| | Node.js HTTP Request Smuggling via Empty Headers Separated by CR (hackerone.com) |
| 20 points by osivertsson on July 4, 2023 | past | 2 comments |
|
| | Login to any user account using other Facebook app access token (2015) (hackerone.com) |
| 2 points by nkosingimele on July 1, 2023 | past |
|
| | Bypass Validation Parts in AWS IAM Authenticator for Kubernetes (hackerone.com) |
| 11 points by arkadiyt on May 25, 2023 | past |
|
| | TikTok bug: bypass two-factor authentication in Android apps and web (hackerone.com) |
| 1 point by ledoge on Jan 9, 2023 | past |
|
| | Leak of sensitive values to Airflow rendered template (hackerone.com) |
| 1 point by khan-gtxofied on Jan 8, 2023 | past |
|
| | HTTP Request Smuggling via HTTP/2 (hackerone.com) |
| 2 points by chiragbro on Dec 30, 2022 | past |
|
| | XSS while logging using Google (hackerone.com) |
| 1 point by goegle on Dec 10, 2022 | past |
|
| | GitHub access token exposure (hackerone.com) |
| 19 points by malazgirt on Nov 20, 2022 | past | 3 comments |
|
| | Blind SSRF on platform.dash.cloudflare.com Due to Sentry misconfiguration (hackerone.com) |
| 1 point by lohigowda on Sept 5, 2022 | past |
|
| | Twitter paid $5000 bug bounty that resulted in 5.4mm leaked records (hackerone.com) |
| 18 points by hnburnsy on Aug 9, 2022 | past | 4 comments |
|
| | Bypass SQL Injection #1109311 (hackerone.com) |
| 1 point by hackerkurdone on July 19, 2022 | past |
|
| | Multiple vulnerability leading to account takeover in TikTok SMB subdomain (hackerone.com) |
| 2 points by hackerkurdone on July 19, 2022 | past |
|
| | HackerOne June 2022 Incident Report (hackerone.com) |
| 30 points by uptown on July 1, 2022 | past | 6 comments |
|
| | Playstation confirms chain of 5 vulnerabilities on PS4/PS5 (hackerone.com) |
| 288 points by guiambros on June 19, 2022 | past | 160 comments |
|
| | Playstation bd-j exploit chain (hackerone.com) |
| 2 points by homarp on June 12, 2022 | past | 1 comment |
|
| | Disclosure of Top Vulnerability (hackerone.com) |
| 1 point by akshobdhira on May 19, 2022 | past |
|
| | PullRequest (YC S17) Acquired by HackerOne (hackerone.com) |
| 2 points by welder on April 28, 2022 | past |
|
| | Theft of Protected Files on Android (hackerone.com) |
| 3 points by yohurahan on April 15, 2022 | past |
|
| | Get all personal email IDs of Glassdoor users[No user interaction required] (hackerone.com) |
| 1 point by algore4prez2036 on March 22, 2022 | past |
|
| | Redis – Vulnerability Disclosure Program (hackerone.com) |
| 2 points by compsciphd on Jan 26, 2022 | past |
|
| | Login CSRF Vulnerability on Hackerone.com (hackerone.com) |
| 1 point by testxxs on Nov 5, 2021 | past |
|
| | Bypassing the Grammarly plagiarism checker by simply replacing characters (hackerone.com) |
| 2 points by evilksandr on Nov 1, 2021 | past | 1 comment |
|
| | Deserialization of untrusted data at HTTPS://www.redtube.com/media/hls?s=data (hackerone.com) |
| 1 point by vormir on Sept 24, 2021 | past |
|
| | Vulnerability allows generating Steam wallet balance (hackerone.com) |
| 1 point by arkadiyt on Aug 14, 2021 | past |
|
| | Vulnerability which allows attacker to generate Steam wallet balance (hackerone.com) |
| 3 points by SCLeo on Aug 11, 2021 | past |
|
| | Exposed Kubernetes API – RCE/Exposed Creds (hackerone.com) |
| 2 points by ftdatgdc on Aug 10, 2021 | past | 1 comment |
|
| | Exfiltrating a victim's exact location (to within 5m) (hackerone.com) |
| 1 point by sabindhungel315 on July 24, 2021 | past |
|
| | Hacker Report (hackerone.com) |
| 1 point by yarapavan on March 9, 2021 | past |
|
| | GitHub Account hijack through broken link in developer.twitter.com (hackerone.com) |
| 33 points by bartkappenburg on Feb 10, 2021 | past | 8 comments |
|
| | Open Redirect Vulnerability on TikTok Ads Portal (hackerone.com) |
| 1 point by richer on Jan 9, 2021 | past |
|
|
| More |
