication Server-Side Request Forgery vulnerabilityLi Jiantao (@CurseRed)MicrosoftSSRF25-10-202201-11-2022
Chaining multiple vulnerabilities for credential stealingBartłomiej Bergier (@_bergee_)CSRF25-10-202228-10-2022
Support supports a Hackermechboy (@mechboy_)Social engineering25-10-202228-10-2022
Eat What You Kill :: Pre-authenticated Remote Code Execution in VMWare NSX ManagerSina Kheirkhah (@SinSinology)VMwareRCE25-10-202228-10-2022
The Logging Dead: Two Event Log Vulnerabilities Haunting WindowsDolev TalerMicrosoftDoS25-10-202228-10-2022
Stranger Strings: An exploitable flaw in SQLiteAndreas KellasSQLiteMemory corruption25-10-202228-10-2022
Remote Code Execution by Abusing Apache Spark SQLColin McQueenSQL injection24-10-202201-11-2022
5000$ for Apple Stored Xss And Another Blind Xss Still under reviewAbdelkader Mouaz (@hamzadzworm)AppleBlind XSS24-10-202225-10-2022
SSRF & LFI In Uploads FeatureRaymond LindSSRF24-10-202225-10-2022
How I Found A Simple Stored XSSRaymond LindStored XSS24-10-202225-10-2022
Atlassian Jira Align, Version 10.107.4 AdvisoryJacob Shafer (@fibbot)AtlassianSSRF24-10-202225-10-2022
Finding Multiple Security Issues on AgorapulseSnap Sec (@snap_sec)AgorapulseLog4shell24-10-202224-10-2022
Missing Authentication in ZKTeco ZEM/ZMM Web InterfaceRedTeam Pentesting (@RedTeamPT)ZKTecoMissing authentication24-10-202201-11-2022
How I Found Three Credentials Leak on One Google Dork on Bugcrowd programIttipatjitrada (@IttipatJitrada)CengageInformation disclosure24-10-202201-11-2022
Broken Link Hijacking — My Second Finding on Hackerone!mehedishakeel (@mehedishakeel)Broken link hijacking23-10-202224-10-2022
Sail away, sail away, sail awayReino MostertRCE21-10-202222-10-2022
$1,000+ P1: PII Disclosure W/ IDORGraham Zemel (@grahamzemel)IDOR21-10-202223-10-2022
Google VRP — [Insecure Direct Object Reference] $3133.70Caesar Evan SantosoGoogleIDOR3,133.7020-10-202221-10-2022
The Curious Case Of The Password DatabaseTravis Kaun (@W9HAX)Zoho (ManageEngine)Cryptographic issues20-10-202221-10-2022
Reverse Engineering the Apple Multipeer Connectivity FrameworkSimone Margaritelli (@evilsocket)AppleAuthorization flaw20-10-202221-10-2022
SHA-3 Buffer OverflowNicky MouhaXKCPBuffer Overflow20-10-202224-10-2022
Bypassing Mimecast URL and File InspectionPatrick Sayler (@psaYler)MimecastSecure Email Gateway bypass20-10-202228-10-2022
Potential Remote Code Execution Vulnerability Discovered In HSQLDBCode Intelligence (@CI_Fuzz)HSQL Development Group (HSQLDB)RCE19-10-202225-10-2022
23000$ for Authentication Bypass & File Upload & Arbitrary File OverwriteSouhaib Naceri (@h4x0r_dz)JWT23,00019-10-202223-10-2022
A New Attack Surface on MS Exchange Part 4 – ProxyRelay!Orange Tsai (@orange_8361)MicrosoftRCE19-10-202221-10-2022
HTTP/3 connection contamination: an upcoming threat?James Kettle (@albinowax)HTTP connection contamination19-10-202221-10-2022
Second Order XXE ExploitationKuldeep Pandya (@kuldeepdotexe)XXE19-10-202221-10-2022
FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric ExplorerLidor Ben ShitritMicrosoftCSTI19-10-202221-10-2022
Microsoft Office Online Server Remote Code ExecutionManish Tanwar (@IndiShell1046)MicrosoftSSRF19-10-202221-10-2022
CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code InjectionGuy Lederfein (@glederfein)SophosRCE19-10-202221-10-2022
Scan QR Code and Got Hacked (CVE-2021–43530 : UXSS on Firefox Android Version)hafiizhMozillaUniversal XSS2,00019-10-202221-10-2022
Found vulnaribility on subdomain of nasa.gov simply using censyshacker_mightNASAExposed registration page19-10-202221-10-2022
Vulnerabilities in Tenda’s W15Ev2 AC1200 RouterOlivier Laflamme (@olivier_boschko)TendaOS command injection19-10-202221-10-2022
Yet Another Telerik UI RevisitPaul MuellerProgress (Telerik)Cryptographic issues19-10-202223-10-2022
Remote Code Execution in Melis PlatformKarim El OuerghemmiMelis PlatformRCE18-10-202224-10-2022
The Danger of Falling to System Role in AWS SDK ClientFracensco Lacerenza (@lacerenza_fra)Cloud18-10-202222-10-2022
Basic recon to RCE IIIJoshua Martinelle (@J0_mart)RCE18-10-202221-10-2022
PHP Filters Chain: What Is It And How To Use ItRémi Matasse (@_remsio_)LaravelInsecure deserialization18-10-202221-10-2022
CVE 2022–24082, RCE in the PEGA Platform — Discovery, Remediation & Technical Details (Long Live JMX!!!)Marcin WolakPEGARCE17-10-202215-05-2023
Guest Blog Post – Memory corruption vulnerabilities in EdgeDavid Erceg (@david_erceg)MicrosoftBrowser hacking2,15,00017-10-202201-11-2022
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1Rio (@0x09AL)HelpSystemsRCE17-10-202221-10-2022
Pwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code ExecutionSector 7 (@sector7_nl)ICONICSRCE5,00017-10-202217-10-2022
Facebook SMS Captcha Was Vulnerable to CSRF AttackLokesh Kumar (@lokeshdlk77)Meta / FacebookCSRF18,75017-10-202217-10-2022
Toner Deaf – Printing your next persistence (Hexacon 2022)Alex Plaskett (@alexjplaskett)LexmarkPath traversal17-10-202217-10-2022
How I Got $10,000 From GitHub For Bypassing Filtration of HTML tagsSaajan Bhujel (@saajanbhujel)GitHubXSS10,00016-10-202217-10-2022
My First Critical Bug In HackerOne PlatformEX_097HTTP request smuggling16-10-202217-10-2022
[CVE-2022-1786] A Journey To The Dawnkylebot (@ky1ebot)Google (kCTF)Use-After-Free91,33715-10-202223-10-2022
Google SSO misconfiguration leading to Account Takeover0x4KD (@0x4kd)Authentication bypass14-10-202217-10-2022
Story about Escalation of HTML Injection to EC2 Instance credentials leakHarsh Tandel (@H4r5h_T4nd37)SSRF14-10-202217-10-2022
The Castle’s LatrineinfiltrateopsSQL injection14-10-202217-10-2022
Microsoft Office 365 Message Encryption Insecure Mode of OperationHarry SintonenMicrosoftWeak crypto5,00014-10-202217-10-2022
Code Injection and SQLi in WP ALL Export Prop3n7a90n (@p3n7a90n)SQL injection50014-10-202217-10-2022
Weak private key generation in SSH.NET <= 2020.0.1Guillaume André (@yaumn_)SSH.NETWeak crypto14-10-202217-10-2022
It’s the Little Things : Breaking an AIDebangshu Kundu (@debangshu_kundu)Path traversal13-10-202217-10-2022
Some Vulnerabilities Don’t Have A NameMario TeixeiraNode.js third-party modules (debug)ReDoS13-10-202217-10-2022
Fall account takeover via Amazon Cognito misconfigurationHossam Ahmed (@iknowhatodo0x01)IDOR13-10-202217-10-2022
FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)James Horseman (@JamesHorseman2)FortinetAuthentication bypass13-10-202217-10-2022
Code flaws leads to Org/Admin Account TakeoverSaransh Saraf (@mr23r0)Privilege escalation13-10-202217-10-2022
SQL Injection in GraphQLAhmed Gad (@0xGAD)SQL injection13-10-202217-10-2022
Adobe Reader – XFA – ANSI-Unicode Confusion Information LeakAshfaq Ansari (@HackSysTeam)AdobeMemory corruption13-10-202217-10-2022
Compromising a Backup System by iSCSI Interface During a Routine Penetration TestBruno OliveiraMissing authentication13-10-202224-10-2022
The story of a [P5] that lead me to a [P3] findJAI NIRESH JPre-account takeover13-10-202203-11-2022
$6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug BountyNeh Patel (@thecyberneh)MicrosoftCRLF injection6,00012-10-202217-10-2022
Threat Alert: Private npm Packages Disclosed via Timing AttacksYakir KadkodaGitHubTiming attack12-10-202217-10-2022
Broken Access Control leads to full team takeover and privilege escalationAbdelhameed Ghazy (@El3Etraa1)Broken Access Control12-10-202217-10-2022
Pwning ManageEngine — From Endpoint to Exploit: A deep dive into CVE-2021–42847Erik Wynter (@WynterErik)ZohoArbitrary file write12-10-202217-10-2022
Critical IDOR Vulnerability on Medium?zer0dIDOR12-10-202217-10-2022
Breaking Parser Logic: Gain Access To NGINX Plus API — Read/Write Upstreams.Cyberlix (@cyberlixio)Path traversal12-10-202212-10-2022
In GUID We TrustDaniel Thatcher (@_danielthatcher)IDOR11-10-202217-10-2022
Cold Hard Cache — Bypassing RPC Interface Security with Cache AbuseMicrosoftPrivilege escalation11-10-202217-10-2022
Web application firewall bypassWAF bypass11-10-202212-10-2022
Taking over the Medium subdomain using MediumSmaran Chand (@smaranchand)MediumSubdomain takeover10-10-202224-10-2022
Enter “Sandbreak” – Vulnerability In vm2 Sandbox Module Enables Remote Code Execution (CVE-2022-36067)Oxeye (@OxeyeSecurity)vm2RCE10-10-202217-10-2022
[Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I]Abdelhak KharroubiBroken Access Control10-10-202212-10-2022
VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerabilityMarcin ‘Icewall’ Noga (@_Icewall)VMwareInsecure deserialization10-10-202212-10-2022
Reflected cross-site scripting vulnerability in Crealogix EBICS implementationTobias Ospelt (@floyd_ch)CREALOGIX AGReflected XSS10-10-202212-10-2022
Gcash Vulnerability WalkthroughNeil Mark Ochea (@nmochea)GcashAndroid10-10-202210-10-2022
Persistent PHP Payloads In PNGs: How To Inject PHP Code In An Image – And Keep It There !Quentin Roland (@ROLANDQuentin2)Unrestricted file upload10-10-202210-10-2022
The easiest bug to get a Hall of fame from a Billion dollar company.RavaanGeHealthcareGraphQL10-10-202210-10-2022
Vulnerabilities in Online Payment SystemsClaudio MoranPayment bypass08-10-202208-10-2022
Auth Bypass Via Exposed Credentialsg30rgy th3 d4rk (@Crypt0g30rgy)Hardcoded API keys70007-10-202226-02-2023
Insecure CommentsMearegMicrosoftIDOR07-10-202208-10-2022
CVE-2022–36635 — A SQL Injection in ZKSecurityBio to RCECaio Burgardt (@CaioBurgardt)ZKTecoSQL injection06-10-202208-10-2022
Full Company Building TakeoverOmar Hashem (@OmarHashem666)Information disclosure06-10-202208-10-2022
Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related ClassesJeff Dileo (@ChaosDatumz)OpenJDKIP address validation bypass06-10-202208-10-2022
SSD Advisory – pfSense Post Auth RCE이예랑 (@yelang123x)pfSenseRCE06-10-202208-10-2022
Mr. Robot: Self Xss from Informative to high 1200$ ,csrf, open redirect,self xss to storedAhmad A Abdulla (@lu3ky13)Self-XSS1,20006-10-202208-10-2022
CVE-2022-41343Tanto Security team (@TantoSecurity)dompdfRCE06-10-202206-10-2022
Melting the DNS Iceberg: Taking over your infrastructure Kaminsky styleTimo LonginDNS cache poisoning06-10-202206-10-2022
Error based SQL Injection with WAF bypass manual Exploit 100%Ahmed Qaramany (@c0nqr0r)SQL injection06-10-202206-10-2022
A Deep Dive of CVE-2022–33987 (Got allows a redirect to a UNIX socket)Chaim SandersMediaWikiSSRF06-10-202206-10-2022
Exploit Disclosure: Turning Thunderbird into a Decryption OracleSarah Jamie Lewis (@SarahJamieLewis)Mozilla (Thunderbird)Privacy issue05-10-202208-10-2022
Appsmith Patches Full-Read SSRF Vulnerabilities Reported by CloudSEKSparsh Kulshrestha (@d0tdotslash)AppsmithSSRF05-10-202206-10-2022
How I Found A P1 BugAmithAuthentication bypass05-10-202206-10-2022
Hacking TMNF: Part 1 – Fuzzing the game serverUbisoftRCE05-10-202206-10-2022
Securing Developer Tools: A New Supply Chain Attack on PHPThomas Chauchefoin (@swapgs)PackagistArgument injection04-10-202206-10-2022
Bugcrowd — Tale of multiple misconfigurations!! ❌Vaibhav LakhaniAccount takeover04-10-202204-10-2022
My First And Second Bugs Are — 2FA BypassJai Niresh JMFA bypass03-10-202204-10-2022
CSRF Attack — 0 click account delete – 1st write-upDeepak (@bug_vs_me)CSRF03-10-202204-10-2022
Using Default Credential to Admin Account TakeoverRohit Kumar (Rohit_443)Weak credentials02-10-202210-10-2022
How I found an IDOR Worth $1500Adil Nadeem BabrasIDOR1,50002-10-202202-10-2022
Breaking Business Logic – Part: 2^7 = 1Hemdeep GamitRace condition02-10-202204-10-2022
Tale of Easy P1 Bugs in WildHarsh TandelForced browsing01-10-202202-10-2022
Zoneminder – Web App Testing – Oct 2022Trenches of IT (@TrenchesofIT)ZoneMinderDoS30-09-202207-10-2022
Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML SignaturesSimon RohlmannMicrosoft (Office)Signature bypass29-09-202221-06-2023
Two Lines Of JScript For $20,000 – Pwn2Own Miami 2022Ben McBride (@bdmcbri)ICONICSRCE20,00029-09-202204-10-2022
How Scanning Your Projects for Security Issues Can Lead to Remote Code ExecutionRon Masas (@RonMasas)SnykRCE29-09-202204-10-2022
Security vs Compliance-Cloudflare Password Policy Restriction BypassLohith Gowda M (@lohigowda_in)CloudflareClient-side enforcement of server-side security30029-09-202202-10-2022
Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)Francesco Mariani (@_medusa_1_)AkamaiWeb cache poisoning50,00029-09-202202-10-2022
Orange Arbitrary Command ExecutionOmar Hashem (@OmarHashem666)OrangeRCE29-09-202202-10-2022
ECDSA Nonce ReuseIngredous LabsCryptographic issues29-09-202202-10-2022
XSS through DHCP: How Attackers Use StandardsDylan RossXSS29-09-202202-10-2022
A vulnerability on Patreon, and their elusive bounty program.Datura Mater (@DaturaMater)PatreonPayment bypass29-09-202202-10-2022
CVE-2022-37461: Two Reflected XSS Vulnerabilities in Canon Medical’s Vitrea ViewJordan HedgesCanonReflected XSS29-09-202202-10-2022
Apple CoreText – An Unexpected Journey to Learn about FailureDaniel Lim Wee Soong (@daniellimws)AppleMemory corruption29-09-202230-09-2022
The forgotten IPFS vulnerabilitiestintinwebFilecoin SecurityWeb3 hacking28-09-202210-10-2022
Practically-exploitable Cryptographic Vulnerabilities in MatrixMartin Albrecht (@martinralbrecht)MatrixCryptographic issues28-09-202204-10-2022
Exploits Explained: 5 Unusual Authentication Bypass TechniquesOzgur Alp (@ozgur_bbh)Authentication bypass28-09-202229-09-2022
Two RCEs are better than one: write-up of an interesting lateral movementRiccardo Malatesta (@seeu_inspace)Local Privilege Escalation28-09-202229-09-2022
Another Tale Of IBM I (AS/400) HackingpzLocal Privilege Escalation28-09-202229-09-2022
From nothing to AWS credentials(@darkandroider)SSRF27-09-202210-10-2022
Layer 2 network security bypass using VLAN 0, LLC/SNAP headers and invalid lengthEtienne Champetier / champtarMicrosoftLayer 2 networking vulnerability27-09-202202-10-2022
Discovering The Less-known Vulnerability In Oracle PeoplesoftRE:HACK (@rehackxyz)TockenChpoken26-09-202210-03-2023
“Hey Siri, follow that car!” – How traffic cameras expose your location through parking apps.Inti De Ceukelaire (@securinti)Information disclosure26-09-202202-10-2022
Skype for Business Audit Part 2 – SKYPErimeterleakFlorian Hauser (@frycos)MicrosoftSSRF26-09-202202-10-2022
New Attack Paths? AS Requested Service TicketsCharlie Clark (@exploitph)MicrosoftLocal Privilege Escalation25-09-202229-09-2022
Blind account takeoverBartłomiej Bergier (@_bergee_)Account takeover25025-09-202226-09-2022
Tesla paid me $10,000 because of Directory IndexinginfiltrateopsTeslaDirectory listing10,00025-09-202226-09-2022
Shopping App Deeplink Arbitrary URLsNeil Mark Ochea (@nmochea)Insecure deeplink25-09-202226-09-2022
Stored XSS in Nvidia via Angular JS template injectionMohamed AbdelhadyNvidiaCSTI25-09-202226-09-2022
Escalating SSTI to Reflected XSS using curly braces {}Sagar Sajeev (@Sagar__Sajeev)SSTI24-09-202226-09-2022
Blind XSS on Admin Portal Leads to Information DisclosureRohit Kumar (Rohit_443)Blind XSS24-09-202226-09-2022
Microsoft Windows Shift F10 Bypass and Autopilot privilge escalationMatek Kamilló (@k4m1ll0)MicrosoftLocal privilege escalation24-09-202226-09-2022
Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurationshacktheboxSecurity misconfiguration24-09-202226-09-2022
CVE-2022-35256 – HTTP Request Smuggling in NodeJSVVX7 (@VV_X_7)Node.jsHTTP request smuggling23-09-202226-09-2022
Pre-Auth Remote Code Execution – Web Page TestLaluka (@TheLaluka)CatchPointRCE30023-09-202226-09-2022
WAF bypasses via 0daysTerjanq (@terjanq)ModSecurityWAF bypass23-09-202226-09-2022
Arbitrary File Corruption: End - to - End Encrypted Messaging ApplicationNeil Mark Ochea (@nmochea)Insecure intent23-09-202226-09-2022
My First Valid Bug “Bypass the Admin Panel”Digant PrajapatiAuthentication bypass23-09-202226-09-2022
My First XSSAvyukt Syrine (@AvyuktSyrine)Open redirect23-09-202226-09-2022
Exploiting Distroless ImagesDaniel Teixeira (@TheRedOperator)GoogleCommand injection22-09-202218-01-2023
Skype for Business Audit Part 1 – SKYPErsistenceFlorian Hauser (@frycos)MicrosoftLocal Privilege Escalation22-09-202202-10-2022
Making HTTP header injection critical via response queue poisoningJames Kettle (@albinowax)HTTP header injection12,50022-09-202222-09-2022
How I Found Multiple SQL Injections in 5 Minutes in Bug BountyOmar Hashem (@OmarHashem666)SQL injection22-09-202226-09-2022
Tarfile: Exploiting the World With a 15-Year-Old VulnerabilityKasimir Schulz (@Abraxus7331)PythonPath traversal21-09-202231-01-2023
One takeover to rule them allGwendal Le Coguic (@gwendallecoguic)EDFSubdomain takeover21-09-202226-09-2022
Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js LibrarySam Curry (@samwcyo)NetlifyUniversal XSS21-09-202222-09-2022
Tarfile: Exploiting the World With a 15-Year-Old VulnerabilityKasimir Schulz (@Abraxus7331)PythonPath traversal21-09-202222-09-2022
TypeORM Prototype Pollution Leading To SQL Injection (CVE-2022-36531)Norbert Szetei (@73696e65)TypeORMDoS21-09-202222-09-2022
Mass Assignment Leading to Pre Account TakeoverCyberaliMass assignment1,30021-09-202222-09-2022
Parameters in Lambda Functions that lead to XSS and InjectionTeri Radichel (@TeriRadichel)AWSXSS20-09-202222-09-2022
How we Abused Repository Webhooks to Access Internal CI Systems at ScaleOmer Gil (@omer_gil)CI/CD20-09-202222-09-2022
Securing Developer Tools: OneDev Remote Code ExecutionPaul GersteOneDevRCE20-09-202222-09-2022
Apollo Router Security Audit Report (Q2 2022)Norbert Szetei (@73696e65)Apollo GraphQLDoS20-09-202222-09-2022
AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumesElad Gabay (@eladgabay_)OracleCloud20-09-202222-09-2022
7,500$ – IDOR on Apple [consultants.apple.com]apapedulimu / Nosa Shandy (@LocalHost31337)AppleIDOR7,50020-09-202222-09-2022
Tag Myself in Your Favorite TikTok Artist Video [IDOR]apapedulimu / Nosa Shandy (@LocalHost31337)TikTokIDOR3,00020-09-202222-09-2022
Privilege Escalation Leads to making authenticated actions (payment processing, creating invoices.. etc)X-Vector (@XVector11)Privilege escalation20-09-202222-09-2022
Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286)x86matthew (@x86matthew)SeagateLocal Privilege Escalation20-09-202222-09-2022
SSD Advisory – Linux CLOCK_THREAD_CPUTIME_ID LPELinux Kernel OrganizationMemory corruption20-09-202222-09-2022
How to hack Github ActionsStackOverflowExcept1onGitHubCI/CD50019-09-202226-09-2022
Android Application Forgot Password Token Leakage Leading to Account TakeoverCyberaliInformation disclosure19-09-202215-09-2022
Turning Your Computer Into a GPS Tracker With Apple MapsRon Masas (@RonMasas)ApplePrivacy issue18-09-202219-09-2022
Bug Bounty { How I found an Sensitive Information Disclosure( Reconnaissance ) }S Rahul (@7srambo)Information disclosure18-09-202219-09-2022
SSRF Attack Leading To AWS MetadataParagBagulCERT-EUSSRF18-09-202219-09-2022
How i Found Unauthorized Bypass RCEYashshirkeRCE18-09-202220-09-2022
How an Akamai misconfiguration earned us USD 46.000Francesco Mariani (@_medusa_1_)AkamaiHTTP request smuggling46,00017-09-202220-09-2022
How i made the multiple hall of fame in Nokia within 2 minutesVedavyasanNokiaClickjacking17-09-202217-09-2022
Cloning internal Google repos for fun and… info?Luke BernerGoogleAuthorization flaw16-09-202219-09-2022
Getting Paid With Just Picking Color — Bug BountyRedzaCSS injection16-09-202217-09-2022
Abusing Broken Link In Fitbit (Google Acquisition)To Collect BugBounty Reports On Behalf Of Google !Jayateertha Guruprasad (@JayateerthaG)GoogleBroken link hijacking16-09-202217-09-2022
The Tale Of SSRF To RCE on .GOV DomainTobydavennSSRF16-09-202217-09-2022
HTTP Desync Attack (Request Smuggling) – Mass Account Takeover at a Cryptocurrency based asset and 121 other websitesAnkit Singh (@AnkitCuriosity)HTTP Request Smuggling4,30014-09-202212-12-2022
Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804)Maxwell Garrett (@TheGrandPew)AtlassianRCE14-09-202215-09-2022
Security Advisory: NETGEAR Routers FunJSQ VulnerabilitiesQuentin Kaiser (@QKaiser)NetgearOS command injection14-09-202215-09-2022
How I abused the file upload function to get a high severity vulnerability in Bug BountyOmar Hashem (@OmarHashem666)Unrestricted file upload14-09-202215-09-2022
Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoSSector 7 (@sector7_nl)Unified AutomationDoS5,00014-09-202215-09-2022
Attacking the Android kernel using the Qualcomm TrustZoneTamir Zahavi-Brunner (@tamir_zb)QalcommMemory corruption14-09-202215-09-2022
mast1c0re: Hacking the PS4 / PS5 through the PS2 Emulator – Part 1 – EscapeCTurt (@CTurtE)PlayStationMemory corruption26-09-202215-09-2022
Colorful VulnerabilitiesTal Lossos (@TalLossos)OpenRazerMemory corruption14-09-202226-09-2022
Data Exfiltration through Blind XXE on PDF GeneratorArben Shala (@arbennsh)Blind XXE13-09-202226-09-2022
Blind XSS and Time-Based SQL Injection to Admin Panel Control and Database TakeoverCyberaliBlind XSS13-09-202215-09-2022
Hacking Unity Games with Malicious GameObjectsJason Kielpinski (@f2jason)UnityArbitrary code execution13-09-202215-09-2022
Undermining Microsoft Teams Security by Mining TokensVectra Protect team (@Vectra_AI)MicrosoftInsecure storage of sensitive information13-09-202220-09-2022
LiveHelperChat – Remote Code Execution via Vulnerable Theme Upload FunctionArben Shala (@arbennsh)Live Helper ChatRCE13-09-202226-09-2022
How I DIDN’T get an RCE in a $200 Billion company — Bug Bountynynan (@_nynan)RCE12-09-202230-11-2022
Bug Bounty – Cross-site request forgery is a thingPatrick Hener (@C1sc01)CSRF2,40012-09-202230-11-2022
Contentful Access Token Disclosure in Android APKCyberaliInformation disclosure12-09-202215-09-2022
SSRF(g/vrp) for 5000$lalka (@0x01alka)SSRF5,00012-09-202215-09-2022
Privacy Violation In Chat SystemInderjeet Singh – rashahacksPrivacy issue12-09-202215-09-2022
How I found 3 rare security bug in a dayzer0dSession expiration issue10-09-202215-09-2022
How I was able to Bypass Philips AuthenticationParagBagulPhilipsOutdated component with a known vulnerability10-09-202219-09-2022
Attackers Can Bypass GitHub Required Reviewers to Submit Malicious CodeNoam DotanGitHubAuthorization flaw08-09-202215-09-2022
Attacking Firecracker: AWS’ microVM Monitor Written in RustValentina Palmiotti (@chompie1337)FirecrackerMemory corruption08-09-202015-09-2022
Riding The Inforail To Exploit Ivanti Avalanche Part 2Piotr Bazydło (@chudyPB)IvantiRCE08-09-202115-09-2022
Avalanche remote network crashPter Szilgyi (@peter_szilagyi)Ava LabsDoS08-09-202215-09-2022
New technique 403 bypass lyncdiscover.microsoft.comAbbas Heybati (@abbas_heybati)Microsoft403 bypass08-09-202215-09-2022
How I was able to see likes count even though is hidden by victim | YouTubeR ando (@Rando02355205)GoogleInformation disclosure08-09-202215-09-2022
Fun With CORSTalis OzolsCORS misconfiguration08-09-202215-09-2022
QUEST KACE Desktop Authority Pre-Auth Remote Code Execution (CVE-2021-44031)Tom Ellson (@tde_sec)QuestRCE08-09-202215-09-2022
Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code ExecutionDaan Keuper (@daankeuper)AVEVAArbitrary Code Execution20,00008-09-202215-09-2022
Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)Deral Heiland (@Percent_X)Baxter HealthcareHardcoded credentials08-09-202215-09-2022
Binarly Finds Six High Severity Firmware Vulnerabilities In HP Enterprise DevicesBinarly efiXplorer TeamHPMemory corruption08-09-202215-09-2022
Step-by-Step Walkthrough of CVE-2022-32792 – WebKit B3ReduceStrength Out-of-Bounds WriteDaniel Lim (@daniellimws)AppleMemory corruption08-09-202202-10-2022
Groovy Template Engine Exploitation – Notes from a real case scenarioGianluca Baldi (@0x_nope)RCE07-09-202220-09-2022
$900 Blind XSSѕнín (@shinchina_)Blind XSS90007-09-202215-09-2022
Exploiting Laravel based applications with leaked APP_KEYs and QueuesTimo Müller (@mtimo44)RCE07-09-202215-09-2022
How I found 3 RXSS on the Lululemon bug bounty programOmar Hashem (@OmarHashem666)lululemonXSS07-09-202215-09-2022
Groovy Template Engine Exploitation – Notes from a real case scenarioGianluca Baldi (@0x_nope)RCE07-09-202215-09-2022
How I found Moodle Cross site scriptingParagBagulMoodleXSS07-09-202219-09-2022
Zuckerpunch – Abusing Self Hosted Github Runners at FacebookMarcus YoungMeta / FacebookCI/CD10,00006-09-202215-09-2022
IDOR leads to removing members from any Google Chat Space.Vivek MGoogleIDOR3,133.7006-09-202215-09-2022
Group expert’s pending expertise request leaking on FacebookVivek MMeta / FacebookIDOR06-09-202215-09-2022
Details about future collaboration profiles and pages have been revealedVivek MMeta / FacebookIDOR06-09-202215-09-2022
Quasar: Compromising Electron AppsTaggart (@mttaggart)MicrosoftLocal Privilege Escalation06-09-202215-09-2022
How to turn security research into profit: a CL.0 case studyJames Kettle (@albinowax)HTTP request smuggling08-09-202215-09-2022
Exploiting Out-of-Band XXE in the WildMahmoud Youssef (@0xmahmoudjo0)XXE06-09-202215-09-2022
WordPress Core – Unauthenticated Blind SSRFSimon Scannell (@scannell_simon)WordPressSSRF06-09-202215-09-2022
Turning cookie based XSS into account takeoverBartłomiej Bergier (@_bergee_)TerrahostXSS50006-09-202215-09-2022
CVE-2022-35405 Manage engines RCE (Password Manager Pro, PAM360 and Access Manager Plus)Vinicius Pereira (@big0x75)ZohoRCE08-09-202215-09-2022
Bug Bounty { How I found an SSRF ( Reconnaissance ) }S Rahul (@7srambo)SSRF06-09-202215-09-2022
CVE-2022-34715: More Microsoft Windows NFS V4 Remote Code ExecutionQuintin CristMicrosoftRCE06-09-202215-09-2022
How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin – a Red Teaming Talesmaury (@smaury92)Zoho (ManageEngine)Cryptographic issues05-09-202221-10-2022
IDOR “Insecure direct object references”, my first P1 in Bugbountyjedus0rIDOR05-09-202215-09-2022
A Bug That Was 23 Years Old Or NotDaniel Stenberg (@bagder)Internet Bug Bounty (curl)DoS05-09-202215-09-2022
Hacking My Helium Crypto MinerMd. Asif Hossain (@0x0asif)PycomHardcoded credentials05-09-202215-09-2022
SSD Advisory – Linux CONFIG_WATCH_QUEUE LPEUbuntuMemory corruption05-09-202215-09-2022
Simple IBM I (AS/400) HackingpzLocal Privilege Escalation05-09-202229-09-2022
Your Amiibo’s HauntedVVX7 (@VV_X_7)Flipper ZeroMemory corruption05-09-202221-11-2022
How I found my first SSRF to RCE!Md. Asif Hossain (@0x0asif)IDOR3,20004-09-202215-09-2022
Discovery of CVE-2022-35406Mr. Vrushabh (@doshi_vrushabh)PortSwiggerLogic flaw15003-09-202215-09-2022
Caching the Un-cacheables – Abusing URL Parser Confusions (Web Cache Poisoning Technique)Harel (@h4r3l)GlassdoorWeb cache poisoning1,70002-09-202215-09-2022
Viewing Instagram live streams anonymously without notifying the hostDavid Schütz (@xdavidhu)Meta / FacebookIDOR02-09-202215-09-2022
The Database Handover | A Dumb Mistake | Critical BUGSaransh Saraf (@mr23r0)Information disclosure1,00002-09-202215-09-2022
How can i get SQL InjectionMohamed AbdelhadySQL injection02-09-202226-09-2022
Google & Apache Found Vulnerable to GitHub Environment InjectionNoam DotanGooglePrivilege escalation01-09-202215-09-2022
AngularJS Client-Side Template Injection: The orderBy Filter.JayCSTI01-09-202215-09-2022
Azure Synapse: Local Privilege Escalation Vulnerability in SparkTzah Pahima (@TzahPahima)MicrosoftRace condition01-09-202215-09-2022
Using Hackability to uncover a Chrome infoleakGareth Heyes (@garethheyes)GoogleSOP bypass2,00001-09-202215-09-2022
How did we Found Log4shell on AgorapulseSnap Sec (@snap_sec)AgorapulseLog4shell01-09-202215-09-2022
SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)Cedric Halbronn (@saidelike)UbuntuMemory corruption01-09-202215-09-2022
Abusing Microsoft Teams Direct RoutingMoritz Abrell (@moritz_abrell)AudioCodes Ltd.Spoofing01-09-202215-09-2022
How reading robots.txt file got me 4 XSS reports ?Ahmed Qaramany (@c0nqr0r)XSS31-08-202206-10-2022
Vulnerability in TikTok Android app could lead to one-click account hijackingMicrosoft 365 Defender Research TeamTikTokInsecure deeplink31-08-202215-09-2022
Saving more than 100,000 website from a Watering Hole attackmohamad mahmoudi (@Lotus_619)HubSpotWeb cache poisoning5,00031-08-202215-09-2022
HTMLI/XSS – Crafting a better PoCRiotSecurityTeam (@RiotSecTeam)XSS30-08-202215-09-2022
CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEMDavid Yesland (@daveysec)FortinetArbitrary file write30-08-202215-09-2022
mfa bypass in private program, the abdulsec wayabdulsec (@moodiAbdoul)MFA bypass60030-08-202215-09-2022
IDOR at Login function leads to leak user’s PII dataEslam Akl (@eslam3kll)IDOR30-08-202215-09-2022
My findings on Hack U.S ProgramCharansaiU.S. Dept Of DefenseMissing authentication50030-08-202215-09-2022
Found SQL Injection Vulnerability on Government Organization Website!mehedishakeel (@mehedishakeel)SQL injection30-08-202215-09-2022
CVE-2021-38297 – Analysis of a Go Web Assembly vulnerabilityUriya Yavnieli (@uriya_yavniely)Memory corruption30-08-202215-09-2022
Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrlEugene Lim (@spaceraccoonsec)AmazonAuthorization flaw30-08-202215-09-2022
Bypassing ModSecurity for RCEsSomdev Sangwan (s0md3v)ModSecurityWAF bypass29-08-202215-09-2022
Blind Exploits To Rule Watchguard FirewallsCharles Fol (@cfreal_)WatchGuardXPath injection29-08-202215-09-2022
Bypassing Amazon WAF to pop an alert()Manash (@manash036)WAF bypass29-08-202215-09-2022
How I bypassed Reflected XSS in well-known platformIori YagamiXSS29-08-202215-09-2022
Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaboratorSantosh Kumar Sha (@killmongar1996)De Nederlandsche BankOS command injection28-08-202215-09-2022
How I found reflected XSS on IDFC Bank with burp-suite IntruderSantosh Kumar Sha (@killmongar1996)IDFC BankReflected XSS28-08-202215-09-2022
Unsubscribe any user’s e-mail notifications via IDORSagar Sajeev (@Sagar__Sajeev)IDOR20028-08-202215-09-2022
CSRF Vulnerability In The NodeJS EcosystemAdrian Tiron (@adrian__t)Node.js third-party modules (csurf)CSRF28-08-202215-09-2022
The Million Dollar IDORMonish BasaniwalIDOR27-08-202215-09-2022
SSRF leads to access AWS metadata.Akash Patil (@skypatil98)SSRF5027-08-202215-09-2022
Improper Input Validation Leads To Email SpammingAkshay Ravi (@AKSHAYC09YC47)Email content injection27-08-202215-09-2022
My Hall of Fame at United Nations Success StoryJoshua Arulsamy (@Joshua_Arulsamy)United NationsXSS27-08-202215-09-2022
Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Laterxcellerator (@TheXcellerator)NintendoRCE27-08-202215-09-2022
Zimbra Open Bucket Data Leak – Responsible DisclosureRaffaele Forte (@raffaele_forte)ZimbraAWS misconfiguration26-08-202215-09-2022
Break the Logic: 5 Different Perspectives in Single Page (€1500)can1337 (@canmustdie)Client-side enforcement of server-side security1,50026-08-202215-09-2022
ASP.NET Boilerplate Multiple VulnerabilitiesSana Oshika (@bigshika)Volosoft (ASP.NET Boilerplate)Authentication flaw26-08-202215-09-2022
SSD Advisory – VhdmpiValidateVirtualDiskSurface LPESana Oshika (@bigshika)WindowsLocal Privilege Escalation26-08-202215-09-2022
Command Injection in the GitHub Pages Build PipelineJoren VranckenGitHubRCE4,00025-08-202215-09-2022
Chaining Telegram bugs to steal session-related files.Sayed Abdelhafiz (@dPhoeniixx)TelegramArbitrary file read25-08-202215-09-2022
SATisfying our way into remote code execution in the OPC UA industrial stackJFrog Security Research Team (@JFrogSecurity)Unified AutomationMemory corruption25-08-202215-09-2022
Crashing Industrial Control Systems at Pwn2Own Miami 2022JFrog Security Research Team (@JFrogSecurity)Unified AutomationDoS25-08-202215-09-2022
“GIFShell” — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFsBobby RauchMicrosoftPhishing24-08-202215-09-2022
2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications – Binary Golf Grand Prix 3Pierre Kim (@PierreKimSec)FreeBSD Security TeamDoS24-08-202215-09-2022
Break the Logic: Insecure Parameters (€300)can1337 (@canmustdie)Parameter manipulation30024-08-202215-09-2022
Oracle SBC: Multiple Security Vulnerabilities Leading to Unauthorized Access and Denial of ServiceHarold ZangOracleIDOR23-08-202215-09-2022
Securing Developer Tools: Argument Injection in Visual Studio CodeThomas Chauchefoin (@swapgs)MicrosoftArgument injection23-08-202215-09-2022
[CVE-2020-2733] JD Edwards EnterpriseOne Tools admin password not adequately protectedVahagn Vardanyan (@vah_13)OracleInformation disclosure23-08-202215-09-2022
But You Told Me You Were Safe: Attacking The Mozilla Firefox Renderer (Part 1)Hossein Lotfi (@hosselot)MozillaBrowser hacking1,00,00023-08-202215-09-2022
Break Me Out Of Sandbox In Old Pipe – CVE-2022-22715 Windows Dirty Pipek0shl (@KeyZ3r0)MicrosoftLocal Privilege Escalation23-08-202215-09-2022
Paracosme – CVE-2022-33318 – Remote Code Execution in ICONICS Genesis64Axel Souchet (@0vercl0k)ICONICSMemory corruption22-08-202215-09-2022
Patch bypass for [CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise ManagerArpine MaghakyanSAPHardcoded credentials22-08-202215-09-2022
Vulnerability in Linux containers – investigation and mitigationSteven Murdoch (@sjmurdoch)Moby ProjectLocal Privilege Escalation22-08-202215-09-2022
Useless path traversals in Zyxel admin interface (CVE-2022-2030)Maurizio Agazzini (@0x696e6f6465)ZyxelPath traversal22-08-202215-09-2022
SSRF & Google HOF(Hall of Fame)Aman Pareek (@aman_notsogreat)GoogleSSRF22-08-202215-09-2022
How a Port scan got me Nokia Hall of FameMani SashankNokiaMissing authentication22-08-202215-09-2022
Blockchain Network is Secured! But not the apps and their IntegrationsKeyur TalatiPayment tampering22-08-202215-09-2022
Blind command injectionBartłomiej Bergier (@_bergee_)RCE21-08-202215-09-2022
Failed Coding Assessment to Remote Code Execution – Part 1Akash Chhabra (@_hackingguy)HackerEarthRCE20-08-202215-09-2022
VPNs on iOS are a scamMichael Horowitz (@defensivecomput)ApplePrivacy issue20-08-202215-09-2022
Never underestimate the power of open redirect, a story of a full account takeoverIbrahim Auwal (@ibrahimatix0x01)Open redirect20-08-202215-09-2022
Account takeover worth $1000Faique (@imfaiqu3)Account takeover1,00019-08-202215-09-2022
Uncovering a ChromeOS remote memory corruption vulnerabilityMicrosoft 365 Defender Research TeamGoogleMemory corruption25,00019-08-202215-09-2022
Amazon Quickly Fixed A Vulnerability In Ring Android App That Could Expose Users’ Camera RecordingsDavid Sopas (@dsopas)AmazonXSS18-08-202215-09-2022
XSS by Javascript OverridingMonke (@pmofcats)XSS18-08-202215-09-2022
Outlook CVE-2022-35742insu (@hpy_insu)MicrosoftDoS18-08-202215-09-2022
Trust Me, I’m a Robot: Can We Trust RPA With Our Most Guarded Secrets?Nimrod Stoler (@n1mr0d5)Blue PrismRobotic Process Automation18-08-202215-09-2022
Fishbowl Disclosure: CVE-2022-29805Michael RandFishbowlInsecure deserialization18-08-202215-09-2022
Let’s Dance in the Cache – Destabilizing Hash Table on Microsoft IIS!Orange Tsai (@orange_8361)MicrosoftDoS30,00018-08-202215-09-2022
You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise ApplicationsEugene Lim (@spaceraccoonsec)VMwareXSS18-08-202215-09-2022
N/a to $750 bounty for a Blind XSS.Dirtycoder (@dirtycoder0124)Blind XSS75018-08-202215-09-2022
Critical Local File Read in Electron Desktop AppRenwa (@RenwaX23)AsanaLFI6,20017-08-202215-09-2022
RCE on Spip and Root-Me, v2!Laluka (@TheLaluka)SPIPRCE16-08-202215-09-2022
Monitoring Linux host metrics with the Node Exporter information disclosure $350Dhamotharan (@Dhamu_offi)SlackInformation disclosure35016-08-202215-09-2022
DOM XSS On A Gov Domain Bypassing WAFTobydavennDOM XSS16-08-202215-09-2022
CSRF leads to Account Takeover | SamsungR ando (@Rando02355205)SamsungCSRF16-08-202215-09-2022
2FA Bypass Do Re MiAshlyn Lau (@ashlyn_lau)MFA bypass16-08-202215-09-2022
Multiple Denial of Service (DoS) Vulnerabilities in GoProxy, Smokescreen librariesLorenzo Stella (@lorenzostella)StripeDoS16-08-202215-09-2022
FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount BugChris (@accessvector)FreeBSD Security TeamMemory corruption16-08-202215-09-2022
Open Redirect at NvidiaMohamed AbdelhadyNvidiaOpen redirect16-08-202226-09-2022
CVE-2022-30211: Windows L2TP VPN Memory Leak and Use after Free VulnerabilityAlex Nichols (@i4mchr00t)MicrosoftMemory corruption15-08-202215-09-2022
We discovered major vulnerabilities in Control Web Panel. Here’s how we found them.Immersive Labs (@immersivelabs)Centos Web Panel (CWP)Path traversal15-08-202215-09-2022
Salesforce bug hunting to Critical bugVuk IvanovicInformation disclosure15-08-202215-09-2022
Business Logic Vulnerability via IDORSagar Sajeev (@Sagar__Sajeev)IDOR2,00015-08-202215-09-2022
1day to 0day(CVE-2022-30024) on TP-Link TL-WR841NTrần Minh CườngTP-LinkMemory corruption15-08-202215-09-2022
Five-minute hunting for hidden XSSBartłomiej Bergier (@_bergee_)Reflected XSS15-08-202215-09-2022
The forgotten API and XSS filter bypassBartłomiej Bergier (@_bergee_)XSS14-08-202215-09-2022
URL filter bypass, RFI and XSSBartłomiej Bergier (@_bergee_)Stored XSS14-08-202215-09-2022
Hacking Zyxel IP cameras to gain a root shellEric UrbanZyxelMissing authentication14-08-202215-09-2022
How I got into the United Nations’ Hall of FameAmeya Andhare (@cryptoknight028)United NationsMissing authentication14-08-202215-09-2022
XSS via Angular Template InjectionBartłomiej Bergier (@_bergee_)CSTI13-08-202215-09-2022
Remote Code Execution on Element Desktop Application using Node Integration in Sub Frames Bypass – CVE-2022-23597s1r1us (@s1r1u5_)Matrix (Element)RCE13-08-202215-09-2022
Story of 5000$ bounty for Grafana Panel Access in Applehckerl00 (@lokeshg62498939)AppleMissing authentication5,00013-08-202215-09-2022
CVE-2022-30216 – Authentication coercion of the Windows “Server” serviceBen Barnea (@nachoskrnl)MicrosoftOff-by-one Error13-08-202215-09-2022
How I earned a $7000 bug bounty from Grab (RCE Unique Bugs)ANDRIGrabRCE7,00013-08-202215-09-2022
Escalating Open Redirect to XSSSagar Sajeev (@Sagar__Sajeev)Open redirect13-08-202215-09-2022
An Unusual Tale of Email Verification BypassSagar Sajeev (@Sagar__Sajeev)Email verification bypass13-08-202215-09-2022
Bypassing unexpected IDORBharatsinghIDOR13-08-202215-09-2022
UN United Nations Host Header Injection leads to any Full Account Takeover (ATO)Ahmed HassanUnited NationsHost header injection13-08-202215-09-2022
DOM Cross-Site Scripting Via postMessage in AnnounceKitLorenzo Stella (@lorenzostella)AnnouncekitDOM XSS12-08-202215-09-2022
Exploiting CVE-2022-24816: A Code Injection In The Jt-jiffle Extension Of GeoserverRemsio (@_remsio_)RCE12-08-202215-09-2022
How I found an XSS vulnerability via using emojisPatrik FabianSwisscomXSS12-08-202215-09-2022
Researching Xiaomi’s TEE to get to Chinese moneySlava MakkaveevXiaomiPayment bypass12-08-202215-09-2022
Process injection: breaking all macOS security layers with a single vulnerabilityThijs Alkemade (@xnyhps)AppleLocal Privilege Escalation12-08-202215-09-2022
File Upload Bypass to RCE == $$$$Sagar Sajeev (@Sagar__Sajeev)Unrestricted file upload12-08-202215-09-2022
Amazon Cognito misconfiguration lead to account takeoverHossam Ahmed (@iknowhatodo0x01)Account takeover12-08-202215-09-2022
FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion AnomaliesBahruz Jabiyev (@BahruzJabiyev)HTTP Request Smuggling11-08-202215-09-2022
IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click ExploitSteven Seeley (@steventseeley)VMwareAuthentication bypass11-08-202215-09-2022
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendorsShir Tamari (@shirtamari)GooglePrivilege escalation11-08-202215-09-2022
Attacking Titan M with Only One ByteDamiano Melotti (@DamianoMelotti)GoogleMemory corruption75,00011-08-202215-09-2022
My Experience on Hacking the Dutch GovernmentJefferson Gonzales (@gonzxph)Dutch GovernmentXSS11-08-202215-09-2022
Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services SoftwareJake Baines (@Junior_Baines)CiscoRCE11-08-202215-09-2022
Identity Confusion in WebView-based Mobile App-in-app EcosystemsLei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang & Min YangAlipayAndroid2,50011-08-202202-10-2022
Mining Node.js Vulnerabilities via Object Dependence Graph and QuerySong LiRCE10-08-202215-09-2022
Web Cache Deception Escalates!Seyed Ali MirheidariWeb cache deception10-08-202215-09-2022
Advanced Inter-Process Desynchronization in SAP’s HTTP ServerMartin Doyhenard (@tincho_508)SAPMemory corruption10-08-202215-09-2022
Browser-Powered Desync Attacks: A New Frontier in HTTP Request SmugglingJames Kettle (@albinowax)AWSHTTP Request Smuggling10-08-202215-09-2022
Email Confirmation bypass at InstagramAvinash Kumar (@itsavinash_)Meta / FacebookEmail verification bypass3,00010-08-202215-09-2022
How I earned a $6000 bug bounty from CloudflareANDRICloudflarePath traversal6,00010-08-202215-09-2022
Google Cloud Shell – Command InjectionBugra Eskici (@bugraeskici)GoogleOS command injection10-08-202215-09-2022
403 Forbidden Bypass Leading to Admin Endpoint Access.Christian Dray (@G0ds0nXY)403 bypass1,80010-08-202215-09-2022
Defeat the HttpOnly flag to achieve Account Takeover | RXSSMohamed Tarek (@timooon107)Reflected XSS10-08-202215-09-2022
iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browserFelix Krause (@KrauseFx)Meta / FacebookPrivacy issue10-08-202215-09-2022
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)Xingyu JinLinux Kernel OrganizationMemory corruption10-08-202215-09-2022
Security Implications of URL Parsing DifferentialsSecurity Implications of URL Parsing DifferentialsThomas Chauchefoin (@swapgs)Open redirect09-08-202215-09-2022
Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection VulnerabilityQuentin Kaiser (@QKaiser)CiscoOS command injection09-08-202215-09-2022
From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations ManagerSteven Seeley (@steventseeley)VMwareAuthentication bypass09-08-202215-09-2022
Dancing on the architecture of VMware Workspace ONE Access (ENG)Petrus Viet (@VietPetrus)VMwareAuthentication bypass09-08-202215-09-2022
Bypassed Cloudflare’s Web Application Firewall (WAF)Ansh Vaid (@anshvaid4)XSS09-08-202215-09-2022
Simple Open Redirect Bypass.Harshad Gaikwad (@h4rsh4d)Open redirect09-08-202215-09-2022
From Shodan to RCE: That one time I hacked a Fortune 500 company.vimanari_ (@vimanari_)Missing authentication08-08-202215-09-2022
Stored XSS in app.gitbook.comMohammad Alfin Hidayatullah (@Alpinbrainsec)GitBookStored XSS08-08-202215-09-2022
SSD Advisory – Apple Safari ICU Out-Of-Bounds WriteDohyun Lee (@l33d0hyun)AppleMemory corruption07-08-202215-09-2022
2FA Bypass via Google Identity & OAuth LoginSharat Kaikolamthuruthil (@sharp488)MFA bypass07-08-202215-09-2022
Liferay revisited: A tale of 20k$VNG Security Response Center (@vngsecresponse)RCE20,00006-08-202215-09-2022
Irremovable guest in facebook event — Facebook bug bountyRajiv Gyawali (@rajiv_gyawali)Meta / FacebookLogic flaw06-08-202215-09-2022
CVE-2022-29582 – An io_uring vulnerabilityJayden (@Awarau1)GoogleMemory corruption06-08-202215-09-2022
How i was able to get 29 free products. | Bug BountyFıratRace condition06-08-202215-09-2022
Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMINir Ohfeld (@nirohfeld)MicrosoftLocal Privilege Escalation05-08-202215-09-2022
CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPESpencer McIntyre (@zeroSteiner)VMwareLocal Privilege Escalation05-08-202215-09-2022
Symlinks as mount portals: Abusing container mount points on MikroTik’s RouterOS to gain code executionnnsMikroTikContainer escape05-08-202215-09-2022
QNAP Poisoned XML Command Injection (Silently Patched)Jake Baines (@Junior_Baines)QNAPOS command injection04-08-202215-09-2022
Came looking for SSRF and found XSSIbrahim Radi (@ibraradi9)XSS04-08-202215-09-2022
Hijacking email with Cloudflare Email RoutingAlbert Pedersen (@AlbertSPedersen)HTTP response manipulation03-08-202215-09-2022
Elasticsearch A Easy Win For Bug Bounty Hunters || How To Find and ReportTamim Hasan (@tamimhasan404)Information disclosure03-08-202215-09-2022
XSS in Gmail’s Amp4EmailAdi “Adico” Cohen (@wir3less2)GoogleXSS5,00002-08-202215-09-2022
(ZOHO) Manage Engine Desktop Central – SQL Injection / Arbitrary File WriteTom Ellson (@tde_sec)ZohoSQL injection02-08-202215-09-2022
Multiple bugs in one program leads to 1500€can1337 (@canmustdie)Privilege escalation1,50002-08-202215-09-2022
How I earned 500$ by uploading a file: write-up of one of my first bug bountyRiccardo Malatesta (@seeu_inspace)SemrushUnrestricted file upload50002-08-202215-09-2022
Instagram photo was present in data backup nearly after two years being deleted.Jeewan Bhatta (@thenullkid)Meta / FacebookPrivacy issue55002-08-202215-09-2022
Stored XSS to Account Takeover : Going beyond document.cookie | Stealing Session Data from IndexedDBSyed Mushfik Hasan Tahsin (@SMHTahsin33)Stored XSS02-08-202215-09-2022
How I earned $10,000 within the last 7 months — a 17y/o EditionGowtham Naidu Ponnana (@gowtham_ponnana)Authorization flaw10,00001-08-202215-09-2022
Analysis of Adobe Acrobat Reader Javascript Doc.print() Use-After-Free Vulnerability (CVE-2022-34233)ThreatLabz (@Threatlabz)AdobeMemory corruption01-08-202215-09-2022
How I get Full Account Takeover via stealing action’s login form | XSSMohamed Tarek (@timooon107)XSS01-08-202215-09-2022
How I Earned €150 in 2 Minutes | HTML injection in emailThillai RajHTML injection15030-07-202215-09-2022
My Second CVE (CVE-2022-31855)y0ung_dst (@Y0ung_MA)RStudioOS command injection30-07-202215-09-2022
Zero-day XSSth3.d1p4k (@DipakPanchal05)IRCTCHTML injection30-07-202215-09-2022
Discord Desktop – Remote Code Executions1r1us (@s1r1u5_)DiscordRCE5,00029-07-202215-09-2022
Business logic vulnerabilitiesSagar Sajeev (@Sagar__Sajeev)Logic flaw40029-07-202215-09-2022
Arris / Arris-variant DSL/Fiber router critical vulnerability exposureDerek Abdine (@dabdine)ARRISPath traversal29-07-202215-09-2022
Reading Message from Microsoft’s Private Yammer GroupMearegMicrosoftAuthorization flaw28-07-202215-09-2022
“ParseThru” – Exploiting HTTP Parameter Smuggling in GolangDaniel Abeles (@Daniel_Abeles)HarborHTTP Parameter Smuggling28-07-202215-09-2022
Researching Open Source apps for XSS to RCE flawsAleksey SolovevXSS28-07-202215-09-2022
Vulnerability in Dahua’s ONVIF Implementation Threatens IP Camera SecurityNozomi Networks Labs (@nozominetworks)DahuaMiTM28-07-202215-09-2022
Corrupting memory without memory corruptionMan Yue Mo (@mmolgtm)GoogleMemory corruption27-07-202215-09-2022
SSD Advisory – Apple Safari IDN URL SpoofingDohyun Lee (@l33d0hyun)AppleURL spoofing27-07-202215-09-2022
Reflected Cross Site Scripting on User Agent-Dependent ResponseAli Hassan Ghori (@alihasanghauri)proto.ioReflected XSS10027-07-202215-09-2022
Exploiting GitHub Actions on open source projectsRojan Rijal (@uraniumhacker)ElasticRCE26-07-202215-09-2022
Google XSSNDevTK (@ndevtk)GoogleXSS8,133.7026-07-202215-09-2022
HTTP Parameter Pollution – It’s Contaminated AgainJerry Shah (@Jerry)HTTP parameter pollution5026-07-202215-09-2022
CVE-2022-31813: Forwarding Addresses Is HardGaetan Ferry (@_mabote_)Internet Bug Bounty (Apache HTTPD)Host header injection26-07-202215-09-2022
Disclosing information with a side-channel in DjangoDennis Brinkrolf (@DBrinkrolf)DjangoSide channel attack26-07-202215-09-2022
Hunting For Mass Assignment Vulnerabilities Using GitHub CodeSearch and grep.appLaurence TennantfreeCodeCampMass assignment26-07-202215-09-2022
Advisory | Roxy-WI Unauthenticated Remote Code Executions CVE-2022-31137Nuri Çilengir (@ncilengir)Roxy-WIRCE26-07-202215-09-2022
Publicly Accessible Android Crash Reports Containing Sensitive InformationAli Hassan Ghori (@alihasanghauri)proto.ioIDOR10026-07-202215-09-2022
CVE-2022-26712: The POC for SIP-Bypass Is Even TweetableMickey Jin (@patch1t)AppleMacOS26-07-202215-09-2022
CVE-2022–36446 — Webmin 1.996 — Remote Code Execution (RCE — Authenticated) During Install New PackagesEmir Polat (@devilsgrins)WebminRCE26-07-202215-09-2022
Digging JS files to find BUGsAdnan Malik (@adnanmalikinfo)IDOR2,11425-07-202215-09-2022
Outdated PHP Version leads to RCEiamdevansharya (@iamdevansharya)RCE25-07-202215-09-2022
DoS worth $650 ? Interesting right!Sagar Sajeev (@Sagar__Sajeev)DoS65025-07-202215-09-2022
Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP) for a bounty of $4,913Sayaan Alam (@ehsayaan)DropboxEmail spoofing4,91325-07-202215-09-2022
With Management Comes Risk: Finding Flaws in FileWave MDMClaroty’s Team82 (@Claroty)FilewaveAuthentication bypass25-07-202215-09-2022
Deep understand ASPX file handling and some related attack vectorsRskvp93 (@rskvp93)MicrosoftLocal Privilege Escalation25-07-202215-09-2022
Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)Daniel Romero (@daniel_rome)NukiMemory corruption25-07-202215-09-2022
How I Gained Access To A Finance Company’s Accounts (Session Hijacking)Talha KarakumruSession fixation25-07-202215-09-2022
A Developer’s Nightmare: Story of a simple IDOR and some poor fixes worth $1125Marcos IAF (@marcos_iaf)IDOR1,12524-07-202215-09-2022
How I made 300 GitHub repos point to my blog using Azure subdomains takeover0xPwN (@msd0s7)Subdomain takeover23-07-202215-09-2022
$$$ bounty in less 3 minutes from a google dorkSteiner254 (@steiner254)Information disclosure23-07-202215-09-2022
Un3xpected DoS Attack on Profile Pictur3Roxst4r (@mveswar98)DoS10023-07-202215-09-2022
SecStory: How I Found Multiple P1 Vulnerabilities without Reconrvdt (@rival_rvdt)Authentication flaw23-07-202215-09-2022
WordPress Transposh: Exploiting a Blind SQL Injection via XSS – RCE SecurityJulien Ahrens (@MrTuxracer)WordPressSQL injection30,00022-07-202215-09-2022
Permanent Crash Instagram Followers.Naveen (@NaveenHax)Meta / FacebookDoS1,00022-07-202215-09-2022
How I was able to Take over a support chat using leaked KeysPliskinInformation disclosure1,00022-07-202215-09-2022
Pwn2Own Miami 2022: Inductive Automation Remote Code ExecutionSector 7 (@sector7_nl)Inductive Automation IgnitionRCE22-07-202215-09-2022
I mean, IDOR is NOT only about others IDcan1337 (@canmustdie)IDOR22-07-202215-09-2022
How I Test For Web Cache Vulnerabilities + Tips And TricksKevin (@bxmbn)Web cache poisoning3,50021-07-202215-09-2022
Gitlab Project Import RCE Analysis (CVE-2022-2185)Nguyễn Tiến Giang (@testanull)GitLabRCE21-07-202215-09-2022
Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication ServiceKat Traxler (@NightmareJS)AWSSecurity Logging and Monitoring Failure20-07-202215-09-2022
[CVE-2022-34918] A crack in the Linux firewallArthur MongodinLinux Kernel OrganizationMemory corruption20-07-202215-09-2022
React debug.keystore key was trusted by Meta(Facebook) which caused to Instagram account takeover by malicious apps.Dzmitry Lukyanenka (@vulnano)Meta / FacebookAccount takeover12,00019-07-202215-09-2022
Riding The Inforail To Exploit Ivanti AvalanchePiotr Bazydło (@chudyPB)IvantiRCE19-07-202215-09-2022
Write-up: BlogEngine .NET – 0day DiscoveryJake McCallum (@0xLanks)BlogEngine .NETPath traversal19-07-202215-09-2022
Local File Inclusion (interesting method)Captain hookLFI19-07-202215-09-2022
CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege EscalationJake Baines (@Junior_Baines)ZyxelLocal Privilege Escalation19-07-202215-09-2022
SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCEAlex Birnberg (@alexbirnberg)MicrosoftInsecure deserialization19-07-202215-09-2022
Logging Passwords in Plaintext in Azure ArcJimi Sebree (@DinoBytes)MicrosoftInformation disclosure19-07-202215-09-2022
How i was able to bypass Open Redirect 3 times on same program.himanshu pdy (@himanshu_pdy)Open redirect30019-07-202215-09-2022
Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check BypassSector 7 (@sector7_nl)OPC FoundationLocal Privilege Escalation40,00019-07-202215-09-2022
Authomize Discovers PassBleed Password Stealing and Impersonation Risks in OktaAuthomize (@Authomize)OktaSensitive data sent over an unencrypted channel19-07-202215-09-2022
MyBB 0day Authenticated Remote code executionAnna / 416e6e61 (@AnnaViolet20)MyBBRCE19-07-202215-09-2022
Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business PagesSamip Aryal (@samiparyal_)Meta / FacebookPayment bypass25018-07-202215-09-2022
Hey Google Lets submit bug from Victim Account !Prasanth ElangovanGoogleIDOR18-07-202215-09-2022
Good things takes time | Story of my first “valid” critical bug!Kr1shna 4garwal (@Kr1shna4garwal)Missing authentication18-07-202215-09-2022
CVE-2022–35909 / CVE-2022–35910, Incorrect Access Control and XSS Stored to JellyfinDan BarrosjellyfinBroken Access Control18-07-202215-09-2022
FFUF-ing RECON, or how to get to P1–P3 from a slightly different reconVuk IvanovicvHost misconfiguration17-07-202215-09-2022
A Story Of My First Bug BountyRaj Qureshi (@RajQureshi9)Information disclosure17-07-202215-09-2022
Going beyond Alert with XSSpipshXSS16-07-202215-09-2022
CRLF to Account takeover (chaining bugs)MoSec (@moe1n1)CRLF injection16-07-202215-09-2022
Subdomain takeover and Text injection on a 404 error page-$100 bountyJeewan Bhatta (@thenullkid)Subdomain takeover10016-07-202215-09-2022
Business logic erroranjaneyulu kanakatlaLogic flaw16-07-202215-09-2022
First Bug Bounty from DOS: Taking the service downFaique (@imfaiqu3)DoS20016-07-202215-09-2022
Authorization token leak from verify email endpointVengeanceAccount takeover16-07-202215-09-2022
Ability to login as google staff in Google Cloud CommunityGaurav BhatiaGooglePrivilege escalation10015-07-202215-09-2022
Good Recon Leads To Senssitive AccountsMilanjainInformation disclosure15-07-202215-09-2022
Exploiting Arbitrary Object Instantiations in PHP without Custom ClassesMuhammad Talha / evilmangoLack of rate limiting15-07-202215-09-2022
How I Got My First CVETobydavennU.S. Dept Of DefenseApplication-level DoS15-07-202215-09-2022
How I spammed a Google meet (But for good)Shaunak (SHA25)GoogleDoS15-07-202215-09-2022
Exploiting Arbitrary Object Instantiations in PHP without Custom ClassesArseniy Sharoglazov (@_mohemiv)RCE14-07-202215-09-2022
Tableau Server Leaks Sensitive Information From Reflected XSSSimon Bouchard (@SimTwisted)SalesforceReflected XSS14-07-202215-09-2022
Abusing URL Shortners for fun and profitSicksec (@OriginalSicksec)Information disclosure3,00014-07-202215-09-2022
CVE-2022-30136: Microsoft Windows Network File System V4 Remote Code Execution VulnerabilityYuki Chen (@guhe120)MicrosoftRCE14-07-202215-09-2022
From Open Redirect to Reflected XSS manuallyRodricOpen redirect14-07-202215-09-2022
Microsoft Teams — Cross Site Scripting (XSS) Bypass CSPNuman Turle (@numanturle)MicrosoftXSS6,00013-07-202215-09-2022
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706Microsoft 365 Defender Research TeamAppleLocal Privilege Escalation13-07-202215-09-2022
Hacking on a Private Program (Salseforce crm)Maruf Hosan (@thinkermaruff)RCE30013-07-202215-09-2022
CVE-2022-29885 – Don’t Open That Port – A Denial Of Service vulnerability on Apache Tomcat Cluster Service Listenervoid (@voidz0r)Internet Bug BountyDoS13-07-202215-09-2022
Netwrix Auditor AdvisoryJordan ParkinNetwrixInsecure deserialization13-07-202215-09-2022
Leveraging the SQL Injection to Execute the XSS by Evading CSPNirmal Dahal (@TheNittam)CSP bypass12-07-202215-09-2022
CVE-2022-32223 Discovery: DLL Hijacking via npm CLIYakir KadkodaNode.jsDLL Hijacking12-07-202215-09-2022
Microsoft Azure Site Recovery DLL HijackingJimi Sebree (@DinoBytes)MicrosoftDLL Hijacking10,00012-07-202215-09-2022
Write Up 1: Hellosign Integration [Full Read SSRF]Soufiane Habti (@wld_basha)SSRF2,00012-07-202215-09-2022
How a Simple IDOR Led Me to Delete Any Accountrajesh.r (@_rajesh_ranjan_)IDOR12-07-202215-09-2022
Remote Code Execution via Prototype Pollution in Blitz.jsPaul GersteBlitz.jsPrototype pollution12-07-202215-09-2022
How we have pwned Root-Me in 2022SpawnZii (@SpawnZii)SPIPXSS12-07-202215-09-2022
Bug Bounty Collaboration and Manual Exploitation of an Interesting Boolean SQL InjectionTavi (@0xtavi)SQL injection1,00011-07-202215-09-2022
Exploiting Authentication in AWS IAM Authenticator for KubernetesGafnit Amiga (@gafnitav)AWSAuthentication flaw11-07-202215-09-2022
How I earned 200$ in Bug Bounty ProgramIdan MalihiInformation disclosure20009-07-202215-09-2022
Exploiting SQL Injection at Authorization tokenBasudevSQL injection09-07-202215-09-2022
An interesting idor that allowed me to See all projects ($$$$ Bounty)Abdelkader Mouaz (@hamzadzworm)IDOR09-07-202215-09-2022
Flash XSS in ajax.googleapis.comR ando (@Rando02355205)GoogleXSS08-07-202215-09-2022
Advisory | GLPI Service Management Software Multiple Vulnerabilities and Remote Code ExecutionNuri Çilengir (@ncilengir)GLPISQL injection08-07-202215-09-2022
stored XSS and stored HTML Injection in United Nations WebsiteAhmed HassanUnited NationsXSS08-07-202215-09-2022
Account Takeover via Response ManipulationBUG HUNTERAuthentication bypass2,50008-07-202215-09-2022
PII Disclosure of Apple Users ($10k)Ahmad Halabi (@Ahmad_Halabi_)AppleIDOR10,00007-07-202215-09-2022
A Case Study of API Vulnerabilities – Part 2, and Empty HeadsMonke (@pmofcats)SSRF07-07-202215-09-2022
How I find open redirect in FacebookAbhinav Kumar (@abhinavsecond)Brave SoftwareOpen redirect50007-07-202215-09-2022
Interesting Privilege Escalation In an Old Private ProgramZunaid Mahmud (@SZ_Mahmud_7)Privilege escalation90007-07-202215-09-2022
Account hijacking using “dirty dancing” in sign-in OAuth-flowsFrans Rosén (@fransrosen)OAuth07-07-202215-09-2022
CVE-2022-34265Takuto Yoshikai (@TakutoYoshikai)DjangoSQL injection07-07-202215-09-2022
How I found Open redirect on Bug crowd public program in 2 dayIttipatjitrada (@IttipatJitrada)Open redirect06-07-202215-09-2022
Exposing Millions of Voter ID card users’ details.Aziz Al Aman (@nxtexploit)CERT-InIDOR06-07-202215-09-2022
Rediscovering Epic Games 0-Days (Forever Unpatched?)Christopher Vella (@Kharosx0)Epic GamesLocal Privilege Escalation06-07-202215-09-2022
We Hacked Larksuite For 1 month and Here is what we foundSnap Sec (@snap_sec)Lark TechnologiesXSS04-07-202215-09-2022
Penetration Testing Firebase Web ApplicationsBhashit Pandya (@x30r_)Firebase03-07-202209-12-2022
($$$) Origin ip to account takeoverHemant KumarWAF bypass02-07-202209-12-2022
Vertical Privilege Escalation: The user can takeover an admin account via response manipulationJan Muhammad Zaidi (@hasanakajan)Privilege escalation02-07-202209-12-2022
A swag for a Open Redirect — Google Dork — Bug BountyProviesec (@proviesec)Open redirect02-07-202215-09-2022
Admin account takeover via weird Password Reset FunctionalityMahmoud Youssef (@0xmahmoudjo0)Account takeover02-07-202215-09-2022
Get root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763)Zhuowei Zhang (@zhuowei)AppleSignature validation bypass02-07-202210-10-2022
Two faces of a same PDF documentToni HuttunenMozillaPDF parser differential attack01-07-202215-09-2022
Facebook Portal’s business logic error lead to 500$unurbayar amarsaikhan (@0xunuruu)Meta / FacebookLogic flaw50030-06-202215-09-2022
Visual Studio Code – Remote Code Execution in Restricted Mode (CVE-2021-43908)s1r1us (@s1r1u5_)MicrosoftRCE3,00029-06-202215-09-2022
Bypassing Firefox’s HTML Sanitizer APIGareth Heyes (@garethheyes)MozillaXSS29-06-202215-09-2022
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit PlusNaveen SunkavallyZohoXXE29-06-202215-09-2022
XSS Blind Stored at 2 Assets TikTokAidil AriefTikTokXSS1,00029-06-202215-09-2022
My First Apple Bug And My First WriteupBanavath Aravind (@nanicyb)AppleIDOR29-06-202215-09-2022
[BugBounty] how do I get a premium tier account without paying a pennyMarzuki (@aizack_ma)Mass assignment29-06-202215-09-2022
The Army Of The Headless BrowsersKomodo Cyber Consulting (@Komodosec)Meta / FacebookDDoS29-06-202215-09-2022
Pwning ManageEngine — From PoC to Exploit: A deep dive into CVE-2020–11531 and CVE-2020–11532Erik Wynter (@WynterErik)ZohoPath traversal28-06-202217-10-2022
Unrar Path Traversal Vulnerability affects Zimbra MailSonar (@SonarSource)ZimbraPath traversal28-06-202215-09-2022
Bypassing .NET Serialization BindersMarkus Wulftange (@mwulftange)MicrosoftInsecure deserialization28-06-202215-09-2022
FabricScape: Escaping Service Fabric and Taking Over the ClusterUnit 42 (@Unit42_Intel)MicrosoftContainer escape28-06-202215-09-2022
Access control worth $2000 (everyone missed this IDOR+Access control between two admins.)dhakal_bibek (@dhakal__bibek)IDOR2,00028-06-202215-09-2022
CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)Hans-Martin Münch (@h0ng10)Rapid7Client File Read28-06-202215-09-2022
CVE-2022-30522 – Denial of Service (DoS) Vulnerability in Apache httpd “mod_sed” filterJFrog Security Research Team (@JFrogSecurity)Internet Bug BountyDoS28-06-202215-09-2022
HTML and Hyperlink Injection via Share Option In Microsoft Onenote ApplicationDivyanshu Shukla (@justm0rph3u5)MicrosoftHTML injection28-06-202215-09-2022
CVE-2022-32208: FTP-KRB bad message verificationHarry SintonenInternet Bug Bounty (curl)MiTM48027-06-202215-09-2022
CVE-2022-32207: Unpreserved file permissionsHarry SintonenInternet Bug Bounty (curl)Improper Preservation of Permissions2,40027-06-202215-09-2022
CVE-2022-32206: HTTP compression denial of serviceHarry SintonenInternet Bug Bounty (curl)DoS2,40027-06-202215-09-2022
CVE-2022-32205: Set-Cookie denial of serviceHarry SintonenInternet Bug Bounty (curl)DoS48027-06-202215-09-2022
Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)Shubham Shah (@infosec_au)AtlassianSSRF26-06-202215-09-2022
Hyperlink Injection On IRC CloudAswin K V (@deep_marketer_)IRCCloudHyperlink injection26-06-202215-09-2022
Bug: Cisco IOS SNMPv3 ACL IssuesGerry Gosselin (@ggPixelHealth)CiscoInformation disclosure26-06-202215-09-2022
mysqlnd/pdo password buffer overflow leading to RCE (CVE 2022-31626)Charles Fol (@cfreal_)PHPBuffer Overflow25-06-202215-09-2022
Moderation Filter Bypass in support.mozilla.orgtomorrowisnew (@tomorrowisnew_)MozillaLogic flaw25-06-202215-09-2022
An Out Of Scope domain Leads To a Critical Bug[$1500]Shakti Mohanty (@3ncryptSaan)Authorization flaw1,50024-06-202215-09-2022
Miracle – One Vulnerability To Rule Them AllNguyễn Tiến Giang (@testanull)OracleInsecure deserialization23-06-202215-09-2022
Pwn2Own 2021 Microsoft Exchange Exploit ChainRskvp93 (@rskvp93)MicrosoftSSRF23-06-202215-09-2022
CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)Jake Baines (@Junior_Baines)WatchGuardArgument injection23-06-202215-09-2022
Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006)Joshua NearchosGoogleAuthentication bypass23-06-202215-09-2022
Filesatck Upload Advisory SummaryCarlos YanezFilestackXSS23-06-202215-09-2022
Exploiting Bitdefender Antivirus: RCE from any websiteWladimir Palant (@WPalant)BitdefenderRCE22-06-202209-12-2022
We were vulnerable – how a security company could have vulnsSoman VermaVolkisBroken Access Control22-06-202215-09-2022
$1500 Of Broken Access ControlsTobydavennBroken Access Control1,50022-06-202215-09-2022
Exploiting vulnerabilities in iOS ApplicationRaj Singh Chauhan (@raj_singh_ch)IDOR22-06-202215-09-2022
Widespread prototype pollution gadgetsGareth Heyes (@garethheyes)Prototype pollution21-06-202215-09-2022
XSS Vulnerability in IBM Content Navigator (CVE-2020-4757)Olivier Laflamme (@olivier_boschko)IBMXSS21-06-202215-09-2022
Hacking into the worldwide Jacuzzi SmartTub networkEaton Z. (@XeEaton)Jacuzzi GroupSPA20-06-202216-02-2023
Response Manipulation in the Admin panel lead to PII leakageMahmoud Hamed (@7odamo_)UPS VDPAccount takeover20-06-202215-09-2022
Every XSS is differentLeonardoXSS20-06-202215-09-2022
Account Takeover by OTP bypassVaibhav Kumar SrivastavaInformation disclosure19-06-202215-09-2022
Personal Access Token Disclosure in Asana Desktop ApplicationLauritz Holtmann (@_lauritz_)AsanaInformation disclosure6,10018-06-202215-09-2022
How I hacked one of the biggest Airline in the worldDali Jandro (@Sazouki_)IDOR18-06-202215-09-2022
Hacking a NFT PlatformMuhammad AbdullahSSRF17-06-202215-09-2022
How I was able to see likes and dislikes count which is hidden by victim | YouTube #2Jay Jani (@JayJani007)GoogleLogic flaw17-06-202215-09-2022
That Pipe is Still Leaking: Revisiting the RDP Named Pipe VulnerabilityGabriel Sztejnworcel (@sztejnworcel)MicrosoftRCE16-06-202215-09-2022
CSRF leads to account takeover in Yahoo!Retr02332 (@Retr02332)Yahoo! / Verizon MediaCSRF3,00016-06-202215-09-2022
Chaining MFA-Enabled IAM Users with IAM Roles for Potential Privilege Escalation in AWSJason KaoAWSPrivilege escalation16-06-202215-09-2022
The Android kernel mitigations obstacle raceMan Yue Mo (@mmolgtm)QualcommMemory corruption16-06-202215-09-2022
XSS Blind Stored at Asset Domain Android Apps TikTokAidil AriefTikTokStored XSS1,50016-06-202215-09-2022
Proofpoint Discovers Potentially Dangerous Microsoft Office 365 Functionality that can Ransom Files Stored on SharePoint and OneDriveProofpoint (@proofpoint)MicrosoftLogic flaw16-06-202215-09-2022
CVE-2022-23088: Exploiting A Heap Overflow In The Freebsd Wi-fi Stackm00nbsd (@m00nbsd)FreeBSD Security TeamMemory corruption16-06-202215-09-2022
Amazon Linux “log4j hotpatch” <1.3-5 local privilege escalation to root (race condition)Justin Steven (@justinsteven)AmazonLocal Privilege Escalation15-06-202215-09-2022
Breaking Secure Boot on Google Nest Hub (2nd Gen) to run UbuntuFrédéric Basse (@FredoBasse)GoogleHardware hacking15-06-202215-09-2022
Privilege Escalation in AKS ClustersAnneke BreustMicrosoftPrivilege escalation15-06-202215-09-2022
[BugTales] UnZiploc: From 0-click To Platform CompromiseDaniel Komaromy (@kutyacica)HuaweiMemory corruption14-06-202215-09-2022
Hertzbleed AttackYingchen Wang (@YingchenWang96)IntelSide-channel attack14-06-202215-09-2022
Automating reflected XSS with burp-suite IntruderSantosh Kumar Sha (@killmongar1996)Reflected XSS75014-06-202215-09-2022
2FA Bypass via Basic Authentication on private bug bounty programSharat Kaikolamthuruthil (@sharp488)MFA bypass14-06-202215-09-2022
Zimbra Email – Stealing Clear-Text Credentials via Memcache injectionSonar (@SonarSource)ZimbraMemcache injection14-06-202215-09-2022
403 bypass on a fortune 100 financial institution (P3)DamaidecInformation disclosure14-06-202215-09-2022
Cryptographic Side-Channels (Timing Leaks) in JSBNSoatok (@SoatokDhole)Xfinity OpensourceCryptographic issues14-06-202215-09-2022
SynLapse – Technical Details for Critical Azure Synapse VulnerabilityTzah Pahima (@TzahPahima)MicrosoftCross-tenant vulnerability60,00014-06-202215-09-2022
Bypassing CSP with dangling iframesGareth Heyes (@garethheyes)GoogleCSP bypass14-06-202215-09-2022
500$ Account TakeoverHemant KumarXsollaAccount takeover50014-06-202215-09-2022
How I was able to see likes and dislikes count which is hidden by victim | YouTube #1Jay Jani (@JayJani007)GoogleLogic flaw14-06-202215-09-2022
Microsoft Azure Synapse PwnalyticsJimi Sebree (@DinoBytes)MicrosoftPrivilege escalation13-06-202215-09-2022
Yet another bug into NetfilterArthur MongodinLinux Kernel OrganizationMemory corruption13-06-202215-09-2022
Finding vulnerabilities in curl 7.83.0 without reading a single-line of C codeHaxatron (@Haxatron1)Internet Bug Bounty (curl)SSRF12-06-202215-09-2022
Hacking 6.5+ million websites => CVE-2022-29455 (Elementor)Rotem Bar (@rotembar)XSS12-06-202215-09-2022
How I found a Critical Bug in Instagram and Got 49500$ Bounty From FacebookNeeraj Sharma (@root_n33r4j)Meta / FacebookIDOR49,50012-06-202215-09-2022
Same bug different platformPrajwol Dhungana (@PrajwolDhunga14)Meta / FacebookLogic flaw11-06-202215-09-2022
From blind SSRF to localhost dirbusting and asset enumerationJovan Šikanja (@joshibeast)SSRF11-06-202215-09-2022
A Story of a Bug Found FuzzingAbdulrhman Alqabandi (@qab)GoogleBrowser hacking11-06-202215-09-2022
ed25519-unsafe-libsKonstantinos ChalkiasCryptographic issues11-06-202215-09-2022
My first CVE-2022–31289Praveen Mali (@pmmali_)SonatypeAuthentication bypass11-06-202215-09-2022
How to download eBooks from Google Play Store without paying for themYess (@Yess_2021xD)GooglePayment bypass09-06-202215-09-2022
CVE-2022-1040 Sophos XG Firewall Authentication bypassNguyễn Đình Biển (@biennd279)SophosAuthentication bypass09-06-202215-09-2022
Chaining vulnerabilities to criticality in Progress WhatsUp GoldShubham Shah (@infosec_au)Progress (WhatsUp Gold)SSRF09-06-202215-09-2022
Autodesk Fusion 360 <= 2.0.12887 “Insert SVG” Blind XXEGiulio ‘linset’ Casciaro (@Lins3t)AutodeskXXE09-06-202215-09-2022
Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225JFrog Security Research Team (@JFrogSecurity)EnvoyZip bomb09-06-202215-09-2022
De-Anonymization attacks against Proton servicesRuben Santamarta (@reversemode)Proton AGPrivacy issue08-06-202215-09-2022
Extracting Clear-Text Credentials Directly From Chromium’s MemoryZeev Ben PoratGoogle (Chromium)Browser hacking08-06-202215-09-2022
Account Takeover by Chaining Two IDORsDemon (@R29k_)IDOR08-06-202215-09-2022
Exploiting Amazon active vulnerabilityBenjamin WalterAmazonPayment bypass08-06-202215-09-2022
CVE-2022-26937: Microsoft Windows Network File System NLM Portmap Stack Buffer OverflowYuki Chen (@guhe120)MicrosoftBuffer Overflow08-06-202215-09-2022
Security Vulnerability in GitLab: Sending Arbitrary Requests through Jupyter NotebooksDaniel Fürst (@DnlFrst)GitLabHTML injection1,50007-06-202215-09-2022
An unusual way to find XSS injection in one minuteAndrey OnishchenkoTimeWebCSTI07-06-202215-09-2022
Multiple vulnerabilities in Zyxel zyshMarco Ivaldi / Raptor (@0xdea)ZyxelOS command injection07-06-202215-09-2022
Another vision for SSRFphor3nsic (@phor3nsic_br)SSRF06-06-202215-09-2022
Ivanti EPM Remote Code ExecutionNick Berrie (@machevalia)RCE6,50005-06-202211-01-2023
If It’s a Feature!!! Let’s Abuse It for $750Shakti Mohanty (@3ncryptSaan)CSRF75005-06-202215-09-2022
How Attacker could have suffocated the company staffMuhammad AbdullahDefault credentials1,40005-06-202215-09-2022
Is Exploiting A Null Pointer Deref For LPE Just A Pipe Dream?Michael DePlante (@izobashi)Microsoft (Bitdefender)Memory corruption02-06-202215-09-2022
How I Mass hunt for Admin Panel Access…🤩Ratnadip Gajbhiye (@scspcommunity)Gemeente Delft (The City of Delft)Default credentials02-06-202215-09-2022
Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ BountyChen Cohen (@chencococococo)MicrosoftRCE20,00001-06-202215-09-2022
How I found a GoldMine but got No GoldMuhammad AbdullahOld components with known vulnerabilities01-06-202215-09-2022
SQL injection to Remote Command Execution (RCE)Kwadwo AmoakoSQL injection31-05-202215-09-2022
From open redirect to RCE in one weekbyq (@ByQwert)Mail.ruOpen redirect31-05-202215-09-2022
Abusing Facebook’s feature for a permanent account confusion(logic vulnerability)LivMeta / FacebookMFA bypass31-05-202215-09-2022
How to find & access Admin Panel by digging into JS files…🥰Ratnadip Gajbhiye (@scspcommunity)Weak credentials30-05-202215-09-2022
Bypass CSP Using WordPress By Abusing Same Origin Method ExecutionPaulos Yibelo (@PaulosYibelo)WordPressCSP bypass29-05-202208-03-2023
DOMAIN ADMIN Compromise in 3 HOURSpopalltheshellsDefault credentials29-05-202209-02-2023
External Authentication bypass in ingress-nginxNiemiec Marcin (@xvnpw)KubernetesPath traversal50029-05-202215-09-2022
Exploiting iOS app for fun and profitBijan Murmu (@0xbijan)Account takeover29-05-202215-09-2022
Hall of Fame Vice Media ? hacking while sleepy…Muhammad Syahrul HaniawanVice MediaSubdomain takeover29-05-202215-09-2022
Weird Email Verification BypassVaibhav AtkaleEmail verification bypass28-05-202215-09-2022
A Simple SQL Injection in an Air Force WebsiteCorben Leo (@hacker_)U.S. Dept Of DefenseSQL injection27-05-202215-09-2022
Bygone Vulnerabilities – Remote Code Execution in IBM Lotus SameTime Clients (CVE-2013-0553)Brian (@hoyahaxa)IBMXSS27-05-202215-09-2022
DNN CMS Server-Side Request Forgery (CVE-2021-40186)Appcheck NGDNN (DotNetNuke)SSRF26-05-202211-01-2023
Social Media Take Over = Easy MoneyJesse Clark (@Hogarth45_)Broken link hijacking26-05-202215-09-2022
How an Open Redirection Leads to an Account Takeover?Mahendra Purbia (@Mah3Sec_)Open redirect26-05-202215-09-2022
2nd RCE and XSS in Apache Struts before 2.5.30Chris (@mc_0wn)Apache StrutsRCE25-05-202205-12-2022
Hijacking Over 100k GoDaddy WebsitesJonathan Cran (@jcran)GoDaddySubdomain takeover25-05-202215-09-2022
The Printer Goes BRRRRR!!!Mehdi Talbi (@abu_y0ussef)HPMemory corruption60,00025-05-202215-09-2022
How I made it into the United Nations hall of fame as I sleptVikaran (@vikaran101)United NationsXSS25-05-202215-09-2022
How I Found a company’s internal S3 Bucket with 41k FilesTarun Koyalwar (@KoyalwarTarun)AWS misconfiguration25024-05-202215-09-2022
Spoofing Microsoft 365 Like It’s 1995Steve Borosh (@424f424f)MicrosoftSpoofing24-05-202215-09-2022
CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)Jacob Baines (@Junior_Baines)VMwareLocal Privilege Escalation24-05-202215-09-2022
How I Get Bounty From Takeover AccountRyuuKhagetsuIDOR23-05-202215-09-2022
Breaking Reverse Proxy Parser LogicBlake Jacobs (@z0idsec)Path traversal22-05-202215-09-2022
Finding vulnerabilities in Swiss Post’s future e-voting system – Part 2Ruben Santamarta (@reversemode)Insecure deserialization22-05-202215-09-2022
2FA Bypass on private bug bounty program due to improper caching mechanismSharat Kaikolamthuruthil (@sharp488)MFA bypass22-05-202215-09-2022
2FA Bypass on private bug bounty program due to CSRF token misconfigurationSharat Kaikolamthuruthil (@sharp488)MFA bypass22-05-202215-09-2022
Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-ClickSouhaib Naceri (@h4x0r_dz)PaypalClickjacking22-05-202215-09-2022
A business Logic issue worth $1500Mohsin Khan (@tabaahi_)Logic flaw1,50021-05-202215-09-2022
How I was able to down a service of Microsoft ? Denial of Service (DOS) Attack on Microsoft.Harsh Banshpal (@harshbanshpal)MicrosoftDoS21-05-202215-09-2022
PayPal IDOR via billing Agreement Token (closed Informative, payment fraud)Souhaib Naceri (@h4x0r_dz)PaypalIDOR21-05-202215-09-2022
I Obtained ADMIN access via the Account Activation link [In 30 seconds]popalltheshellsPrivilege escalation20-05-202209-02-2023
Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the WebAvinash Sudhodanan (@sudoavi)DropboxAccount takeover20-05-202215-09-2022
Leaking Your GitHub Repositories With Snyk CodeRon Masas (@RonMasas)Path traversal20-05-202215-09-2022
Research: Auditing WordPress Pluginscy//ective (@cyllective)SQL injection20-05-202215-09-2022
Gaining access through error-based SQLi using WebSocketsBitcrack (@bitcrack_cyber)SQL injection12-01-202210-03-2023
How I was able to access IBM internal documentsMohamed Taha (@Mohamed12742780)IBMInformation disclosure19-05-202215-09-2022
From Wayback to Account TakeoverMohamed Taha (@Mohamed12742780)PlexInformation disclosure12019-05-202215-09-2022
CVE-2022-21404: Another Story Of Developers Fixing Vulnerabilities Unknowingly Because Of CodeQLPaulino Calderon (@calderpwn)OracleInsecure deserialization19-05-202215-09-2022
Exploiting an Unbounded memcpy in Parallels Desktop: A Pwn2Own 2021 Guest-to-Host Virtualization EscapeRET2 Systems (@ret2systems)ParallelsMemory corruption40,00019-05-202215-09-2022
A Tale of Confusing IDORAvi (@_naaash_)TikTokIDOR2,50018-05-202215-09-2022
Variant Cloud Analysisjspin (@jespinhara)Default credentials18-05-202215-09-2022
Vulnerability in Huawei’s AppGallery can download paid apps for freeDylan Roussel (@evowizz)HuaweiPayment bypass18-05-202215-09-2022
Kubernetes Privilege Escalation: Excessive Permissions in Popular PlatformsYuval Avrahami (@yuval_avrahami)GooglePrivilege escalation13,02217-05-202227-01-2023
Stealing Google Drive OAuth tokens from DropboxSivanesh Ashok (@sivaneshashok)DropboxCSRF1,72817-05-202215-09-2022
Bypassing WAF to Weaponize a Stored XSSne555Stored XSS17-05-202215-09-2022
Hacking Swagger-UI – from XSS to account takeoversDawid Moczadło (@kannthu1)ShopifyDOM XSS16-05-202215-09-2022
Impact of an Insecure DeepLinkYashar Shahinzadeh (@YShahinzadeh)CafeBazaarInsecure deeplink16-05-202215-09-2022
Multiple bugs chained to takeover Facebook Accounts which uses Gmail.Youssef Sammouda (@samm0uda)Meta / FacebookXSS44,62514-05-202215-09-2022
My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information’s & In Some cases Passwords At More Than 1000 CompaniesOrwa Atyat (@GodfatherOrwa)Exposed registration page14-05-202215-09-2022
From android app to access admin dashboardOday Alhalabi (@OdayAlhalabi)Exposed registration page13-05-202215-09-2022
Forging OAuth tokens using discovered client id and client secretBasyouni (@AshrafBasyoni4)Information disclosure12-05-202215-09-2022
New Wine in Old Bottle – Microsoft Sharepoint Post-Auth Deserialization RCE (CVE-2022-29108)Nguyễn Tiến Giang (@testanull)MicrosoftInsecure deserialization12-05-202215-09-2022
Takeover seller accounts worth billions & millionsBijan Murmu (@0xBijan)IDOR12-05-202215-09-2022
Spoofing SaaS Vanity URLs for Social Engineering AttacksTal PelegBoxURL spoofing11-05-202215-09-2022
Diving Into Pre-created Computer AccountsOddvar Moe (@Oddvarmoe)Active Directory10-05-202210-03-2023
Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)Oliver Lyak (@ly4k_)MicrosoftActive Directory Privilege Escalation10-05-202215-09-2022
The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…Renwa (@RenwaX23)CSS injection3,85010-05-202215-09-2022
ResolveURI RXSS Imperva Waf BypassAhsan Shahid (@hunter0x8)XSS10-05-202215-09-2022
RCE via Dependency ConfusionSamrat Gupta (@Sm4rty_)Dependency confusion10-05-202215-09-2022
Account verification code bypass lead to a $4000 bountyMohsin Khan (@tabaahi_)OTP bypass4,00008-05-202215-09-2022
Can analyzing javascript files lead to remote code execution?Asem Eleraky (@melotover)Unrestricted file upload08-05-202215-09-2022
How I Paid For My Holiday With Bug BountyTobydavennXSS08-05-202215-09-2022
P1 Bug — PII information disclosureHuntersherlockInformation disclosure08-05-202215-09-2022
Its all about 2fa bypass, or Account Takeoveranjaneyulu kanakatlaPassword reset08-05-202215-09-2022
The $16,000 Dev MistakeDaniel Marte (@Masonhck3571)Information disclosure16,00007-05-202215-09-2022
Cloudflare Pages, part 1: The fellowship of the secretSean Yeoh (@seanyeoh)CloudflareCommand injection06-05-202215-09-2022
Advanced sqlmap Case StudyPeter M (@pmnh_)SQL injection06-05-202215-09-2022
How We hacked (bypassed) Admin Panel just by JS fileZhenwar Hawlery (@zhenwarx)Information disclosure06-05-202215-09-2022
CVE-2022-0540 – Authentication bypass in SeraphKhoa Dinh (@_l0gg)Authentication bypass06-05-202215-09-2022
Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO)Zulfi Al-FariziXSS06-05-202215-09-2022
Samsung Galaxy – Any App Can Install Any App In The Galaxy App StoreKen Gannon (@Yogehi)SamsungAndroid04-05-202215-09-2022
Samsung Flow – Any App Can Read The External StorageKen Gannon (@Yogehi)SamsungAndroid04-05-202215-09-2022
Remotely permanent crash any Instagram user via permanent DoS in user DM’s.Naveen (@NaveenHax)Meta / FacebookDoS1,57504-05-202215-09-2022
Business Logic Errors – Art of Testing CardsJerry Shah (@Jerry)Payment bypass04-05-202215-09-2022
How i found a vulnerability that leads to access any users’ sensitive data and got $500Mr Robert | Ahmed M Hassan (@Mr_Robert20)FlickrInformation disclosure50004-05-202215-09-2022
[UNPATCHED] Cli: gh run download implementation allows overwriting git repository configuration upon artifacts downloadingVladimir Metnew (@vladimir_metnew)GitHubRCE50004-05-202215-09-2022
Hacking a Bank by Finding a 0day in DotCMSShubham Shah (@infosec_au)Directory traversal03-05-202215-09-2022
CVE-2022-25262 | JetBrains Hub single-click SAML response takeoverYurii Sanin (@SaninYurii)JetBrainsAuthorization flaw03-05-202215-09-2022
How I got a lousyT-Shirt from the Dutch Government.Mava (@mava656)Dutch GovernmentOld components with known vulnerabilities03-05-202215-09-2022
Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline AttacksNoam DotanPrivilege escalation02-05-202215-09-2022
ATO without any interaction [aws cognito misconfiguration]Shreyaskoli (@SPY8OY)GitHubAccount takeover55030-04-202215-09-2022
Page Admin Disclosure when Posting a ReelSyd Ricafort (@devsyd11)Meta / FacebookSpoofing1,00030-04-202215-09-2022
Sensitive Data Exfiltration through XSS ($450)Zulfi Al-FariziToken leak45030-04-202215-09-2022
Exploitation of an SSRF vulnerability against EC2 IMDSv2Yassine Aboukir (@Yassineaboukir)SSRF28-04-202215-09-2022
Contact Point Deanonymization Vulnerability in MetaLokesh Kumar (@lokeshdlk77)Meta / FacebookInformation disclosure12,00028-04-202215-09-2022
Wiz Research discovers “ExtraReplica”— a cross-account database vulnerability in Azure PostgreSQLShir Tamari (@shirtamari)MicrosoftCross-tenant vulnerability28-04-202215-09-2022
2FA Secret value disclosure leads to 2FA Bypass – Bug Bounty WriteupAditya Singh / rook1337 (@imrook1337)MFA bypass28-04-202215-09-2022
Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054)Keiran Sampson (@hpy_downunder)VMwareSSRF27-04-202215-09-2022
Bypassing WAF for $2222Divyansh SharmaWAF bypass2,22227-04-202215-09-2022
Azure Monitor – Malicious KQL QueryJoosua Santasalo (@SantasaloJoosua)MicrosoftPrivilege escalation27-04-202215-09-2022
[EN] Privileged account creation via Mass Assignment towards a full compromise using a Stored XSSAethlios (@AethliosIK)pass CultureStored XSS26-04-202209-01-2023
Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?Yakir KadkodaGitHubLogic flaw26-04-202215-09-2022
Fuzzing and credentials leakage..awesome bug hunting writeupAbdalrahman AlshammasHardcoded credentials25-04-202215-09-2022
Unlock any blur text/picture without membership/subscription on Scribd.com |By NeuchiNeil NeuchiScribd.comPayment bypass25-04-202215-09-2022
EJS, Server side template injection RCE (CVE-2022-29078) – writeupEslam Salem (@net_code)ejsSSTI23-04-202215-09-2022
How I got Apple Hall Of Fame !shubhdeep (@Shubhdeeppp)AppleContent injection23-04-202215-09-2022
How I Bypassed 2FA while Resetting PasswordSufiyan Gouri (@gouri_sufyan)MFA bypass23-04-202215-09-2022
Adventures Into The MeowCorp Bug Bounty ProgramNirmal Thapa (@tnirmalz)Information disclosure21-04-202215-09-2022
Security issues with cloudflare/odoh-server-go and the ODoH RFC draftFrans Rosén (@fransrosen)CloudflareSSRF21-04-202215-09-2022
Smashing the Modern Web Tech Stack — Part 1: The Evolving Threat Landscape in 2022 and DOM-based XSS in Cloud-Native React Apps.MalwareJoeOpen redirect21-04-202215-09-2022
Open Redirection into Bentley SystemAmit Kumar (@Amitlt2)Bentley SystemsXSS21-04-202215-09-2022
Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user accountJoosua Santasalo (@SantasaloJoosua)MicrosoftInformation disclosure21-04-202215-09-2022
Exploiting a File Upload Vulnerability — A Directory Traversal AttackKwadwo AmoakoUnrestricted file upload20-04-202215-09-2022
CVE-2022-21449: Psychic Signatures in JavaNeil Madden (@neilmaddog)OracleSignature bypass19-04-202215-09-2022
AWS’s Log4Shell Hot Patch Vulnerable to Container Escape and Privilege EscalationUnit 42 (@Unit42_Intel)AWSPrivilege escalation19-04-202215-09-2022
Adobe Acrobat hollowing out same-origin policyWladimir Palant (@WPalant)AdobeXSS19-04-202209-12-2022
Palisade identifies Wormable Cross-Site Scripting Vulnerability affecting Rarible’s NFT MarketplacePalissade (@PalisadeLLC)RaribleXSS5,00018-04-202215-09-2022
Stored XSS To Other Users Via MessagesTobydavennStored XSS18-04-202215-09-2022
SQL Injection in Harvard’s SubdomainBibek Neupane (@nb1b3k)HarvardSQL injection17-04-202215-09-2022
Full Account Takeover via Open RedirectionvFlexo (@vflexo)Open redirect17-04-202215-09-2022
XSLeaking with my best bud SOPHa Anh HoangMicrosoftInformation disclosure15-04-202215-09-2022
How we spoofed ENS domains for $15kHacxyk. (@Hacxyk)ENSHomograph attack15,00015-04-202215-09-2022
How I was able to see likes and dislikes count even though is hidden by victim | YouTube #4R ando (@Rando02355205)GoogleBroken Access Control15-04-202215-09-2022
[3/3] Cache Poisoning & Lateral Movement @ GitLabIPGitLabBroken Access Control15-04-202215-09-2022
Crazy Simple Insecure Design & 300$ Bounty!Saransh Saraf (@mr23r0)IP grabbing30015-04-202215-09-2022
Prototype Pollution in fast-xml-parserSudhanshu Rajbhar (@sudhanshur705)Prototype pollution14-04-202205-06-2022
CVE-2022-26133 – Bitbucket Data Center – Java Deserialization VulnerabilityBenny Jacob (@bennyyjacob)AtlassianInsecure deserialization14-04-202215-09-2022
Multiple Vulnerabilities in Cisco ExpresswayChristian Mehlmauer (@firefart)CiscoMemory leak14-04-202215-09-2022
United Nations bug bounty[writeup]Debprasad BanerjeeUnited NationsInformation disclosure14-04-202215-09-2022
Abusing Azure Hybrid Workers for Privilege Escalation – Part 2: An Azure PrivSec StoryJosh Magri (@passthehashbrwn)MicrosoftPrivilege escalation10,00014-04-202215-09-2022
Blinding Snort: Breaking The Modbus OT PreprocessorClaroty’s Team82 (@Claroty)CiscoMemory corruption14-04-202215-09-2022
Bypass Rate Limit — A blank space leads to this random encounter!Roxst4r (@mveswar98)Password reset14-04-202215-09-2022
MY First Bug In Hackeroneanjaneyulu kanakatlaInformation disclosure14-04-202215-09-2022
[2/3] XSS Through The Front-Door @ GitLabIPGitLabXSS13-04-202215-09-2022
Threat Evasion for aws:multifactorAuthPresent condition using CloudshellFalcnix (@falcnix)AWSMFA bypass13-04-202215-09-2022
Inside the Black Box | How We Fuzzed Microsoft Defender for IoT and Found Multiple VulnerabilitiesKasif Dekel (@kasifdekel)MicrosoftDoS13-04-202215-09-2022
Bypass Apple Corp SSO on Apple Admin PanelStealthy (@stealthybugs)ApplePath traversal6,00012-04-202215-09-2022
CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN ClientRhino Security Labs (@RhinoSecurity)AWSLocal Privilege Escalation12-04-202215-09-2022
IDOR (Insecure Direct Object Reference) leads to listing all valid Users and edit their ProfilesAhmed HassanDrexel UniversityIDOR12-04-202215-09-2022
CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)Jacob Baines (@Junior_Baines)MicrosoftLocal Privilege Escalation12-04-202215-09-2022
XSS – The LocalStorage RobberyJerry Shah (@Jerry)XSS12-04-202215-09-2022
Broken session control leads to access the admin panel even after revoking the access!! — #ZOHONaveenroyZohoBroken Access Control12-04-202215-09-2022
NotGitBleedAaron DevaneyGitHubInformation disclosure11-04-202215-09-2022
AWS RDS Vulnerability Leads to AWS Internal Service CredentialsGafnit Amiga (@gafnitav)AWSLFI11-04-202215-09-2022
SVG SSRFs and saga of bypassesPreetham Bomma (@cyber01_)SSRF11-04-202215-09-2022
[1/3] Brute-Force Protection Bypass @ GitLabIPGitLabBruteforce11-04-202215-09-2022
The #100DaysOfHacking Challenge : A Game Changer for MeNajam Ul Saqib (@NjmUlSqb)IDOR10-04-202215-09-2022
Privacy Disclosure on Facebook Lite after Creating a PostRheyMeta / FacebookPrivacy issue40010-04-202215-09-2022
XSS | HTML Injection and File Upload Bypass in HUAWEI SubdomainAhmed HassanHuaweiXSS10-04-202215-09-2022
Securing Easy Appointments and earning CVE-2022-0482Francesco Carlucci (@francecarlucci)Easy!AppointmentsBroken Access Control09-04-202224-10-2022
MSRC – Joint security research write up – Azure AD Consent bypass disclosure with Kim Jamia – Q1/2022Joosua Santasalo (@SantasaloJoosua)MicrosoftAuthorization flaw09-04-202215-09-2022
How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bountyVishal Saini (@k4k4r07)SQL injection4,32408-04-202215-09-2022
Meta’s SparkAR RCE Via ZIP Path TraversalFady Othman (@Fady_Othman)Meta / FacebookRCE2,50007-04-202215-09-2022
Multiple vulnerability leading to account takeover in TikTok SMB subdomain.Ahmad A Abdulla (@lu3ky13)TikTokIDOR1,00007-04-202215-09-2022
How i got access to 1600k Users PII Data $$$$Gokul AP (@CodingGokul)Information disclosure1,50006-04-202215-09-2022
SSRF and Account Takeover via XSS in ERPNext (0-day)huli (@aszx87410)ERPNextSSRF06-04-202215-09-2022
Watch out the links : Account takeover!Akash Hamal (@AkashHamal0x01)Account takeover06-04-202215-09-2022
Azure Active Directory Exposes Internal InformationCounter Threat Unit Research TeamMicrosoft (Azure)Cloud05-04-202226-02-2023
The Bug That Kept On Giving :: PaymentBypass :: Eposed Return Urlg30rgy th3 d4rk (@Crypt0g30rgy)Payment bypass50005-04-202226-02-2023
CVE-2021-4119: [Bookstack] Email harvesting via SQL “LIKE” clause exploitationHaxatron (@Haxatron1)BookstackBroken Access Control05-04-202215-09-2022
New npm Flaws Let Attackers Better Target Packages for Account TakeoverYakir KadkodaGitHubInformation disclosure05-04-202215-09-2022
HTTP Request Smuggling on business.apple.com and Others.Stealthy (@stealthybugs)AppleHTTP request smuggling36,00005-04-202215-09-2022
Azure Active Directory Exposes Internal InformationSecureworks Counter Threat Unit (@Secureworks)MicrosoftInformation disclosure05-04-202215-09-2022
How I hacked one of the biggest airlines group of the worldTarek Bouali (@iambouali)IDOR05-04-202215-09-2022
CloudKit Share Records leak the title of private iCloud filesDavid Schütz (@xdavidhu)AppleIDOR05-04-202215-09-2022
CVE-2021-38159: MOVEit Transfer SQL Injection AnalysisTuan Anh Nguyen (@haxor31337)Palantir PublicSQL injection5,00005-04-202215-09-2022
Spoof as another Facebook user to report an impostor accountSyd Ricafort (@devsyd11)Meta / FacebookSpoofing05-04-202215-09-2022
NoSQL Injection in Plain SightKuldeep Pandya (@kuldeepdotexe)NoSQL injection04-04-202215-09-2022
MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639Mickey Jin (@patch1t)AppleLocal Privilege Escalation04-04-202215-09-2022
Hacked Nokia With Reflected Cross-site Scripting Vulnerability….Amit Kumar (@Amitlt2)NokiaReflected XSS04-04-202215-09-2022
Cloud SSRF ExploitationDan BarrosSSRF04-04-202215-09-2022
Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD PipelineNoam DotanGitHubPrivilege escalation04-04-202215-09-2022
Exploiting a double-edged SSRF for server and client-side impactYassine Aboukir (@Yassineaboukir)SSRF03-04-202215-09-2022
Hacked Instagram Handle Of Samsung….Amit Kumar (@Amitlt2)SamsungBroken link hijacking03-04-202215-09-2022
How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tablesDavid Bouman (@pqlqpql)Linux Kernel OrganizationMemory corruption02-04-202215-09-2022
View Friends List of any users using “View as” | Facebook Bug bountyPh.HitachiMeta / FacebookLogic flaw02-04-202215-09-2022
Multiple Times I Hacked Duke University With RXSS Vulnerability!!!Amit Kumar (@Amitlt2)Duke UniversityReflected XSS02-04-202215-09-2022
Design Flaw : A Tale of Permanent DOS (Informative -> Triaged)Akash Hamal (@AkashHamal0x01)DoS02-04-202215-09-2022
Write Up – Finapi (Open Banking API) Oauth Credentials Exposed In Plain Text In Android AppOmar Espino (@omespino)Hardcoded credentials01-04-202215-09-2022
Debugging the undebuggable and finding a CVE in Microsoft Defender for EndpointGijs HollestelleMicrosoftEndpoint spoofing01-04-202215-09-2022
Small bugs are more dangerous than you thinkLiv Matan (@terminatorLM)Self-XSS01-04-202215-09-2022
Pwning a Cisco RV340 with a 4 bug chain exploitLiv (@terminatorLM)CiscoLocal Privilege Escalation01-04-202215-09-2022
A Large-scale and Longitudinal Measurement Study of DKIM DeploymentChuhan WangGoogleEmail spoofing01-04-202215-09-2022
Race condition in Tendermint’s StarPortShashank (@cyberboyIndia)CosmosRace condition5,00031-03-202215-09-2022
Critical SSRF on EvernoteNeolex (@NeolexSecurity)EvernoteSSRF5,00031-03-202215-09-2022
Got Access To Dota 2 Admin Panel By Exploiting In-game FeatureAbdillah Muhamad (@abdilahrf)ValveXSS90031-03-202215-09-2022
CVE-2022-27643 – NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution VulnerabilityRelyze (@relyze)NetgearMemory corruption31-03-202215-09-2022
Unauthenticated Remote Code Execution in Cisco Nexus Dashboard Fabric Controller (formerly DCNM)Pedro Ribeiro (@pedrib1337)CiscoInsecure deserialization30-03-202215-09-2022
GitHub Cache PoisoningScribe Security (@ScribeSecurity)GitHubCache poisoning attack30-03-202215-09-2022
CVE-2022-22948: Sensitive Information Disclosure in VMware vCenterYuval LazarVMwareInformation disclosure29-03-202211-01-2023
Joomla! <= 4.1.0 (Tar.php) Zip Slip VulnerabilityEgidio Romano / EgiXJoomla!Zip Slip attack29-03-202220-12-2022
How I bypassed 403 forbidden domain using a simple trickJan Muhammad Zaidi (@hasanakajan)403 bypass29-03-202215-09-2022
ABC-Code Execution for VeeamSina Kheirkhah (@SinSinology)VeeamLocal Privilege Escalation29-03-202215-09-2022
Your NAS is not your NAS !Angelboy (@scwuaptx)SynologyRCE28-03-202224-10-2022
Ruby Deserialization – Gadget on RailsHTTPVoid (@httpvoid0x2f)Ruby on RailsInsecure deserialization28-03-202215-09-2022
Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for AllKasif Dekel (@kasifdekel)MicrosoftRCE28-03-202215-09-2022
How I was able to rick roll every users on root-me.orgMizu (@kevin_mizu)Root-MeXSS27-03-202215-09-2022
Stealing cookies from subdomain leads to takeover user accounts at redacted.comBijan Murmu (@0xBijan)Account takeover27-03-202215-09-2022
Deleting account via support ticketBijan Murmu (@0xBijan)IDOR26-03-202215-09-2022
Broken Access Control – IDORNick Berrie (@machevalia)IDOR10425-03-202211-01-2023
Bug Bounty Adventures: A NodeBB 0-dayMarouane Mouhtadi (@Mar0_0uane)OperaCSRF25-03-202215-09-2022
Clipboard hazard with Google SheetsImre Rad (@ImreRad)GooglePhishing25-03-202215-09-2022
Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044)stypr (@stereotype32)NetgearXSS25-03-202215-09-2022
Pwn2Own Austin 2021 : Defeating The Netgear R6700V3Antide Petit (@xarkes_)NetgearRCE25-03-202215-09-2022
How Token Misconfiguration can lead to takeover accountCryptographer (@justluthra)Account takeover24-03-202215-09-2022
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)Alex Plaskett (@alexjplaskett)Western DigitalRCE23-03-202215-09-2022
How I Was Able To TakeOver Any Account On One Of Europe’s Largest Media CompaniesTobydavennIDOR23-03-202215-09-2022
When Equal is Not, Another WebView Takeover StoryDimitrios Valsamaras (@Ch0pin)Android22-03-202215-09-2022
Authentication bypass using root arrayEslam Akl (@eslam3kll)Authentication bypass22-03-202215-09-2022
Basic recon to RCE IIJoshua Martinelle (@J0_mart)RCE22-03-202215-09-2022
Story about more than 3.5 million PII leakage in Yahoo!!!dhakal_bibek (@dhakal__bibek)Yahoo! / Verizon MediaIDOR9,50022-03-202215-09-2022
Google Maps API Key Unauthorized Use CaseDan BarrosInformation disclosure10022-03-202215-09-2022
iTop – Template Injection inside customer PortalMarkus Krell (@MarkusKrell)Combodo (iTop)SSTI21-03-202224-10-2022
Targeting Visual Studio Code for macOS: File Discovery and a TCC bypass (kinda)Alfie Champion (@ajpc500)AppleLocal Privilege Escalation21-03-202215-09-2022
($$$) Broken Authentication and IDOR at [REDACTED]Rizaldi Wahaz (@wah_haz)IDOR21-03-202215-09-2022
Broken session control leads to access private videos using the shared link even after revoking the access for specific time!! — #GoogleVRPNaveenroyGoogleBroken Access Control20-03-202215-09-2022
Bug Bounty catches part -1Bijan Murmu (@0xBijan)Authentication bypass20-03-202215-09-2022
CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and OperaMaciej Pulikowski (@pulik_io)GoogleBrowser hacking10,00019-03-202215-09-2022
Files.app Symbolic Link FollowingRon Masas (@RonMasas)AppleiOS19-03-202215-09-2022
Adobe bug bounty using IDOR, Confidential data leaksDebprasad BanerjeeAdobeIDOR19-03-202215-09-2022
Insecure Direct Object Reference Exposes all users of Microsoft Azure Independent Software VendorsMearegMicrosoftIDOR18-03-202215-09-2022
For the first Bounty, it takes a few challenging months, but only a few days for the second.Aneesha D (@interc3pt3r)Old components with known vulnerabilities25018-03-202215-09-2022
Bypass confirmation to add payment method.Yaj DesuEmail verification bypass18-03-202215-09-2022
Abusing Arbitrary File Deletes To Escalate Privilege And Other Great TricksAbdelhamid NaceriMicrosoft (Windows)Local Privilege Escalation17-03-202215-09-2022
Abusing Azure Hybrid Workers for Privilege Escalation – Part 1Josh Magri (@passthehashbrwn)Microsoft (Azure)Privilege escalation17-03-202215-09-2022
My First Blind SQL InjectionT VAMSHISQL injection17-03-202215-09-2022
Parameter Pollution – Zero DayJerry Shah (@Jerry)DiscourseHTTP parameter pollution17-03-202215-09-2022
From XSS to RCE (dompdf 0day)Positive Security (@positive_sec)XSS16-03-202215-09-2022
Git honours embedded bare repos, and exploitation via core.fsmonitor in a directory’s .git/config affects IDEs, shell prompts and Git pillagersJustin Steven (@justinsteven)GitHubRCE16-03-202215-09-2022
How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program?akshal(tojojo)XSS16-03-202215-09-2022
SSD Advisory – Exchange Server GetWacInfo Information Disclosure VulnerabilityAlex Birnberg (@alexbirnberg)MicrosoftXXE15-03-202215-09-2022
Securing Developer Tools: Git IntegrationsSonar (@SonarSource)MicrosoftLocal Privilege Escalation15-03-202215-09-2022
Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)Richard Warren (@buffaloverflow)AppleArbitrary file write15-03-202215-09-2022
How I managed to trigger XSS automatically to get critical account takeoverc4rrilat0r (@c4rrilat0r)Stored XSS3,00015-03-202215-09-2022
CVE-2022-22616: Simple way to bypass GateKeeper, hidden for yearsMickey Jin (@patch1t)AppleLocal Privilege Escalation15-03-202215-09-2022
CVE-2020-24427: Adobe Reader CJK Codecs Memory Disclosure VulnerabilityHaboob Research Team (@HaboobSa)AdobeMemory disclosure15-03-202215-09-2022
My First Bug on VDP & BBP – Bug BountyAditya Singh / rook1337 (@imrook1337)Stored XSS15-03-202215-09-2022
How a macOS bug could have allowed for a serious phishing attack against usersGuilherme Rambo (@_inside)AppleMacOS5,00014-03-202201-11-2022
From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password – “password”YoKo Kho (@YokoAcc)WAF bypass2,50014-03-202215-09-2022
Achieving Remote Code Execution via Unrestricted File UploadHaroon Hameed (@HaroonHameed40)Unrestricted file upload3,00014-03-202215-09-2022
SQL Injection at SpotifyEslam Akl (@eslam3kll)SpotifySQL injection14-03-202215-09-2022
How I access other domains in infinityfree.net using Directory TraversalKurt Russelle MarmolInfinityFreeDirectory traversal14-03-202215-09-2022
How I Made The BBC Hall Of Fame 3 TimesTobydavennBBCInformation disclosure14-03-202215-09-2022
Party time: Injecting code into Teleparty extensionWladimir Palant (@WPalant)TelepartyHTML injection14-03-202209-12-2022
How I bypassed disable_functions in php to get a remote shellAsem Eleraky (@melotover)RCE13-03-202215-09-2022
Open Redirect via Sendgrid Email MisconfigurationRifqi Hilmy ZhafrantOpen redirect25013-03-202215-09-2022
A Tale of Open Redirection to Stored XSSTushar Sharma (@tusharSharma_0)Stored XSS12-03-202215-09-2022
XSS through base64 encoded JSONAman Pareek (@aman_notsogreat)XSS12-03-202215-09-2022
I can see the dislikes count even though is hidden by YouTube | YouTube ($500)R ando (@Rando02355205)Broken Access Control50012-03-202215-09-2022
I have Found Microsoft Subdomain Website database list, database username, passwordBot Ami (@Botami143)MicrosoftInformation disclosure11-03-202215-09-2022
How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control)can1337 (@canmustdie)Broken Access Control11-03-202215-09-2022
CVE-2022-24696 – Glance By Mirametrix Privilege EscalationOddvar Moe (@Oddvarmoe)LenovoLocal Privilege Escalation11-03-202215-09-2022
How I was able to takeover any users account on a major telecoms websiteTobydavennXSS11-03-202215-09-2022
Rate Limit Bypass at Readme.comGirishboReadme.comLack of rate limiting11-03-202215-09-2022
How I was able to read any users confidential reports on a public level domainTobydavennIDOR10-03-202215-09-2022
Escalating from Logic App Contributor to Root Owner in AzureJosh Magri (@passthehashbrwn)MicrosoftPrivilege escalation09-03-202215-09-2022
How I Was Able To Wipe Any Registered AccountTobydavennLogic flaw09-03-202215-09-2022
Demographic Misconfiguration on Facebook livePrajwol Dhungana (@PrajwolDhunga14)Meta / FacebookLogic flaw09-03-202215-09-2022
SSD Advisory – NETGEAR DGND3700v2 PreAuth Root AccessNetgearAuthentication bypass09-03-202215-09-2022
Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)Nguyễn Tiến Giang (@testanull)OracleRCE09-03-202215-09-2022
Container Escape to Shadow Admin: GKE Autopilot VulnerabilitiesUnit 42 (@Unit42_Intel)GooglePrivilege escalation08-03-202215-09-2022
Log4shell in google $1337.00amnotacat (@Amnotacat1)GoogleLog4shell1,33708-03-202215-09-2022
How I managed to make a DDoS attack by exploiting a company’s service — Bug BountyMr Empy (@mr_empy)DoS08-03-202215-09-2022
Circumventing Browser Security Mechanisms For SSRFHTTPVoid (@httpvoid0x2f)SSRF08-03-202215-09-2022
AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation ServiceYanir Tsarimi (@Yanir_)MicrosoftCross-tenant vulnerability40,00007-03-202215-09-2022
The Bad Twin: a peculiar case of JWT exploitation scenarioSandh0t (@sandh0t)Account takeover3,00007-03-202215-09-2022
Some critical vulnerabilities found with passive analysis on bug bounty programs explainedDaniel V. (@d4niel_v)Information disclosure07-03-202215-09-2022
WhatsApp Bug Bounty: Bypassing biometric authentication using voipArvind (@ar_arv1nd)Meta / FacebookAuthentication bypass05-03-202215-09-2022
How I Hacked A Crypto Company And Could Steal 1 Million Dollars Worth of Bitcoinzoid (@z0idsec)Path traversal9,00005-03-202215-09-2022
More secure Facebook Canvas Part 2: More Account TakeoversYoussef Sammouda (@samm0uda)Account takeover98,25004-03-202215-09-2022
CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)Jacob Baines (@junior_baines)GitLabUsername enumeration03-03-202215-09-2022
4300$ Instagram IDOR Bug (2022)Nawaf Alkhaldi (@nvmeeet)Meta / FacebookIDOR4,30002-03-202215-09-2022
Moodle 2nd Order Sqlimufinnnnnnn (@mufinnnnnnn)MoodleSQL injection02-03-202215-09-2022
IDOR in support.mozilla.org through Code ReviewBrandon RoldanMozillaIDOR1,50002-03-202215-09-2022
CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATOPaulos Yibelo (@PaulosYibelo)ApacheStored XSS02-03-202215-09-2022
webOS Revisited – Even More Mistaken IdentitiesAndreas Lindh (@addelindh)LGLocal Privilege Escalation02-03-202215-09-2022
[ Directory Traversal attack ] How did I find it using GitHubFenrir (@leetibrahim)Information disclosure02-03-202215-09-2022
Skype extension: All functionality broken? Still exploitable!Wladimir Palant (@WPalant)MicrosoftInformation disclosure01-03-202215-09-2022
Password Reset to Admin AccessJesse Clark (@Hogarth45_)Account takeover01-03-202215-09-2022
HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP ImplementationsKaiwen Shen (@m0xiaoxi)HTTP request smuggling01-03-202215-09-2022
Pwning a Server using MarkdownAditya Dixit (@zombie007o)HashnodeLFI28-02-202215-09-2022
BrokenPrint: A Netgear stack overflowAlex Plaskett (@alexjplaskett)NetgearMemory corruption28-02-202215-09-2022
Hacking Subscription Plans for free service.Muhammad Khizer Javed (@khizer_javed47)Payment bypass27-02-202215-09-2022
CVE-2022-22947: SpEL Casting And Evil BeansWyatt Dahlenburg (@wdahlenb)RCE26-02-202215-09-2022
SSRF & LFI In Uploads FeatureRaymond LindSSRF26-02-202215-09-2022
Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations ManagerEgor Dimitrenko (@elk0kc)VMwareAuthentication bypass25-02-202215-09-2022
A Weird Price Tampering VulnerabilityvFlexo (@vflexo)Payment tampering20025-02-202215-09-2022
Bypassing default visibility for newly-added email in Facebook(Part I - Submitting I.D)Kent Jarold Abulag (@wkemenhehehegsg)Meta / FacebookLogic flaw1,50025-02-202215-09-2022
Instagram App Access TokenPhilippe Harewood (@phwd)Meta / FacebookInformation disclosure38,30024-02-202215-09-2022
Piercing the Cloud Armor – The 8KB bypass in Google Cloud Platform WAFKloudle (@Kloudleinc)GoogleWAF bypass24-02-202215-09-2022
How I Hacked the Dutch Government with SQLi and Won the Famous T-Shirt?Göktuğ Kaya (@g0ktugkaya)Dutch GovernmentSQL injection24-02-202215-09-2022
Stealing a few more GitHub Actions secretsTeddy Katz (@not_aardvark)GitHubLogic flaw7,50023-02-202215-09-2022
CVE-2021-45467: CWP CentOS Web Panel – preauth RCEPaulos Yibelo (@PaulosYibelo)Centos Web Panel (CWP)RCE22-01-202202-03-2023
Write Up – Android Application Screen Lock Bypass Via ADB Brute ForcingOmar Espino (@omespino)Android22-02-202215-09-2022
Facebook android vulnerability: Launching internal/tighten deeplink onbehalf of userRahul Kankrale (@RahulKankrale)Android3,52522-02-202215-09-2022
OAuth and PostMessage – Chaining misconfigurations for your access token.Suraj Disoja (@ninetyn1ne_)OAuth21-02-202215-09-2022
How I could’ve bypassed the 2FA security of Instagram once again?Samip Aryal (@samiparyal_)Meta / FacebookMFA bypass3,15021-02-202215-09-2022
Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysqlstypr (@stereotype32)Oracle (MySQL)SQL injection21-02-202215-09-2022
What an injection into jQuery-selector can lead toAnton Subbotin (@ska_vans)CSRF21-02-202215-09-2022
XSS in hidden input fieldFaizan ElahiXSS21-02-202215-09-2022
Send a Email to me and get kicked out of Google Groups !! — #GoogleVRP — A Feature that almost broke Google Groups !!Sriram Kesavan (@sriramoffcl)GoogleLogic flaw3,133.7020-02-202215-09-2022
A Case Study of API VulnerabilitiesMonke (@pmofcats)Information disclosure20-02-202215-09-2022
Access Control Violation – Sensitive Data ExposureNick Berrie (@machevalia)Directory listing444.519-02-202211-01-2023
Bypassing Cloudflare’s WAF!Friendly (@SkeletorKeys)XSS19-02-202215-09-2022
CVE-2022-23835: A security analysis of Visual VoicemailChris TalbotAT&TVoicemail hacking19-02-202215-09-2022
My Experience of Hacking Dutch Governmentremonsec (@remonsec)Dutch Government19-02-202215-09-2022
Passive Recon with Spyse (Part-II)remonsec (@remonsec)Subdomain takeover2,10019-02-202215-09-2022
How I get my first SWAG from SIDN (Sensitive Data Exposer)remonsec (@remonsec)SIDNDirectory listing19-02-202215-09-2022
RCE in GitHub Desktop < 2.9.4Vladimir Metnew (@vladimir_metnew)GitHubRCE2,00018-02-202215-09-2022
Stored XSS in message.alibaba.com ($2,000)R ando (@Rando02355205)AlibabaStored XSS1,00018-02-202215-09-2022
Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)Cedric Halbronn (@saidelike)LexmarkArbitrary file write18-02-202215-09-2022
Recon and YouTube, is that a thing?Marcos IAF / Rohit (@marcos_iaf)Subdomain takeover17-02-202215-09-2022
403 forbidden bypass & Accessing config files using a headervishnurajr403 bypass17-02-202215-09-2022
Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN)Quentin Kaiser (@QKaiser)CiscoRCE17-02-202215-09-2022
CVE-2022-0478 – WooCommerce Event-Manager Plugin SQL InjectionCastilho (@castilho101)Automattic (WooCommerce)SQL injection16-02-202208-05-2023
How I earned $9000 with Privilege escalationsJunaid Khan (@JunoonBro)Privilege escalation9,00016-02-202215-09-2022
My first report on HackerOne: A logic flaw in npmElSec (@ElSec_)GitHubLogic flaw16-02-202215-09-2022
My First Reflected XSS Bug Bounty — Google Dork — $xxxProviesec (@proviesec)Reflected XSS16-02-202215-09-2022
Hacked Dutch Government Website. All I got was this l̶o̶u̶s̶y̶ cool T-Shirt.Romesh chanderDutch GovernmentInformation disclosure16-02-202215-09-2022
Bug Report; Bypassing Weekly Limits In Basic (Free) LinkedIn AccountAshok AcharyaLinkedInLogic flaw16-02-202215-09-2022
Hunting for bugs in VMware: View Planner and vRealize Business for CloudMikhail Klyuchnikov (@__Mn1__)VMwareRCE15-02-202215-09-2022
Trim private live videos and access them (Meta bug bounty)abdellah yaala (@yaalaab)Meta / FacebookIDOR7,50015-02-202215-09-2022
Static Taint Analysis Using Binary Ninja: A Case Study Of MySQL Cluster VulnerabilitiesReno Robert (@renorobertr)Oracle (MySQL)Memory corruption15-02-202215-09-2022
Advisory: Western Digital My Cloud Pro Series PR4100 RCEQuentin Kaiser (@QKaiser)Western DigitalRCE15-02-202215-09-2022
BigQuery SQL Injection Cheat SheetOzgur Alp (@ozgur_bbh)SQL injection14-02-202215-09-2022
My First Bounty and How I Got ItAneesha D (@interc3pt3r)Subdomain takeover13214-02-202215-09-2022
Hacking AWS Cognito Misconfiguration to Zero Click Account TakeoverPreetham Bomma (@cyber01_)AWS misconfiguration14-02-202215-09-2022
How i made 15k$ from Remote Code Execution VulnerabilityAbdulrahman Makki (@AMakki1337)Code injection15,00013-02-202215-09-2022
Broken Link Hijacking – Mr. User-AgentJerry Shah (@Jerry)Broken link hijacking13-02-202215-09-2022
A tale of 0-Click Account Takeover and 2FA Bypass.Firas Fatnassi (@Fatnass1F1ras)Account takeover12-02-202215-09-2022
“Zero-Days” Without Incident – Compromising Angular via Expired npm Publisher Email DomainsMatthew Bryant (@IAmMandatory)GitHubSupply chain attack11-02-202215-09-2022
QRCDR ZeroDay Path Traversal VulnerabilityFarhad Karimi (@n0lsec)Path traversal11-02-202215-09-2022
flashback_connects (Cisco RV340 SSL VPN Unauthenticated Remote Code Execution as root)Pedro Ribeiro (@pedrib1337)CiscoMemory corruption11-02-202215-09-2022
Subdomain Takeover via Leadpages Services on TiktokMohamed Haron (@m7mdharon)TikTokSubdomain takeover11-02-202215-09-2022
Mindshare: When Mysql Cluster Encounters Taint AnalysisLucas Leong (@_wmliang_)Oracle (MySQL)Memory corruption10-02-202215-09-2022
Microsoft Team’s Unpatched URL Spoofing VulnerabilityPriyank RavalMicrosoftURL spoofing09-02-202215-09-2022
How I hacked Google to read files from their servers for free!Harish SG (@CoderHarish)GoogleArbitrary file read09-02-202215-09-2022
ICMAD SAP Vulnerabilities (CVE-2022-22536, CVE-2022-22532 & CVE-2022-22533)SAP Product Security Response teamSAPHTTP request smuggling08-02-202215-09-2022
Oracle Server Side Request Forgery (SSRF) MetadataLidor Ben ShitritOracleSSRF08-02-202215-09-2022
Story of critical security flaws I found in Glintshuli (@aszx87410)GlintsIDOR1,20009-02-202215-09-2022
WordPress < 5.8.3 - Object Injection VulnerabilitySimon Scannell (@scannell_simon)WordPressObject injection08-02-202215-09-2022
SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022-21999)Olivier Lyak (@ly4k_)MicrosoftLocal Privilege Escalation08-02-202215-09-2022
How Docker Made Me More Capable and the Host Less SecureAlon Zahavi (@Alon_Z4)MicrosoftLocal Privilege Escalation08-02-202215-09-2022
CVE-2022-21703: cross-origin request forgery against GrafanaJulien Cretel (@jub0bs)Grafana LabsCSRF08-02-202215-09-2022
SQL Injection, Reflected XSS and Information Disclosure in one subdomain in just 10 minutesMahmoud Hamed (@7odamo_)SQL injection08-02-202215-09-2022
Full Account takeover (ATO) — a tale of two bugs 🐛Kwadwo AmoakoIDOR08-02-202215-09-2022
Google Security Misconfiguration Leads to Account Takeover !Harsh BanshpalGoogleLogic flaw08-02-202215-09-2022
What I Found on Sony Vulnerability Disclosure ProgramAditya Singh / rook1337 (@imrook1337)SonyInformation disclosure07-02-202215-09-2022
How can I access the members-only video comment? | YouTube ($5,000)R ando (@Rando02355205)GoogleBroken Access Control5,00007-02-202215-09-2022
Insecure Bootstrap Process in Oracle Cloud CLINightwatch Cybersecurity (@nightwatchcyber)OracleSupply chain attack06-02-202215-09-2022
Auth Bypass in Google AssistantDavid Schütz (@xdavidhu)GoogleInformation disclosure267406-02-202215-09-2022
Auth Bypass in com.google.android.googlequicksearchboxDavid Schütz (@xdavidhu)GoogleAuthentication bypass1,33706-02-202215-09-2022
How I found a critical P1 bug in 5 minutes using a cellphone — Bug BountyMr Empy (@mr_empy)SQL injection06-02-202215-09-2022
Facebook Oauth bypassabdellah yaala (@yaalaab)Meta / FacebookOAuth7,50005-02-202215-09-2022
What Bypassing Razer’s DOM-based XSS Patch Can Teach UsEdOverflow (@EdOverflow)RazerDOM XSS05-02-202215-09-2022
How I bypassed PHP functions to read sensitive files on serverKailash (@corrupted_brain)Components with known vulnerabilities04-02-202215-09-2022
Bypassing the AWS WAF protection with an 8KB bulletKloudle (@Kloudleinc)AWSWAF bypass03-02-202215-09-2022
Write Up – Private Bug Bounty: RCE In EC2 Instance Via SSH With Private Key Exposed On Public Github Repository – $xx,000 USDOmar Espino (@omespino)Information disclosure03-02-202215-09-2022
Solving DOM XSS PuzzlesEugene Lim (@spaceraccoonsec)DOM XSS03-02-202215-09-2022
HigherLogic Community RCE Vulnerability0daystolive (@0daystolive)8×8Insecure deserialization1,25003-02-202215-09-2022
Malicious Kubernetes Helm Charts can be used to steal sensitive information from Argo CD deploymentsApiiro’s Security ResearchArgo CDSupply chain attack03-02-202215-09-2022
A technique to semi-automatically find vulnerabilities in WordPress pluginskazet (@kazet1234)XSS03-02-202215-09-2022
How I Tracked You Around The Globe 🌎0xdroopy (@NikhilK50866227)Google (Waze)Information disclosure02-02-202215-09-2022
Abusing Facebooks `Call To Action` To Launch Internal DeeplinksAshley King (@AshleyKingUK)Meta / FacebookCSRF4,00002-02-202215-09-2022
My first bounty, IDOR + Self XSS [€3000]Ladecruze (@ladecruze)IntigritiSelf-XSS3,00002-02-202215-09-2022
A misconfigured Apache Airflow to AWS Account CompromiseAvinash Jain (@logicbomb_1)Outdated component with a known vulnerability02-02-202215-09-2022
My experience of Hacking The Dutch GovernmentPhenomenal (@Chawla12111)Dutch GovernmentXSS02-02-202215-09-2022
No Rate Limiting on OTP sendingnOOb_mAsTeRBruteforce02-02-202215-09-2022
IDOR vulnerability on invoice and weak password reset leads to account take overDamaidecIDOR01-02-202230-11-2022
CVE-2021-44142: Details On A Samba Code Execution Bug Demonstrated At Pwn2Own AustinNguyễn Hoàng Thạch (@hi_im_d4rkn3ss)Memory corruption45,00001-02-202215-09-2022
A Peculiar Case of XSS and my first bugAman Pareek (@aman_notsogreat)Bentley SystemsXSS01-02-202215-09-2022
A story of leaking uninitialized memory from FastlyEmil Lerner (@emil_lerner)FastlyHTTP/301-02-202215-09-2022
How I approached Dependency Confusion!Aditya Soni (@hetroublemakr)Dependency confusion01-02-202215-09-2022
Hacking Google Drive IntegrationsHarsh Jaiswal (@rootxharsh)DropboxSSRF17,57631-01-202215-09-2022
Microsoft OneDrive For Macos Local Privilege EscalationOffensive Security (@offsectraining)MicrosoftLocal Privilege Escalation31-01-202215-09-2022
Missing rate-limiting. How I was able to add any unowned phone number to my Facebook account? (Bounty: 5000 USD)Shubham Bhamare (@theshubh77)Meta / FacebookOTP bruteforce5,00031-01-202215-09-2022
Remote Code Execution in .tgz File UploadNick Berrie (@machevalia)RCE3,10030-01-202215-09-2022
Stored Cross-Site Scripting in MediaWikiNick Berrie (@machevalia)Stored XSS1,09028-01-202215-09-2022
Access Control Violation – Wiki Page CreationNick Berrie (@machevalia)Authorization flaw522.530-01-202215-09-2022
XSS via X-Forwarded-Host headerAbhijeet Biswas (@abhijeetbiswas_)OmiseXSS20030-01-202215-09-2022
2fa Bypass by changing Request methodArth Bajpai (@arth_bajpai)MFA bypass30-01-202215-09-2022
How I hacked my way to the top of DARPA’s hardware bug bountyMalcolm Stagg (@malcolmst)DARPA FETTHardware hacking30-01-202215-09-2022
How I Made $16,500 Hacking CDN Caching Servers — Part 1Kevin (@bxmbn)Web cache poisoning16,50029-01-202215-09-2022
Paytm-Broken Link HijackingLohith Gowda M (@lohigowda_in)PaytmBroken link hijacking29-01-202215-09-2022
Multiple HTTP Redirects to Bypass SSRF Protectionsne555SSRF29-01-202215-09-2022
Command Injection in Google Cloud ShellAdemar Nowasky JuniorGoogleRCE5,00028-01-202215-09-2022
The Story of a RCE on a Java Web ApplicationLIL NIX (@Lil__Nix)RCE28-01-202215-09-2022
Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuiteSirLeeroyJenkins (@SirLeeroyJenkin)Lark TechnologiesSSRF28-01-202215-09-2022
The Story of an RCE on a Java Web ApplicationLIL NIX (@Lil__Nix)Insecure deserialization27-01-202215-09-2022
Stealing administrative JWT’s through post auth SSRF (CVE-2021-22056)Christopher (@Kharosx0)VMwareWindows Driver hacking27-01-202215-09-2022
CVE-2020-0696 – Microsoft Outlook Security Feature Bypass VulnerabilityReegun Jayapaul (@reegun21)MicrosoftURL validation bypass27-01-202215-09-2022
Technical Analysis of CVE-2022-22583: Bypassing macOS System Integrity Protection (SIP)Perception PointAppleMacOS27-01-202215-09-2022
Auth Bypass in ADOdb CVE-2021-3850Emmet LeahAuthentication bypass26-01-202215-09-2022
Exploiting: Buffer overflow in Xiongmai DVRsChris LeechXiongmaiMemory corruption26-01-202215-09-2022
CVE-2022-0185 – Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google’s KCTF ContainersCrusaders of Rust (@cor_ctf)GoogleContainer escape31,33725-01-202215-09-2022
How I could have read your confidential bug reports by simple mail?Sudhakar Muthumani (@Sudhakarmuthu04)MicrosoftInformation disclosure25-01-202215-09-2022
Hacking the Apple Webcam (again)Ryan PickrenAppleUniversal XSS1,00,50025-01-202215-09-2022
HOW I hacked thousand of subdomainsMoSec (@moe1n1)Subdomain takeover5,00025-01-202215-09-2022
How I was able to take over accounts in websites deal with Github as an SSO providerKhaled MohamedBruteforce25-01-202215-09-2022
First Valid BUG Finding At Microsoft And I Got the Acknowledgments Page MicrosoftAidil AriefMicrosoftXSS25-01-202215-09-2022
CVE-2021-44790: Code Execution On Apache Via An Integer UnderflowChamalApacheMemory corruption25-01-2022</