Total report count: 12623.
- 2051931: Blind SQL injection on id.indrive.com
- 1728174: Ingress nginx annotation injection causes arbitrary command execution
- 2203432: Organization members can delete reports in teams they have no access to
- 2212627: Delete external storage of any user
- 2215578: [CVE-2023-38546] cookie injection with none file
- 2024284: IDOR vulnerability on profile picture changing mechanism which discloses other user's profile picture.
- 2133308: Password Reset Token Leak Via Referrer
- 2101165: user_ldap app logs user passwords in the log file on level debug
- 2210038: HTML injection in search UI when selecting a circle with HTML in the display name
- 2180521: Google Docs link in JS files allows editing & reading survey information
- 2194928: Full account takeover of any user through reset password
- 2112973: Enabling Birthday Contact to any user
- 2055132: reflected xss in https://wordpress.com/start/account/user
- 2094346: Yet Another CASB Integration Takeover of Active Integrations
- 2233418: Unathenticated file read (CVE-2020-3452)
- 2233421: XSS in Cisco Endpoint
- 2208656: CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags
- 2218334: IDOR vulnerability in unreleased HackerOne Copilot feature
- 2078490: Stored xss at https://█.8x8.com/api/█/ID
- 1888915: Reset password link sent over unsecured http protocol
- 2041007: Cross-Site Request Forgery
- 2122938: debug.log File Exposure that exposes (user/████) username and password at █████████
- 1994324: OAuth2 client_secret stored in plain text in the database
- 2189960: CRLF injection leads to internal XSS on PangleGlobal
- 1832494: Blind SSRF on https://my.exnessaffiliates.com/ allows for internal network enumeration