Email Spoofing
https://hackerone.com/reports/793532
null
mayankraheja069
null
Missing URL sanitization in comments can be leveraged for phishing
https://hackerone.com/reports/252894
null
leovin
null
Content injection on shared event (calendar.mail.ru)
https://hackerone.com/reports/847473
null
urban_tramp
$150
Content Spoofing or Text Injection support.mycrypto.com
https://hackerone.com/reports/325827
null
w2w
null
URL filter bypass in Enterprise Grid
https://hackerone.com/reports/500348
null
akaki
$100
npm packages that overlap with core node packages
https://hackerone.com/reports/333459
8.6
mlucool
null
Lack of validation before assigning custom domain names leading to abuse of GitLab pages service
https://hackerone.com/reports/296907
null
badshah_
null
Go.imgur.com can be used to phish for account information
https://hackerone.com/reports/384101
null
kiyell
$50
Unclaimed Github Repository Takeover on https://www.data.gov/labs
https://hackerone.com/reports/515574
null
noobzombie
$150
GitHub users outside of HackerOne organization can create and update Wiki pages of certain public HackerOne repositories
https://hackerone.com/reports/459634
null
mik317
null
Stored XSS in api.icq.net
https://hackerone.com/reports/363042
0
cheatboss
$150
Twitter Source Label allow 'mongolian vowel separator' U+180E (app name)
https://hackerone.com/reports/785243
null
lorenznickel
$560
Missing SPF Records
https://hackerone.com/reports/652447
null
harshita174
null
Content Spoofing
https://hackerone.com/reports/841630
null
full109tun
null
Limited arbitrary text inclusion in user invite emails
https://hackerone.com/reports/278220
null
hk755a
null
[warofdragons.com] Content Spoofing
https://hackerone.com/reports/113370
null
bigbear_
null
[tanks.mail.ru] Content Spoofing
https://hackerone.com/reports/112871
null
bigbear_
null
[s2.jugger.ru] Content Spoofing
https://hackerone.com/reports/112869
null
bigbear_
null
Domian Takeover in [███████]
https://hackerone.com/reports/804080
null
yghonem
null
Missing SPF record for the in scope domain
https://hackerone.com/reports/325734
6.4
nitesculucian
null
Content spoofing в http://my.mail.ru/cgi-bin/app/paymentm
https://hackerone.com/reports/83565
0
page1337
null
URL link spoofing
https://hackerone.com/reports/481472
3.5
akaki
$250
ICQ for macOS: lack of com.apple.quarantine
meta-attribute on downloaded files leads to GateKeeper/Quarantine bypass for downloaded executables
https://hackerone.com/reports/484664
null
metnew
$150
Subdomain Takeover on demo.greenhouse.io pointing to unbouncepages
https://hackerone.com/reports/407355
null
hacker2202
$500