hackerone-one-million-reports

https://hackerone.com/reports/120 |  Missing SPF for hackerone.com
https://hackerone.com/reports/280 |  Real impersonation
https://hackerone.com/reports/284 |  Broken Authentication and session management OWASP A2
https://hackerone.com/reports/288 |  Session Management
https://hackerone.com/reports/298 |  RTL override symbol not stripped from file names
https://hackerone.com/reports/321 |  CSP not consistently applied
https://hackerone.com/reports/353 |  Session not expired on logout
https://hackerone.com/reports/390 |  Pixel flood attack
https://hackerone.com/reports/400 |  GIF flooding
https://hackerone.com/reports/454 |  PNG compression DoS
https://hackerone.com/reports/477 |  Flawed account creation process allows registration of usernames corresponding to existing file names
https://hackerone.com/reports/487 |  DNS Cache Poisoning
https://hackerone.com/reports/499 |  Ruby: Heap Overflow in Floating Point Parsing
https://hackerone.com/reports/500 |  OpenSSH: Memory corruption in AES-GCM support
https://hackerone.com/reports/501 |  TLS Virtual Host Confusion
https://hackerone.com/reports/523 |  PHP openssl_x509_parse() Memory Corruption Vulnerability
https://hackerone.com/reports/546 |  Logical issues with account settings
https://hackerone.com/reports/547 |  CSRF login
https://hackerone.com/reports/575 |  Email spoofing 
https://hackerone.com/reports/713 |  Upload profile photo from URL
https://hackerone.com/reports/727 |  Switching the user to the attacker's account
https://hackerone.com/reports/737 |  Improper session management
https://hackerone.com/reports/738 |  Information disclosure (reset password token) and changing the user's password
https://hackerone.com/reports/742 |  A password reset page does not properly validate the authenticity token at the server side.
https://hackerone.com/reports/774 |  Log in a user to another account
https://hackerone.com/reports/809 |  Improperly implemented password recovery link functionality
https://hackerone.com/reports/842 |  Autocomplete enabled in Paypal preferences
https://hackerone.com/reports/1356 |  PHP Heap Overflow Vulnerability in imagecrop()
https://hackerone.com/reports/1509 |  DNS Misconfiguration
https://hackerone.com/reports/2106 |  Flash type confusion vulnerability leads to code execution
https://hackerone.com/reports/2107 |  Handling of jar: URIs bypasses AllowScriptAccess=never
https://hackerone.com/reports/2140 |  Flash local-with-fileaccess Sandbox Bypass
https://hackerone.com/reports/2170 |  Flash double free vulnerability leads to code execution
https://hackerone.com/reports/2221 |  CSS leaks SCSS debug info
https://hackerone.com/reports/2224 |  Bypass auth.email-domains
https://hackerone.com/reports/2228 |  Login CSRF using Twitter OAuth
https://hackerone.com/reports/2233 |  Bypass auth.email-domains (2)
https://hackerone.com/reports/2421 |  Value of JSESSIONID  and XSRF token parameter in cookie remains same before and after login
https://hackerone.com/reports/2427 |  XSRF token problem
https://hackerone.com/reports/2439 |  Cross Site Scripting (XSS) - app.relateiq.com
https://hackerone.com/reports/2497 |  Reflective XSS can be triggered in IE
https://hackerone.com/reports/2559 |  Broken Authentication (including Slack OAuth bugs)
https://hackerone.com/reports/2575 |  Slack OAuth2 "redirect_uri" Bypass 
https://hackerone.com/reports/2584 |  Weird Bug - Ability to see partial of other user's notification
https://hackerone.com/reports/2617 |  Stored XSS in www.slack-files.com
https://hackerone.com/reports/2622 |  URL redirection flaw
https://hackerone.com/reports/2625 |  Stored XSS in username.slack.com
https://hackerone.com/reports/2628 |  CSRF vulnerability on https://sehacure.slack.com/account/settings
https://hackerone.com/reports/2652 |  Stored XSS in Channel Chat 
https://hackerone.com/reports/2735 |  HTML injection in "Invite Collaborators"
https://hackerone.com/reports/2777 |  Reflected Xss
https://hackerone.com/reports/3227 |  Control Characters Not Stripped From Username on Signup
https://hackerone.com/reports/3356 |  UnAuthorized Editorial Publishing to Blogs
https://hackerone.com/reports/3370 |  Directory traversal attack in view resolver
https://hackerone.com/reports/3441 |  Captcha Bypass With Extension
https://hackerone.com/reports/3455 |  flash content type sniff vulnerability in api.slack.com
https://hackerone.com/reports/3596 |  OAuth access_token stealing in Phabricator
https://hackerone.com/reports/3921 |  Control character allowed in username
https://hackerone.com/reports/3930 |  OAuth Stealing Attack (New)
https://hackerone.com/reports/3986 |  Securing sensitive pages from SearchBots
https://hackerone.com/reports/4114 |  Persistent XSS: Editor link
https://hackerone.com/reports/4409 |  TRACE disclosure attack may be possible
https://hackerone.com/reports/4561 |  Stored XSS in Slackbot Direct Messages
https://hackerone.com/reports/4638 |  Duplicate of #4550
https://hackerone.com/reports/4689 |  SPDY memory corruption
https://hackerone.com/reports/4690 |  SPDY heap buffer overflow
https://hackerone.com/reports/5314 |  Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code
https://hackerone.com/reports/5786 |  Coinbase Android Security Vulnerabilities
https://hackerone.com/reports/5928 |  Uncontrolled Resource Consumption with XMPP-Layer Compression
https://hackerone.com/reports/5933 |  Multiple Issues related to registering applications
https://hackerone.com/reports/5946 |  Marking notifications as read CSRF bug
https://hackerone.com/reports/6002 |  Stored XSS in Slack.com
https://hackerone.com/reports/6017 |  Facebook Takeover using Slack using 302 from files.slack.com with access_token
https://hackerone.com/reports/6350 |  creating titleless and non-closable bugs 
https://hackerone.com/reports/6353 |  Wildcard DNS in website
https://hackerone.com/reports/6380 |  Same Origin Security Bypass Vulnerability
https://hackerone.com/reports/6389 |  Integer overflow in strop.expandtabs
https://hackerone.com/reports/6626 |  TLS heartbeat read overrun
https://hackerone.com/reports/6871 |  Login CSRF
https://hackerone.com/reports/6872 |  Sign up CSRF
https://hackerone.com/reports/6877 |  Unsecure cookies, cookie flag secure not set
https://hackerone.com/reports/6883 |  Bruteforcing irccloud login
https://hackerone.com/reports/6884 |  Leaking Referrer in Reset Password Link
https://hackerone.com/reports/6907 |  Session Token is not Verified while changing Account Setting's which Result In account Takeover
https://hackerone.com/reports/6910 |  Full account takeover using CSRF and password reset
https://hackerone.com/reports/6935 |  Missing X-Content-Type-Options
https://hackerone.com/reports/7036 |  Bug in iOS application which could lead to unauthorised access.
https://hackerone.com/reports/7041 |  iOS application does not destroy session upon logout.
https://hackerone.com/reports/7121 |  Persistent Cross Site Scripting within the IRCCloud Pastebin 
https://hackerone.com/reports/7277 |  TLS Triple Handshake Attack
https://hackerone.com/reports/7357 |  Host Header is not validated resulting in Open Redirect
https://hackerone.com/reports/7369 |  2 factor authentication design flaw
https://hackerone.com/reports/7441 |  Dangerous Persistent xss
https://hackerone.com/reports/7531 |  Login CSRF can be bypassed (Similar approach to previous one).
https://hackerone.com/reports/7803 |  Security bypass could lead to information disclosure
https://hackerone.com/reports/7931 |  Issue with remember_user_token
https://hackerone.com/reports/8082 |  Password Reset Bug
https://hackerone.com/reports/8724 |  Clickjacking
https://hackerone.com/reports/8846 |  localStorage Ğ½Ğµ Ñ‡Ğ¸ÑÑ‚Ğ¸Ñ‚ÑÑ Ğ¿Ğ¾ÑĞ»Ğµ Ğ²Ñ‹Ñ…Ğ¾Ğ´Ğ°
https://hackerone.com/reports/9318 |  Home page reflected XSS
https://hackerone.com/reports/9375 |  Stored XSS in all fields in Basic Google Maps Placemarks Settings
https://hackerone.com/reports/9391 |  Xss in CampTix Event Ticketing
https://hackerone.com/reports/9479 |  Anti-MIME-Sniffing header X-Content-Type-Options header has not been set.
https://hackerone.com/reports/9774 |  Stored XSS Found
https://hackerone.com/reports/9919 |  SQL injection [Ğ´Ñ‹Ñ€ĞºĞ° Ğ² Ğ´Ğ²Ğ¸Ğ¶ĞºĞµ Ñ„Ğ¾Ñ€ÑƒĞ¼Ğ°]
https://hackerone.com/reports/9921 |  Time based sql injection
https://hackerone.com/reports/10037 |  SQL inj
https://hackerone.com/reports/10081 |  SQL 
https://hackerone.com/reports/10297 |  Stored XSS in slack.com (integrations)
https://hackerone.com/reports/10373 |  Bypassing Same Origin Policy With JSONP APIs and Flash
https://hackerone.com/reports/10468 |  SQL inj
https://hackerone.com/reports/10554 |  Bypassing 2FA for BTC transfers
https://hackerone.com/reports/10563 |  CSRF on "Set as primary" option on the accounts page
https://hackerone.com/reports/10829 |  CSRF in function "Set as primary" on  accounts page
https://hackerone.com/reports/11073 |  XSS in gist integration
https://hackerone.com/reports/11410 |  XSS in https://e.mail.ru/cgi-bin/lstatic (Limited use)
https://hackerone.com/reports/11861 |  SQL injection update.mail.ru
https://hackerone.com/reports/11919 |  Stored XSS on http://top.mail.ru
https://hackerone.com/reports/11927 |  Stored XSS on http://cards.mail.ru
https://hackerone.com/reports/12297 |  Python vulnerability: reading arbitrary process memory
https://hackerone.com/reports/12497 |  Adobe Flash Player FileReference Use-after-Free Vulnerability
https://hackerone.com/reports/12583 |  XXE and SSRF on webmaster.mail.ru
https://hackerone.com/reports/12588 |  XSS in a file or folder name
https://hackerone.com/reports/13195 |  auth.mail.ru: XSS in login form
https://hackerone.com/reports/13286 |  Host Header Injection - irccloud.com
https://hackerone.com/reports/13748 |  Potential denial of service in hackerone.com/teams/new
https://hackerone.com/reports/13959 |  privilege escalation
https://hackerone.com/reports/14033 |  connect.mail.ru: SSRF
https://hackerone.com/reports/14127 |  SSRF on https://whitehataudit.slack.com/account/photo
https://hackerone.com/reports/14570 |  Login password guessing attack
https://hackerone.com/reports/14631 |  Clickjacking at https://www.mavenlink.com/ main website 
https://hackerone.com/reports/15166 |  Password reset token not expiring
https://hackerone.com/reports/15362 |  Flash Sandbox Bypass
https://hackerone.com/reports/15412 |  Leaking CSRF token over HTTP resulting in CSRF protection bypass
https://hackerone.com/reports/15762 |  SQL Injection on 11x11.mail.ru
https://hackerone.com/reports/15785 |  Session not invalidated after password reset
https://hackerone.com/reports/15852 |  Non Validation of session after password reset
https://hackerone.com/reports/16315 |  Abusing VCS control on phabricator
https://hackerone.com/reports/16330 |  Multiple issues in looking-glass software (aka from web to BGP injections)
https://hackerone.com/reports/16392 |  Abusing daemon logs for Privilege escalation under certain scenarios
https://hackerone.com/reports/16568 |  Failed Certificate Validation On Custom Server (Register)
https://hackerone.com/reports/16571 |  SSRF (Portscan) via Register Function (Custom Server)
https://hackerone.com/reports/16718 |  Open Redirect login account
https://hackerone.com/reports/16935 |  e.mail.ru: SMS spam with custom content
https://hackerone.com/reports/17160 |  Password Policy issue (Weak Protect)
https://hackerone.com/reports/17383 |  Category- Broken Authentication and Session Management (leads to account compromise if some conditions are met)
https://hackerone.com/reports/17474 |  Broken Authentication and Session Management
https://hackerone.com/reports/17540 |  Reflected XSS in Pastebin-view
https://hackerone.com/reports/17688 |  LZ4 Core
https://hackerone.com/reports/17785 |  Denial of Service
https://hackerone.com/reports/18691 |  XSS in editor by any user
https://hackerone.com/reports/18698 |  Resubmitted with POC #18685 Password reset CSRF
https://hackerone.com/reports/18843 |  use-after-free vulnerability in Flash Player
https://hackerone.com/reports/18992 |  Possibility to attach any mobile number to any email
https://hackerone.com/reports/20049 |  Cross-site Scripting in mailing (username)
https://hackerone.com/reports/20391 |  m.agent.mail.ru: ĞŸĞ¾Ğ´Ğ´ĞµĞ»Ñ‹Ğ²Ğ°ĞµĞ¼ j2me app-descriptor
https://hackerone.com/reports/20616 |  e.mail.ru: File upload "Chapito" circus
https://hackerone.com/reports/20671 |  integer overflow in 'buffer' type allows reading memory
https://hackerone.com/reports/20720 |  cloud.mail.ru: File upload XSS using Content-Type header
https://hackerone.com/reports/20861 |  moderate: mod_deflate denial of service
https://hackerone.com/reports/20873 |  rsync hash collisions may allow an attacker to corrupt or modify files
https://hackerone.com/reports/21034 |  Invoice Details activate JS that filled in 
https://hackerone.com/reports/21069 |  Login CSRF
https://hackerone.com/reports/21110 |  Clickjacking
https://hackerone.com/reports/21150 |  Flash XSS  on swfupload.swf showing at app.mavenlink.com
https://hackerone.com/reports/21210 |  privilege escalation
https://hackerone.com/reports/21248 |  Content spoofing at Stripe Integrations
https://hackerone.com/reports/22093 |  Content Spoofing all Integrations in https://team.slack.com/services/new/
https://hackerone.com/reports/23363 |  Forgot Password Issue
https://hackerone.com/reports/23386 |  Redirect while opening links in new tabs
https://hackerone.com/reports/23852 |  money.mail.ru: Ğ¡Ñ‚Ñ€Ğ°Ğ½Ğ½Ğ¾Ğµ Ğ¿Ğ¾Ğ²ĞµĞ´ĞµĞ½Ğ¸Ğµ SMS
https://hackerone.com/reports/25160 |  Open redirection on secure.phabricator.com
https://hackerone.com/reports/25281 |  Change Any username and profile link in hackerone
https://hackerone.com/reports/26647 |  CSRF protection bypass on any Django powered site via Google Analytics
https://hackerone.com/reports/26825 |  Full path disclosure at ads.twitter.com
https://hackerone.com/reports/26935 |  XSS via .eml file
https://hackerone.com/reports/26962 |  open redirect in rfc6749
https://hackerone.com/reports/27166 |  Missing Rate Limiting on https://twitter.com/account/complete
https://hackerone.com/reports/27404 |  Delete Credit Cards from any Twitter Account in ads.twitter.com [New Vulnerability]
https://hackerone.com/reports/27511 |  ads.twitter.com xss
https://hackerone.com/reports/27651 |  Flash Local Sandbox Bypass
https://hackerone.com/reports/27846 |  Stored xss
https://hackerone.com/reports/27987 |  Window Opener Property Bug
https://hackerone.com/reports/28150 |  Cross site scripting on ads.twitter.com
https://hackerone.com/reports/28445 |  SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities
https://hackerone.com/reports/28449 |  Active Record SQL Injection Vulnerability Affecting PostgreSQL
https://hackerone.com/reports/28450 |  Active Record SQL Injection Vulnerability Affecting PostgreSQL
https://hackerone.com/reports/28500 |  iOS App can establish Facetime calls without user's permission
https://hackerone.com/reports/28832 |  touch.mail.ru XSS via message id
https://hackerone.com/reports/28865 |  Redirect FILTER bypass in report/comment
https://hackerone.com/reports/29234 |  Credit Card Validation Issue
https://hackerone.com/reports/29328 |  XSS platform.twitter.com
https://hackerone.com/reports/29331 |  No email verification on username change
https://hackerone.com/reports/29360 |  XSS platform.twitter.com | video-js metadata
https://hackerone.com/reports/29480 |  Unvalidated Channel names causes IRC Command Injection
https://hackerone.com/reports/29491 |  homograph attack. IDNs displayed in unicode in bug reports and on external link warning page
https://hackerone.com/reports/29835 |  Profile Pic padding (Length-hiding) fails due to use of GZIP
https://hackerone.com/reports/29839 |  GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability
https://hackerone.com/reports/30238 |  New Device confirmation tokens are not properly validated.
https://hackerone.com/reports/30567 |  Adobe Flash Player MP4 Use-After-Free Vulnerability
https://hackerone.com/reports/30852 |  Relateiq SSLv3 deprecated protocol vulnerability.
https://hackerone.com/reports/30975 |  Improper Verification of email address while saving Account Settings
https://hackerone.com/reports/31082 |  Unauthorized Tweeting on behalf of Account Owners
https://hackerone.com/reports/31168 |  Cryptographic Side Channel in OAuth Library
https://hackerone.com/reports/31383 |  Ability to see common response titles of other teams (limited)
https://hackerone.com/reports/31408 |  Adobe Flash Player Out-of-Bound Read/Write Vulnerability
https://hackerone.com/reports/31415 |  PoodleBleed
https://hackerone.com/reports/31554 |  Singup Page HTML Injection Vulnerability
https://hackerone.com/reports/31756 |  Drupal 7 pre auth sql injection and remote code execution
https://hackerone.com/reports/32519 |  XSS in fabric.io
https://hackerone.com/reports/32570 |  OpenSSL HeartBleed (CVE-2014-0160)
https://hackerone.com/reports/32825 |  URGENT - Subdomain Takeover on media.vine.co due to unclaimed domain pointing to AWS
https://hackerone.com/reports/33018 |  a stored xss in  slack integration  https://onerror.slack.com/services/import
https://hackerone.com/reports/33091 |  DOM Cross-Site Scripting ( XSS )
https://hackerone.com/reports/33935 |  File Name Enumeration 
https://hackerone.com/reports/34084 |  Bad extended ascii handling in HTTP 301 redirects of t.co
https://hackerone.com/reports/34112 |  SMPT Protection not used, I can hijack your email server.
https://hackerone.com/reports/34686 |  ĞÑˆĞ¸Ğ±ĞºĞ° Ñ„Ğ¸Ğ»ÑŒÑ‚Ñ€Ğ°Ñ†Ğ¸Ğ¸
https://hackerone.com/reports/34725 |  XSS via Fabrico Account Name
https://hackerone.com/reports/35102 |  Locale::parseLocale Double Free
https://hackerone.com/reports/35237 |  Gain reputation by creating a duplicate of an existing report
https://hackerone.com/reports/35287 |  getting emails of users/removing them from victims account [using typical attack]
https://hackerone.com/reports/35363 |  [static.qiwi.com] XSS proxy.html
https://hackerone.com/reports/35413 |  [send.qiwi.ru] XSS at auth?login=
https://hackerone.com/reports/36105 |  CRLF Injection [ishop.qiwi.com]
https://hackerone.com/reports/36211 |  Logic Issue with Reputation: Boost Reputation Points
https://hackerone.com/reports/36264 |  mod_proxy_fcgi buffer overflow
https://hackerone.com/reports/36279 |  Adobe Flash Player MP4 Use-After-Free Vulnerability
https://hackerone.com/reports/36319 |  [qiwi.com] /oauth/confirm.action XSS
https://hackerone.com/reports/36450 |  [send.qiwi.ru] Soap-based XXE vulnerability /soapserver/ 
https://hackerone.com/reports/36594 |  New Device Confirmation, token is valid until not used. 
https://hackerone.com/reports/36986 |  [Stored XSS] vine.co - profile page
https://hackerone.com/reports/37240 |  Race condition in Flash workers may cause an exploitablâ€‹e double free
https://hackerone.com/reports/38007 |  Subdomain Takeover using blog.greenhouse.io pointing to Hubspot
https://hackerone.com/reports/38157 |  [qiwi.com] Open Redirect
https://hackerone.com/reports/38170 |  Misc Python bugs (Memory Corruption & Use After Free)
https://hackerone.com/reports/38189 |  xss in /browse/contacts/
https://hackerone.com/reports/38232 |  Breaking Bugs as team member
https://hackerone.com/reports/38343 |  Issue with password change
https://hackerone.com/reports/38345 |  [sms.qiwi.ru] XSS via Request-URI
https://hackerone.com/reports/38615 |  [connect.mail.ru] Memory Disclosure / IE XSS
https://hackerone.com/reports/38965 |  Phabricator Diffusion application allows unauthorized users to delete mirrors
https://hackerone.com/reports/39181 |  [vimeopro.com] CRLF Injection
https://hackerone.com/reports/39428 |  Phabricator Phame Blog Skins Local File Inclusion
https://hackerone.com/reports/39486 |  No bruteforce protection leads to enumeration of emails in http://e.mail.ru/
https://hackerone.com/reports/39631 |  Open redirection in fabric.io
https://hackerone.com/reports/41240 |  POODLE Bug: 199.16.156.44, 199.16.156.108, mx4.twitter.com
https://hackerone.com/reports/41469 |  Error stack trace
https://hackerone.com/reports/41758 |  Stored XSS in api key of operator wallet
https://hackerone.com/reports/41856 |  HTML/XSS rendered in Android App of Crashlytics through fabric.io
https://hackerone.com/reports/42161 |  stored xss in transaction
https://hackerone.com/reports/42236 |  URGENT - Subdomain Takeover on users.tweetdeck.com , the same issue  of report #32825
https://hackerone.com/reports/42240 |  chrome allows POST requests with custom headers using flash + 307 redirect
https://hackerone.com/reports/42393 |  XSS on partners.uber.com
https://hackerone.com/reports/42582 |  Vimeo.com - Reflected XSS Vulnerability
https://hackerone.com/reports/42584 |  Vimeo.com - reflected xss vulnerability
https://hackerone.com/reports/42587 |  Vimeo.com Insecure Direct Object References Reset Password
https://hackerone.com/reports/42702 |  APIs for channels allow HTML entities that may cause XSS issue
https://hackerone.com/reports/42797 |  Denial of Service in Action Pack Exception Handling
https://hackerone.com/reports/42961 |  fabric.io - app member can make himself an admin
https://hackerone.com/reports/43065 |  Fabric.io - an app admin can delete team members from other user apps
https://hackerone.com/reports/43440 |  Arbitrary file existence disclosure in Action Pack
https://hackerone.com/reports/43443 |  PyUnicode_FromFormatV crasher
https://hackerone.com/reports/43602 |  Buying ondemand videos that  0.1  and sometimes for free 
https://hackerone.com/reports/43617 |  Adding profile picture to anyone on Vimeo
https://hackerone.com/reports/43672 |  player.vimeo.com - Reflected XSS Vulnerability
https://hackerone.com/reports/43770 |  Ability to Download Music Tracks Without Paying (Missing permission check on`/musicstore/download`)
https://hackerone.com/reports/43850 |  abusing Thumbnails(https://vimeo.com/upload/select_thumb) to see a private video
https://hackerone.com/reports/43988 |  twitter android app Fragment Injection
https://hackerone.com/reports/43998 |  CRITICAL full source code/config disclosure for Cameo
https://hackerone.com/reports/44052 |  Hadoop Node available to public
https://hackerone.com/reports/44146 |  Make API calls on behalf of another user (CSRF protection bypass)
https://hackerone.com/reports/44217 |  Application XSS filter function Bypass may allow Multiple stored XSS
https://hackerone.com/reports/44294 |  Heartbleed: my.com (185.30.178.33) port 1433
https://hackerone.com/reports/44492 |  Flaw in login with twitter to steal Oauth tokens
https://hackerone.com/reports/44512 |  XSS on any site that includes the moogaloop flash player | deprecated embed code 
https://hackerone.com/reports/44513 |  RCE due to Web Console IP Whitelist bypass in Rails 4.0 and 4.1
https://hackerone.com/reports/44727 |  Insecure Data Storage in Vine Android App
https://hackerone.com/reports/44798 |  Vimeo Search - XSS Vulnerability [http://vimeo.com/search]
https://hackerone.com/reports/44888 |  Improper way of validating a program
https://hackerone.com/reports/45368 |  ftp upload of video allows naming that is not sanitized as the manual naming
https://hackerone.com/reports/45484 |  XSS on Vimeo
https://hackerone.com/reports/45960 |  CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to `Videos` of Channel whose privacy is set to `Private`.
https://hackerone.com/reports/46072 |  Vulnerability with the way \ escaped characters in <http://danlec.com> style links are rendered
https://hackerone.com/reports/46113 |  Can message users without the proper authorization
https://hackerone.com/reports/46345 |  Directory index and information disclosure
https://hackerone.com/reports/46366 |  Error stack trace
https://hackerone.com/reports/46397 |  Insecure Direct Object Reference vulnerability
https://hackerone.com/reports/46429 |  Team member invitations to sandboxed teams are not invalidated consistently
https://hackerone.com/reports/46485 |  Problem with OAuth
https://hackerone.com/reports/46618 |  Frictionless Transferring of Wallet Ownership
https://hackerone.com/reports/46747 |  Team admin can change unauthorized team setting (require_at_for_mention)
https://hackerone.com/reports/46750 |  Team admin can change unauthorized team setting (allow_message_deletion)
https://hackerone.com/reports/46818 |  Twitter Card - Parent Window Redirection
https://hackerone.com/reports/46916 |  Markdown parsing issue enables insertion of malicious tags and event handlers
https://hackerone.com/reports/47012 |  Adobe Flash Player Out-of-Bound Access Vulnerability
https://hackerone.com/reports/47227 |  Race condition in workers may cause an exploitable double free by abusing bytearray.compress()  
https://hackerone.com/reports/47232 |  Use after free during the StageVideoAvailabilityEvent can result in arbitrary code execution
https://hackerone.com/reports/47234 |  Use After Free in Flash MessageChannel.send can cause arbitrary code execution
https://hackerone.com/reports/47280 |  JSON keys are not properly escaped
https://hackerone.com/reports/47472 |  CSP Bypass: Click handler for links with data-method="post" can cause authenticity_token to be sent off domain
https://hackerone.com/reports/47495 |  Same Origin Policy bypass
https://hackerone.com/reports/47536 |  [ishop.qiwi.com] XSS + Misconfiguration
https://hackerone.com/reports/47627 |  Email Enumeration (POC)
https://hackerone.com/reports/47779 |  Heap overflow in H. Spencerâ€™s regex library on 32 bit systems 
https://hackerone.com/reports/47888 |  Reporting user's profile by using another people's ID
https://hackerone.com/reports/47940 |  Team admin can add billing contacts
https://hackerone.com/reports/48065 |  open authentication bug
https://hackerone.com/reports/48100 |  Bad Write in TTF font parsing (win32k.sys)
https://hackerone.com/reports/48422 |  Team member invitations to sandboxed teams are not invalidated consistently (v2)
https://hackerone.com/reports/48516 |  Redirect URL in /intent/ functionality is not properly escaped
https://hackerone.com/reports/49035 |  HDFS NameNode Public disclosure: http://185.5.139.33:50070/dfshealth.jsp
https://hackerone.com/reports/49139 |  scfbp.tng.mail.ru: Heartbleed
https://hackerone.com/reports/49170 |  Information disclosure - emails disclosed in response > staging.seatme.us
https://hackerone.com/reports/49408 |  RCE Ñ‡ĞµÑ€ĞµĞ· JDWP
https://hackerone.com/reports/49561 |  Vimeo + & Vimeo PRO Unautorised Tax bypass
https://hackerone.com/reports/49652 |  Improperly validated fields allows injection of arbitrary HTML via spoofed React objects
https://hackerone.com/reports/49663 |  URGENT - Subdomain Takeover on status.vimeo.com due to unclaimed domain pointing to statuspage.io
https://hackerone.com/reports/49759 |  Open Redirect leak of authenticity_token lead to full account take over.
https://hackerone.com/reports/49806 |  Twitter Ads Campaign information disclosure through admin without any authentication.
https://hackerone.com/reports/49935 |  rails-ujs will send CSRF tokens to other origins
https://hackerone.com/reports/49974 |  The csrf token remains same after user logs in
https://hackerone.com/reports/50134 |  XSS in original referrer after follow
https://hackerone.com/reports/50170 |  FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers
https://hackerone.com/reports/50752 |  open redirect sends authenticity_token to any website or (ip address)
https://hackerone.com/reports/50776 |  A user can edit comments even after video comments are disabled
https://hackerone.com/reports/50786 |  A user can add videos to other user's private groups
https://hackerone.com/reports/50829 |  A user can post comments on other user's private videos
https://hackerone.com/reports/50884 |  Bypass pin(4 digit passcode on your android app)
https://hackerone.com/reports/50885 |  CVE-2014-0224 openssl ccs vulnerability
https://hackerone.com/reports/50941 |  A user can enhance their videos with paid tracks without buying the track
https://hackerone.com/reports/51265 |  Flash Cross Domain Policy Bypass by Using File Upload and Redirection - only in Chrome
https://hackerone.com/reports/51817 |  Post in private groups after getting removed
https://hackerone.com/reports/52035 |  Open redirect in "Language change".
https://hackerone.com/reports/52042 |  HTTP Response Splitting (CRLF injection) in report_story
https://hackerone.com/reports/52176 |  Insecure Direct Object References in https://vimeo.com/forums
https://hackerone.com/reports/52181 |  Insecure Direct Object References that allows to read any comment (even if it should be private)
https://hackerone.com/reports/52635 |  UniFi v3.2.10 Cross-Site Request Forgeries / Referer-Check Bypass
https://hackerone.com/reports/52646 |  Insecure direct object reference - have access to deleted DM's
https://hackerone.com/reports/52707 |  Invite any user to your group without even following him
https://hackerone.com/reports/52708 |  Share your channel to any user on vimeo without following him
https://hackerone.com/reports/52822 |  XSS with Time-of-Day Format
https://hackerone.com/reports/52982 |  [URGENT ISSUE] Add or Delete the videos in watch later list of any user .
https://hackerone.com/reports/53004 |  Blacklist bypass on Callback URLs
https://hackerone.com/reports/53088 |  SSRF vulnerability (access to metadata server on EC2 and OpenStack)
https://hackerone.com/reports/53098 |  XSS in twitter.com/safety/unsafe_link_warning
https://hackerone.com/reports/53843 |  HTTP Response Splitting (CRLF injection) due to headers overflow
https://hackerone.com/reports/53858 |  Insecure Direct Object Reference - access to other user/group DM's
https://hackerone.com/reports/54094 |  HTTP MitM on Flash Player settings manager allows attacker to set sandbox settings
https://hackerone.com/reports/54321 |  Xss in website's link
https://hackerone.com/reports/54327 |  Persistent cross-site scripting (XSS) in map attribution
https://hackerone.com/reports/54610 |  Logout any user of same team
https://hackerone.com/reports/54631 |  Vulnerable to JavaScript injection. (WXS)  (Javascript injection)!
https://hackerone.com/reports/54641 |  Captcha Bypass in Snapchat's Geofilter Submission Process
https://hackerone.com/reports/54719 |  e.mail.ru stored XSS in agent via sticker (smile)
https://hackerone.com/reports/54733 |  Sandboxed iframes don't show confirmation screen
https://hackerone.com/reports/54779 |  Missing spf flags for myshopify.com
https://hackerone.com/reports/55017 |  Multiple Python integer overflows
https://hackerone.com/reports/55018 |  Segmentation fault for invalid PSS parameters
https://hackerone.com/reports/55028 |  Free called on unitialized pointer in exif.c
https://hackerone.com/reports/55029 |  Use after free vulnerability in unserialize() with DateTimeZone
https://hackerone.com/reports/55030 |  SoapClient's __call() type confusion through unserialize()
https://hackerone.com/reports/55033 |  Use after free vulnerability in unserialize()
https://hackerone.com/reports/55140 |  Race Conditions in OAuth 2 API implementations
https://hackerone.com/reports/55431 |  XML Parser Bug: XXE over which leads to RCE
https://hackerone.com/reports/55525 |  Open redirection in OAuth
https://hackerone.com/reports/55530 |  Authentication Failed Mobile version
https://hackerone.com/reports/55546 |  Open Redirect after login at http://ecommerce.shopify.com
https://hackerone.com/reports/55670 |  Fabric.io:  Ex-admin of an organization can delete team members
https://hackerone.com/reports/55716 |  Force 500 Internal Server Error on any shop (for one user)
https://hackerone.com/reports/55842 |  [persistent cross-site scripting] customers can target admins
https://hackerone.com/reports/55911 |  CSRF token fixation in facebook store app that can lead to adding attacker to victim acc 
https://hackerone.com/reports/56002 |  Shopify android client all API request's response leakage, including access_token, cookie, response header, response body content
https://hackerone.com/reports/56385 |  Double free vulnerability in Flash Player Settings Manager (CVE-2015-0346)
https://hackerone.com/reports/56511 |  IDOR expire other user sessions
https://hackerone.com/reports/56626 |  Shop admin can change external login services
https://hackerone.com/reports/56742 |  SPF whitelist of mandrill leads to email forgery
https://hackerone.com/reports/56779 |  XSS on ecommerce.shopify.com
https://hackerone.com/reports/56828 |  SSRF vulnerablity in app webhooks
https://hackerone.com/reports/56936 |  Notification request disclose private information about other myshopify accounts
https://hackerone.com/reports/57163 |  Open-redirect on hackerone.com
https://hackerone.com/reports/57356 |  DOM based cookie bomb
https://hackerone.com/reports/57459 |  XSS in experts.shopify.com
https://hackerone.com/reports/57603 |  API: missing invalidation of OAuth2 Authorization Code during access revocation causes authorization bypass
https://hackerone.com/reports/57692 |  Server responds with the server error logs on account creation
https://hackerone.com/reports/57764 |  ByPassing the email Validation Email on Sign up process in mobile apps
https://hackerone.com/reports/57914 |  HTML injection in email sent by romit.io
https://hackerone.com/reports/57918 |  Insecure Local Data Storage  : Application stores data using a binary sqlite database
https://hackerone.com/reports/58612 |  Homograph attack
https://hackerone.com/reports/58630 |  Content Spoofing
https://hackerone.com/reports/58679 |  SSL cookie without secure flag set
https://hackerone.com/reports/59015 |  Stored XSS in the Shopify Discussion Forums
https://hackerone.com/reports/59179 |  Race condition when redeeming coupon codes
https://hackerone.com/reports/59356 |  XSS in dropbox main domain 
https://hackerone.com/reports/59369 |  Making any Report Failed to load
https://hackerone.com/reports/59375 |  Homograph attack
https://hackerone.com/reports/59469 |  Fake URL + Additional vectors for homograph attack
https://hackerone.com/reports/59505 |  Create and Update patients vulnerability
https://hackerone.com/reports/59508 |  Accessing all appointments vulnerability
https://hackerone.com/reports/59659 |  Reopen Disable Accounts/ Hidden Access After Disable
https://hackerone.com/reports/60016 |  xss profile
https://hackerone.com/reports/60058 |  teach.udemy.com log poison vulnerability through wordpress debug.log being publically available
https://hackerone.com/reports/60402 |  Content Spoofing - External Link Warning Page
https://hackerone.com/reports/60573 |  http://fitter1.i.mail.ru/browser/ Ñ‚Ğ¾Ñ€Ñ‡Ğ¸Ñ‚ Graphite Ğ² Ğ¼Ğ¸Ñ€
https://hackerone.com/reports/61312 |  Bypass of the SSRF protection (Slack commands, Phabricator integration)
https://hackerone.com/reports/61367 |  xss on autoserch
https://hackerone.com/reports/61371 |  leak receipt of another user
https://hackerone.com/reports/62301 |  Ability to add pishing links in discusion ," Bypassing uneductional Links  add "
https://hackerone.com/reports/62400 |  XSS on https://www.udemy.com/asset/export.html
https://hackerone.com/reports/62427 |  XSS in myshopify.com Admin site in TAX Overrides
https://hackerone.com/reports/62531 |  tt-mac.i.mail.ru: Quagga 0.99.23.1 (Router) : Default password and default enable password
https://hackerone.com/reports/62544 |  http://tp-dev1.tp.smailru.net/
https://hackerone.com/reports/62778 |  Multiple sub domain are vulnerable because of leaking full path 
https://hackerone.com/reports/62861 |  Bulk Discount App in myshopify.com exposes http://bulkdiscounts.shopifyapps.com vulnerable to XSS
https://hackerone.com/reports/63158 |  External URL page bypass
https://hackerone.com/reports/63324 |  Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298
https://hackerone.com/reports/63537 |  XSS in https://app.mavenlink.com/workspaces/
https://hackerone.com/reports/63729 |  Logic error with notifications: user that has left team continues to receive notifications and can not 'clean' this area on account
https://hackerone.com/reports/63865 |  Potential denial of service in hackerone.com/<program>/reward_settings
https://hackerone.com/reports/63888 |  Cross site scripting
https://hackerone.com/reports/64731 |  Able to intercept app Traffic after choosing up the Secured Connection using SSL (HTTPS)
https://hackerone.com/reports/64963 |  API: Bug in method auth.validatePhone
https://hackerone.com/reports/65013 |  HTML Injection Ğ½Ğ° e.mail.ru
https://hackerone.com/reports/65084 |  Big Bug with Vault which i have already reported: Case #606962
https://hackerone.com/reports/65284 |  Stored Cross-Site Scripting in Map Share Page
https://hackerone.com/reports/65330 |  ĞĞµ Ğ´Ğ¾ÑÑ‚Ğ°Ñ‚Ğ¾Ñ‡Ğ½Ğ°Ñ Ğ¿Ñ€Ğ¾Ğ²ĞµÑ€ĞºĞ° Ğ»Ğ¾Ğ³Ğ¸Ğ½Ğ° ÑĞºĞ°Ğ¹Ğ¿
https://hackerone.com/reports/65729 |  Activities are not Protected and able to crash app using other app (Can Malware or third parry app).
https://hackerone.com/reports/66121 |  XSS at http://vk.com on IE using flash files
https://hackerone.com/reports/66151 |  Invitation is not properly cancelled while inviting to bug reports.
https://hackerone.com/reports/66235 |  Ğ£ÑĞ·Ğ²Ğ¸Ğ¼Ğ¾ÑÑ‚ÑŒ Ğ² Ğ£ĞºĞ°Ğ·Ğ°Ğ½Ğ¸Ğµ Ğ¼ĞµÑÑ‚ Ğ½Ğ° Ñ„Ğ¾Ñ‚Ğ¾ + Ñ„Ğ¸Ñ‡Ğ° + Ñ…Ğ°ĞºĞ¸Ğ½Ğ³
https://hackerone.com/reports/66257 |  [s.mail.ru] CRLF Injection
https://hackerone.com/reports/66262 |  mailto: link injection on https://hackerone.com/directory
https://hackerone.com/reports/66386 |  [www.*.myshopify.com] CRLF Injection
https://hackerone.com/reports/66962 |  Misusing of FPU Instruction Could Cause Security Vulnerabilities in Adobe Flash Player
https://hackerone.com/reports/67125 |  XSS at importing Product List
https://hackerone.com/reports/67132 |  XSS at Bulk editing products
https://hackerone.com/reports/67161 |  Possible xWork classLoader RCE: shared.mail.ru
https://hackerone.com/reports/67220 |  Expire User Sessions in Admin Site does not expire user session in Shopify Application in IOS
https://hackerone.com/reports/67377 |  SSRF via 'Add Image from URL' feature
https://hackerone.com/reports/67386 |  [my.mail.ru] CRLF Injection
https://hackerone.com/reports/67389 |  SSRF via 'Insert Image' feature of Products/Collections/Frontpage
https://hackerone.com/reports/67660 |  Verification code issues for Two-Step Authentication
https://hackerone.com/reports/71614 |  XSS in Myshopify Admin Site in DISCOUNTS
https://hackerone.com/reports/72243 |  Publicly exposed SVN repository, ht.pornhub.com
https://hackerone.com/reports/72331 |  XSS at Bulk editing ProductVariants
https://hackerone.com/reports/72785 |  CSV Injection with the CVS export feature
https://hackerone.com/reports/73234 |  out of bounds read crashes php-cgi
https://hackerone.com/reports/73235 |  Use After Free Vulnerability in unserialize()
https://hackerone.com/reports/73236 |  X509_to_X509_REQ NULL pointer deref
https://hackerone.com/reports/73237 |  Buffer Over flow when parsing tar/zip/phar in phar_set_inode
https://hackerone.com/reports/73238 |  Buffer Over-read in unserialize when parsing Phar
https://hackerone.com/reports/73239 |  ZIP Integer Overflow leads to writing past heap boundary
https://hackerone.com/reports/73240 |  Integer overflow in ftp_genlist() resulting in heap overflow
https://hackerone.com/reports/73241 |  Malformed ECParameters causes infinite loop
https://hackerone.com/reports/73244 |  Use after free vulnerability in unserialize() with DateInterval
https://hackerone.com/reports/73245 |  Type Confusion Vulnerability in SoapClient
https://hackerone.com/reports/73246 |  Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER
https://hackerone.com/reports/73247 |  php_stream_url_wrap_http_ex() type-confusion vulnerability
https://hackerone.com/reports/73248 |  Tokenizer crash when processing undecodable source code
https://hackerone.com/reports/73249 |  Multiple use after free bugs in element module
https://hackerone.com/reports/73250 |  Multiple use after free bugs in heapq module
https://hackerone.com/reports/73251 |  Multiple use after free bugs in json encoding
https://hackerone.com/reports/73252 |  Use after free in get_filter
https://hackerone.com/reports/73253 |  Multiple type confusions in unicode error handlers
https://hackerone.com/reports/73255 |  str_repeat() sign mismatch based memory corruption
https://hackerone.com/reports/73256 |  PHP yaml_parse/yaml_parse_file/yaml_parse_url Double Free
https://hackerone.com/reports/73257 |  PHP yaml_parse/yaml_parse_file/yaml_parse_url Unsafe Deserialization
https://hackerone.com/reports/73258 |  Python: imageop Unsafe Arithmetic
https://hackerone.com/reports/73259 |  Integer overflow in _pickle.c
https://hackerone.com/reports/73260 |  Integer overflow in _json_encode_unicode leads to crash
https://hackerone.com/reports/73276 |  Internet-based attacker can run Flash apps in local sandboxes by using  special URL schemes (PSIRT-3299, CVE-2015-3079)
https://hackerone.com/reports/73491 |  Buffer Overflow in PHP of the AirMax Products
https://hackerone.com/reports/73566 |  Reflected XSS in chat
https://hackerone.com/reports/73567 |  Attention! Remote Code Execution at http://wpt.ec2.shopify.com/
https://hackerone.com/reports/73808 |  Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to.
https://hackerone.com/reports/74004 |  Other Buffer Overflow in PHP of the AirMax Products
https://hackerone.com/reports/74025 |  Yet another Buffer Overflow in PHP of the AirMax Products
https://hackerone.com/reports/74147 |  Potential for financial loss, negative Values for "Buy fee" and "Sell Fee"
https://hackerone.com/reports/75357 |  Session Cookie without HttpOnly and secure flag set
https://hackerone.com/reports/75556 |  Accessing title of the report of which you are marked as duplicate
https://hackerone.com/reports/75702 |  No rate limit which leads to "Users information Disclosure" including verfification documents etc.
https://hackerone.com/reports/75727 |  Stored Cross site scripting In developer.zendesk.com
https://hackerone.com/reports/76307 |  Self XSS Protection not used , I can trick users to insert JavaScript
https://hackerone.com/reports/76713 |  XSS - Gallery Search Listing
https://hackerone.com/reports/76733 |  Using GET method for account login with CSRF token leaking to external sites Via Referer.
https://hackerone.com/reports/76738 |  Open redirect filter bypass
https://hackerone.com/reports/77060 |  SMTP protection not used
https://hackerone.com/reports/77065 |  Stealing CSRF Tokens
https://hackerone.com/reports/77067 |  No rate limiting for sensitive actions (like "forgot password") enables user enumeration
https://hackerone.com/reports/77076 |  GA code not verified on the server side allows sending Verification Documents on behalf of another user
https://hackerone.com/reports/77081 |  Content Sniffing not disabled
https://hackerone.com/reports/77221 |  Open/Unvalidated Redirect Issue
https://hackerone.com/reports/77231 |  Weak Cryptographic Hash
https://hackerone.com/reports/77319 |  Full path disclosure at https://keybase.io/_/api/1.0/invitation_request.json
https://hackerone.com/reports/77802 |  TCP Source Port Pass Firewall
https://hackerone.com/reports/78052 |  xss in group
https://hackerone.com/reports/78158 |  Wrong Handling of Content-Type allows Flash injection and Rosseta flash patch bypass
https://hackerone.com/reports/78219 |  ĞŸĞ¾ĞºÑƒĞ¿ĞºĞ° Ğ¿ĞµÑĞ½Ğ¸ Ğ´ĞµÑˆĞµĞ²Ğ»Ğµ, Ñ‡ĞµĞ¼ Ğ¾Ğ½Ğ° ÑÑ‚Ğ¾Ğ¸Ñ‚.
https://hackerone.com/reports/78253 |  ĞŸĞ¾ĞºÑƒĞ¿ĞºĞ°=>ÑĞºĞ°Ñ‡ĞºĞ° Ğ¿ĞµÑĞµĞ½, ĞºĞ¾Ñ‚Ğ¾Ñ€Ñ‹Ğµ Ğ½Ğµ Ğ¿Ñ€ĞµĞ´Ğ½Ğ°Ğ·Ğ½Ğ°Ñ‡ĞµĞ½Ñ‹ Ğ´Ğ»Ñ Ğ¿Ñ€Ğ¾Ğ´Ğ°Ğ¶Ğ¸
https://hackerone.com/reports/78412 |  Cross site scripting
https://hackerone.com/reports/78436 |  (URGENT!) ĞŸĞ¾ĞºÑƒĞ¿ĞºĞ° OK Ğ´ĞµÑˆĞµĞ²Ğ»Ğµ, Ñ‡ĞµĞ¼ Ğ¾Ğ½ ÑÑ‚Ğ¾Ğ¸Ñ‚
https://hackerone.com/reports/78443 |  Time-Based Blind SQL Injection Attacks
https://hackerone.com/reports/78516 |  Ğ”Ğ¾ÑÑ‚ÑƒĞ¿ Ğº Ñ‡ÑƒĞ¶Ğ¸Ğ¼ Ğ¿Ñ€Ğ¸Ğ²Ğ°Ñ‚Ğ½Ñ‹Ğ¼ Ñ„Ğ¾Ñ‚Ğ¾Ğ³Ñ€Ğ°Ñ„Ğ¸ÑĞ¼ (3) Ñ‡ĞµÑ€ĞµĞ· Ğ¾Ğ±Ğ»Ğ¾Ğ¶ĞºÑƒ Ğ²Ğ¸Ğ´ĞµĞ¾
https://hackerone.com/reports/78765 |  information disclosure
https://hackerone.com/reports/79046 |  Ğ”Ğ¾ÑÑ‚ÑƒĞ¿ Ğº Ñ‡ÑƒĞ¶Ğ¸Ğ¼ Ğ³Ñ€ÑƒĞ¿Ğ¿Ğ¾Ğ²Ñ‹Ğ¼ Ğ±ĞµÑĞµĞ´Ğ°Ğ¼.
https://hackerone.com/reports/79185 |  Content spoofing through Referel header
https://hackerone.com/reports/79348 |  OSX slack:// protocol handler javascript injection
https://hackerone.com/reports/79393 |  ĞÑ‚ĞºÑ€Ñ‹Ñ‚Ñ‹Ğ¹ Ğ´Ğ¾ÑÑ‚ÑƒĞ¿ Ğº ĞºĞ¾Ñ€Ğ¿Ğ¾Ñ€Ğ°Ñ‚Ğ¸Ğ²Ğ½Ñ‹Ğ¼ Ğ´Ğ°Ğ½Ğ½Ñ‹Ğ¼.
https://hackerone.com/reports/79552 |  [gratipay.com] CRLF Injection
https://hackerone.com/reports/80298 |  Ğ’Ğ½ĞµĞ´Ñ€ĞµĞ½Ğ¸Ğµ Ğ¿Ñ€Ğ¾Ğ¸Ğ·Ğ²Ğ¾Ğ»ÑŒĞ½Ğ¾Ğ³Ğ¾ javascript-ÑÑ†ĞµĞ½Ğ°Ñ€Ğ¸Ñ Ğ² Ñ„ÑƒĞ½ĞºÑ†Ğ¸Ğ¾Ğ½Ğ°Ğ»Ğµ Ğ¿Ñ€Ğ¾ÑĞ¼Ğ¾Ñ‚Ñ€Ğ° Ğ¸Ğ·Ğ¾Ğ±Ñ€Ğ°Ğ¶ĞµĞ½Ğ¸Ğ¹ Ğ¼Ğ¾Ğ±Ğ¸Ğ»ÑŒĞ½Ğ¾Ğ¹ Ğ²ĞµÑ€ÑĞ¸Ğ¸ ÑĞ°Ğ¹Ñ‚Ğ°
https://hackerone.com/reports/80597 |  Number of invited researchers disclosed as part of JSON search response
https://hackerone.com/reports/80936 |  Private Program and bounty details disclosed as part of JSON search response
https://hackerone.com/reports/80990 |  JetBrains .idea project directory
https://hackerone.com/reports/81083 |  Internal bounty and swag details disclosed as part of JSON response
https://hackerone.com/reports/81441 |  XSS https://delivery.shopifyapps.com/  (Digital Downloads App  in myshopify.com)
https://hackerone.com/reports/81701 |  Possible SQL injection on "Jump to twitter"
https://hackerone.com/reports/81736 |  XSS in WordPress 
https://hackerone.com/reports/81757 |  Reflected XSS in chat.
https://hackerone.com/reports/82725 |  Stored XSS in comments
https://hackerone.com/reports/84287 |  DKIM records not present, Email Hijacking is possible
https://hackerone.com/reports/84601 |  XSS and cache poisoning via upload.twitter.com on ton.twitter.com
https://hackerone.com/reports/84709 |  [API ISSUE] agents can Create agents even after they are disabled ! 
https://hackerone.com/reports/84740 |  Stored XSS On Statement
https://hackerone.com/reports/85201 |  Full Path Disclosure 
https://hackerone.com/reports/85291 |  XSS https://www.shopify.com/signup
https://hackerone.com/reports/85488 |  Stored XSS on player.vimeo.com
https://hackerone.com/reports/85615 |  Reflected XSS on vimeo.com/musicstore
https://hackerone.com/reports/85624 |  Highly wormable clickjacking in player card
https://hackerone.com/reports/85720 |  IDOR on remoing Share
https://hackerone.com/reports/86022 |  Multiple so called  'type juggling' attacks. Most notably PhabricatorUser::validateCSRFToken() is 'bypassable' in certain cases.
https://hackerone.com/reports/86468 |  [https://www.anghami.com/updatemailinfo/] Sql Injection
https://hackerone.com/reports/86504 |  [CRITICAL] Login To Any Account Linked With Google+ With Email Only
https://hackerone.com/reports/87027 |  [keybase.io] Open Redirect
https://hackerone.com/reports/87040 |  XSS on OAuth authorize/authenticate endpoint
https://hackerone.com/reports/87168 |  www.shopify.com XSS on blog pages via sharing buttons
https://hackerone.com/reports/87505 |  Full Path Disclosure 
https://hackerone.com/reports/87531 |  Mail spaming
https://hackerone.com/reports/87577 |  Stored XSS on vimeo.com and player.vimeo.com
https://hackerone.com/reports/87586 |  ĞĞµĞ±ĞµĞ·Ğ¾Ğ¿Ğ°ÑĞ½Ğ°Ñ ÑÑ…ĞµĞ¼Ğ° Ğ²Ñ‹Ğ´Ğ°Ñ‡Ğ¸ Ğ½Ğ¾Ğ¼ĞµÑ€Ğ° ĞºĞ°Ñ€Ñ‚Ñ‹ QVC (Ğ²Ğ¾Ğ·Ğ¼Ğ¾Ğ¶Ğ½Ğ¾, Ñ‚Ğ°ĞºĞ¶Ğµ QVV Ğ¸ QVP)
https://hackerone.com/reports/87588 |  XSS Vulnerability
https://hackerone.com/reports/87854 |  XSS on vimeo.com/home after other user follows you
https://hackerone.com/reports/88105 |  XSS on vimeo.com | "Search within these results" feature (requires user interaction)
https://hackerone.com/reports/88395 |  Information leakage through Graphviz blocks
https://hackerone.com/reports/88508 |  XSS when using captions/subtitles on video player based on Flash (requires user interaction)
https://hackerone.com/reports/88719 |  Multiple DOMXSS on Amplify Web Player
https://hackerone.com/reports/88881 |  XSS: https://light.mail.ru/compose, https://m.mail.ru/compose/[id]/reply Ğ¿Ñ€Ğ¸ Ğ¾Ñ‚Ğ²ĞµÑ‚Ğµ Ğ½Ğ° ÑĞ¿ĞµÑ†Ğ¸Ğ°Ğ»ÑŒĞ½Ñ‹Ğ¼ Ğ¾Ğ±Ñ€Ğ°Ğ·Ğ¾Ğ¼ ÑÑ„Ğ¾Ñ€Ğ¼Ğ¸Ñ€Ğ¾Ğ²Ğ°Ğ½Ğ½Ğ¾Ğµ Ğ¿Ğ¸ÑÑŒĞ¼Ğ¾
https://hackerone.com/reports/89505 |  Self-XSS in posts by formatting text as code
https://hackerone.com/reports/89624 |  Cross-site Scripting https://www.zendesk.com/product/pricing/
https://hackerone.com/reports/90131 |  CSV Excel Macro Injection Vulnerability in export customer tickets
https://hackerone.com/reports/90172 |  Tweetdeck (twitter owned app) not revoked
https://hackerone.com/reports/90274 |  CSV Excel Macro Injection Vulnerability in export chat logs
https://hackerone.com/reports/90308 |  User email enumuration using Gmail
https://hackerone.com/reports/90688 |  create staff member without owner access
https://hackerone.com/reports/90690 |  change Login Services settings without owner access
https://hackerone.com/reports/90753 |  Content Spoofing 
https://hackerone.com/reports/91343 |  Information disclosure (No rate limting in forgot password & other login)
https://hackerone.com/reports/91421 |  Reflected Flash XSS using swfupload.swf with an epileptic reloading to bypass the button-event
https://hackerone.com/reports/91599 |  WooCommerce: Support Ticket indirect object reference
https://hackerone.com/reports/91816 |  Server Side Request Forgery In Video to GIF Functionality
https://hackerone.com/reports/92251 |  Issue with Password reset functionality
https://hackerone.com/reports/92353 |  CSV Injection in polldaddy.com
https://hackerone.com/reports/92472 |  Tokens from services like Facebook can be stolen
https://hackerone.com/reports/92740 |  SPF records not found
https://hackerone.com/reports/93004 |  unauthorized access to all collections name
https://hackerone.com/reports/93020 |  Ğ¡Ğ¿Ğ¾ÑĞ¾Ğ± ÑƒĞ·Ğ½Ğ°Ñ‚ÑŒ Ğ¸Ğ¼Ñ Ñ‡ĞµĞ»Ğ¾Ğ²ĞµĞºĞ° Ğ¸ Ğ’Ğ£Ğ— ÑƒĞ´Ğ°Ğ»ĞµĞ½Ğ½Ğ¾Ğ¹ ÑÑ‚Ñ€Ğ°Ğ½Ğ¸Ñ†Ñ‹
https://hackerone.com/reports/93394 |  Unauthenticated access to details of hidden products in any shop via title emuneration
https://hackerone.com/reports/93691 |  Arbitrary write on s3://shopify-delivery-app-storage/files
https://hackerone.com/reports/93901 |  Bypassing password requirement during deletion of accout
https://hackerone.com/reports/93921 |  Unauthorized access to all collections, products, pages from other stores
https://hackerone.com/reports/94087 |  Arbitrary read on s3://shopify-delivery-app-storage/files
https://hackerone.com/reports/94230 |  Cross-site Scripting in all Zopim
https://hackerone.com/reports/94584 |  Sql-inj in https://maximum.com/ajax/people
https://hackerone.com/reports/94610 |  Version Disclosure (NginX)
https://hackerone.com/reports/94637 |  Host Header Injection/Redirection
https://hackerone.com/reports/94642 |  SMS Invite Form Abuse
https://hackerone.com/reports/94899 |  Paid account can review\download any invoice of any other shop
https://hackerone.com/reports/94909 |  XSS risk reduction with X-XSS-Protection: 1; mode=block header
https://hackerone.com/reports/95089 |  Reflected XSS in cart at hardware.shopify.com
https://hackerone.com/reports/95231 |  XSS in the "Poll" Feature on Twitter.com
https://hackerone.com/reports/95243 |  Following a User Actually Follows Another User
https://hackerone.com/reports/95552 |  IDOR- Activate Mopub on different organizations- steal api token- Fabric.io
https://hackerone.com/reports/95555 |  CSRF on cards API
https://hackerone.com/reports/95564 |  Persistent XSS in image title
https://hackerone.com/reports/95589 |  Privilege escalation and circumvention of permission to limited access user
https://hackerone.com/reports/95981 |  Http Response Splitting - Validate link
https://hackerone.com/reports/96229 |  XSS on player.vimeo.com without user interaction and vimeo.com with user interaction
https://hackerone.com/reports/96337 |  Stored XSS in Slack (weird, trial and error)
https://hackerone.com/reports/96470 |  Missing of csrf protection 
https://hackerone.com/reports/96636 |  Password Reset - query param overrides postdata
https://hackerone.com/reports/96662 |  crossdomain.xml too permissive on eu1.badoo.com, us1.badoo.com, etc.
https://hackerone.com/reports/96847 |  Un-handled exception leads to Information Disclosure
https://hackerone.com/reports/96855 |  Staff members with no permission to  access domains can access them.
https://hackerone.com/reports/96890 |  A 'Full access' administrator is able to see the shop owners user details
https://hackerone.com/reports/96908 |  An administrator without the 'Settings' permission is able to see payment gateways
https://hackerone.com/reports/97161 |  Can see private tweets via keyword searches on tweetdeck
https://hackerone.com/reports/97191 |  Send AJAX request to external domain
https://hackerone.com/reports/97292 |  HTTP header injection in info.hackerone.com allows setting cookies for hackerone.com
https://hackerone.com/reports/97295 |  Multiple critical vulnerabilities in Odnoklassniki Android application
https://hackerone.com/reports/97452 |  Staff members with no permission can access to the files, uploaded by the administrator
https://hackerone.com/reports/97501 |  SVG parser loads external resources on image upload
https://hackerone.com/reports/97510 |  Following a User After Favoriting Actually Follows Another User (related to #95243)
https://hackerone.com/reports/97535 |  List of devices is accessible regardless of the account limitations
https://hackerone.com/reports/97657 |  File upload XSS (Java applet) on http://slackatwork.com/
https://hackerone.com/reports/97672 |  File Upload XSS in image uploading of App in mopub
https://hackerone.com/reports/97683 |  Reflected Self-XSS in Slack
https://hackerone.com/reports/97938 |  XSS m.imgur.com
https://hackerone.com/reports/97948 |  Cross-domain AJAX request
https://hackerone.com/reports/98012 |  Stored XSS on https://www.algolia.com/realtime-search-demo/*
https://hackerone.com/reports/98247 |  login to any user's cashier account and full account information disclosure
https://hackerone.com/reports/98259 |  'Limited' RCE in certain places where Liquid is accepted
https://hackerone.com/reports/98281 |  XSS Reflected in test.qiwi.ru
https://hackerone.com/reports/98432 |  Urgent : Disclosure of all the apps with hash ID in mopub through API request (Authentication bypass) 
https://hackerone.com/reports/98469 |  Email Verification Link can be Used as Password Reset Link!
https://hackerone.com/reports/98499 |  Apps can access 'channels' beta api
https://hackerone.com/reports/99157 |  RC4 cipher suites detected on status.slack.com
https://hackerone.com/reports/99245 |  XSS in L.mapbox.shareControl in mapbox.js
https://hackerone.com/reports/99321 |   [CSRF] Activate PayPal Express Checkout
https://hackerone.com/reports/99368 |  an xss issue
https://hackerone.com/reports/99374 |  deleted staff member can add his amazon marketplace web services account to the store.
https://hackerone.com/reports/99424 |  Mass Assignment Vulnerability in partners.uber.com
https://hackerone.com/reports/99435 |  Open redirect helps to steal Facebook access_token
https://hackerone.com/reports/99594 |  Reflected XSS on www.boozt.com
https://hackerone.com/reports/99600 |  Urgent : Unauthorised Access to Media content of all Direct messages and protected tweets(Indirect object reference)
https://hackerone.com/reports/99647 |  CSRF  Add Album On  onpatient.com 
https://hackerone.com/reports/99708 |  Limited CSRF bypass.
https://hackerone.com/reports/99857 |  Request Accepts without X-CSRFToken  [ Header - Cookie ]
https://hackerone.com/reports/99969 |  User with limited access to Index configuration can rename the Index
https://hackerone.com/reports/100509 |  Pre-generation of 2FA secret/backup codes seems like an unnecessary risk
https://hackerone.com/reports/100820 |  Add tweet to collection CSRF 
https://hackerone.com/reports/100849 |  URGENT : NICHE.co Account Take Over Vulnerability
https://hackerone.com/reports/100931 |  xss in link items (mopub.com)
https://hackerone.com/reports/100938 |  An administrator without any permission is able to get order notifications using his APNS Token.
https://hackerone.com/reports/101063 |  Drivers can change profile picture
https://hackerone.com/reports/101104 |  Subdomain Expired
https://hackerone.com/reports/101145 |  Remove anyone's pic gravtar
https://hackerone.com/reports/101324 |  RC4 cipher suites detected
https://hackerone.com/reports/101330 |  SSL certificate invalid date
https://hackerone.com/reports/101331 |  RC4 cipher suites detected
https://hackerone.com/reports/101450 |  XSS in creating tweets
https://hackerone.com/reports/101909 |  account.ubnt.com CSRF
https://hackerone.com/reports/101962 |  Open redirect using theme install
https://hackerone.com/reports/102194 |  [CRITICAL] CSRF leading to account take over
https://hackerone.com/reports/102234 |  Same-Origin Policy bypass on main domain - ok.ru
https://hackerone.com/reports/102236 |  Same-Origin Policy Bypass #2 
https://hackerone.com/reports/102327 |  content injection
https://hackerone.com/reports/102376 |  ĞĞ±Ñ…Ğ¾Ğ´ Ğ·Ğ°Ñ‰Ğ¸Ñ‚Ñ‹ Ğ¾Ñ‚ csrf-Ğ¾Ğº Ğ² m.ok.ru
https://hackerone.com/reports/102755 |  Stored XSS in name selection
https://hackerone.com/reports/103351 |  [CSRF] Install premium themes 
https://hackerone.com/reports/103772 |  Open Redirect at *.myshopify.com/account/login?checkout_url=
https://hackerone.com/reports/103787 |  CSRF possible when SOP Bypass/UXSS is available 
https://hackerone.com/reports/103990 |  Null pointer dereference in phar_get_fp_offset()
https://hackerone.com/reports/103991 |  mod_lua: Crash in websockets PING handling
https://hackerone.com/reports/103992 |  Integer overflow in _Unpickler_Read
https://hackerone.com/reports/103993 |  Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier
https://hackerone.com/reports/103994 |  Python 3.3 - 3.5 product_setstate() Out-of-bounds Read
https://hackerone.com/reports/103995 |  Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
https://hackerone.com/reports/103996 |  Use After Free Vulnerability in unserialize() with SplObjectStorage
https://hackerone.com/reports/103997 |  Use After Free Vulnerability in unserialize()
https://hackerone.com/reports/103998 |  Use After Free Vulnerability in session deserializer
https://hackerone.com/reports/103999 |  Use after free vulnerability in unserialize() with GMP
https://hackerone.com/reports/104000 |  Python xmlparse_setattro() Type Confusion
https://hackerone.com/reports/104001 |  time_strftime() Buffer Over-read
https://hackerone.com/reports/104002 |  Python scan_eol() Buffer Over-read
https://hackerone.com/reports/104003 |  Python deque.index() uninitialized memory
https://hackerone.com/reports/104004 |  Mem out-of-bounds write (segfault) in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER
https://hackerone.com/reports/104005 |  null pointer deref (segfault) in zend_eval_const_expr
https://hackerone.com/reports/104006 |  Null pointer deref (segfault) in spl_autoload via ob_start
https://hackerone.com/reports/104007 |  Buffer over-read in exif_read_data with TIFF IFD tag
https://hackerone.com/reports/104008 |  Uninitialized pointer in phar_make_dirstream
https://hackerone.com/reports/104009 |  zend_throw_or_error() format string vulnerability
https://hackerone.com/reports/104010 |  SOAP serialize_function_call() type confusion / RCE
https://hackerone.com/reports/104011 |  AddressSanitizer reports a global buffer overflow in mkgmtime() function
https://hackerone.com/reports/104012 |  Integer overflow in unserialize() (32-bits only)
https://hackerone.com/reports/104013 |  heap buffer overflow in enchant_broker_request_dict()
https://hackerone.com/reports/104014 |  libcurl duphandle read out of bounds
https://hackerone.com/reports/104015 |  curl_setopt_array() type confusion
https://hackerone.com/reports/104016 |  Dangling pointer in the unserialization of ArrayObject items
https://hackerone.com/reports/104017 |  Arbitrary code execution in str_ireplace function
https://hackerone.com/reports/104018 |  Multiple Use After Free Vulnerabilites in unserialize()
https://hackerone.com/reports/104019 |  Files extracted from archive may be placed outside of destination directory
https://hackerone.com/reports/104020 |  audioop.lin2adpcm Buffer Over-read
https://hackerone.com/reports/104021 |  audioop.adpcm2lin Buffer Over-read
https://hackerone.com/reports/104022 |  hotshot pack_string Heap Buffer Overflow
https://hackerone.com/reports/104023 |  bytearray.find Buffer Over-read
https://hackerone.com/reports/104024 |  array.fromstring Use After Free
https://hackerone.com/reports/104025 |  use after free in load_newobj_ex
https://hackerone.com/reports/104026 |  invalid pointer free() in phar_tar_process_metadata()
https://hackerone.com/reports/104027 |  Memory Corruption in phar_parse_tarfile when entry filename starts with null
https://hackerone.com/reports/104028 |  Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)
https://hackerone.com/reports/104032 |  PyFloat_FromString & PyNumber_Long Buffer Over-reads
https://hackerone.com/reports/104033 |  tokenizer crash when processing undecodable source code
https://hackerone.com/reports/104087 |  Trick make all fixed open redirect links vulnerable again
https://hackerone.com/reports/104359 |  shopifyapps.com XSS on sales channels via currency formatting
https://hackerone.com/reports/104465 |  git-fastclone allows arbitrary command execution through usage of ext remote URLs in submodules
https://hackerone.com/reports/104543 |  HTML injection in apps user review 
https://hackerone.com/reports/104559 |  XSS on codex.wordpress.org
https://hackerone.com/reports/104917 |  Cross-Site Scripting Reflected On Main Domain
https://hackerone.com/reports/104931 |  CSRF in Connecting Pinterest Account
https://hackerone.com/reports/105190 |  Unsafe usage of Ruby string interpolation enabling command injection in git-fastclone
https://hackerone.com/reports/105419 |  Cookie-Based Injection
https://hackerone.com/reports/105463 |  risk of having secure=false in a crossdomain.xml
https://hackerone.com/reports/105659 |  many xss in widgets.shopifyapps.com
https://hackerone.com/reports/105688 |  DOM Based XSS in Checkout
https://hackerone.com/reports/105887 |  Know whether private program for company exist or not
https://hackerone.com/reports/105953 |  Parameter pollution in social sharing buttons
https://hackerone.com/reports/105977 |  DLL Hijacking Vulnerability in GlassWireSetup.exe
https://hackerone.com/reports/105991 |  "Remember me" token generated when "Remember me" box unchecked
https://hackerone.com/reports/106084 |  Team Memberâ–ˆâ–ˆâ–ˆ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports 
https://hackerone.com/reports/106293 |  Reflective XSS on wholesale.shopify.com
https://hackerone.com/reports/106305 |  Improve signals in reputation
https://hackerone.com/reports/106348 |  text injection can be used in phishing 404 page should not include attacker text
https://hackerone.com/reports/106350 |  text injection can be used in phishing 404 page should not include attacker text
https://hackerone.com/reports/106384 |  Application error message
https://hackerone.com/reports/106427 |  HTTP-Response-Splitting on v.shopify.com
https://hackerone.com/reports/106548 |  Format string vulnerability in zend_throw_or_error()
https://hackerone.com/reports/106636 |  Strored Cross Site Scripting
https://hackerone.com/reports/106779 |  Stored XSS in comments
https://hackerone.com/reports/106897 |  Stored XSS in /admin/orders 
https://hackerone.com/reports/106982 |  XSS in imgur mobile
https://hackerone.com/reports/107036 |  XSS in imgur mobile 3
https://hackerone.com/reports/107213 |  GlassWireSetup.exe subject to EXE planting attack
https://hackerone.com/reports/107296 |  Possible Timing Side-Channel in XMLRPC Verification
https://hackerone.com/reports/107336 |  Team Member(s) associated with a  Group have Read-only permission (Post internal comments) can post comment to all the participants 
https://hackerone.com/reports/107358 |  reflected in xss
https://hackerone.com/reports/107780 |  [cfire.mail.ru] Time Based SQL Injection
https://hackerone.com/reports/107960 |  Reflected File Download in community.ubnt.com/restapi/
https://hackerone.com/reports/108082 |  Exploiting unauthenticated encryption mode
https://hackerone.com/reports/108113 |  Bypassing callback_url validation on Digits
https://hackerone.com/reports/108681 |  Use After Free Vulnerability in WDDX Packet Deserialization
https://hackerone.com/reports/108682 |  Type Confusion Vulnerability in PHP_to_XMLRPC_worker()
https://hackerone.com/reports/108683 |  Session WDDX Packet Deserialization Type Confusion Vulnerability
https://hackerone.com/reports/109054 |  HTTP trace method is enabled
https://hackerone.com/reports/109161 |  protect against tabnabbing in statement
https://hackerone.com/reports/109175 |  Use After Free in sortWithSortKeys()
https://hackerone.com/reports/109212 |  [parapa.mail.ru] SQL Injection
https://hackerone.com/reports/109483 |  User with Read-Only permissions can request/approve public disclosure
https://hackerone.com/reports/109699 |  Subdomain Takeover in http://assets.goubiquiti.com/
https://hackerone.com/reports/109815 |  Direct URL access to completed reports
https://hackerone.com/reports/109843 |  Uninitialized pointer in phar_make_dirstream()
https://hackerone.com/reports/109959 |  Extended policy checks are buggy
https://hackerone.com/reports/110293 |  Insufficient OAuth callback validation which leads to Periscope account takeover
https://hackerone.com/reports/110352 |  Perl 5.22 VDir::MapPathA/W Out-of-bounds Reads and Buffer Over-reads
https://hackerone.com/reports/110417 |  Heap corruption in tar/zip/phar parser
https://hackerone.com/reports/110467 |  Bypassing Digits bridge origin validation
https://hackerone.com/reports/110578 |  HTML injection can lead to data theft
https://hackerone.com/reports/110655 |  Information Exposure Through Directory Listing
https://hackerone.com/reports/110720 |  Arbitary Memory Read via gdImageRotateInterpolated Array Index Out of Bounds
https://hackerone.com/reports/110722 |  Heap BufferOver Flow in escapeshellargs and escapeshellcmd functions
https://hackerone.com/reports/110801 |  Internal GET SSRF via CSRF with Press This scan feature
https://hackerone.com/reports/111078 |  Sub Domain Take over
https://hackerone.com/reports/111094 |  Content Spoofing OR Text Injection in https://withinsecurity.com
https://hackerone.com/reports/111192 |  CSV Injection via the CSV export feature
https://hackerone.com/reports/111216 |  Twitter Disconnect CSRF
https://hackerone.com/reports/111218 |  Attach Pinterest account - no State/CSRF parameter in Oauth Call back
https://hackerone.com/reports/111365 |  XSS at www.woothemes.com
https://hackerone.com/reports/111386 |  Legacy API exposes private video titles
https://hackerone.com/reports/111417 |  Checking whether user liked the media or not even when you are blocked 
https://hackerone.com/reports/111500 |  XSS at wordpress.com
https://hackerone.com/reports/111752 |  Big Bug in SSL : breach compression attack (CVE-2013-3587) affect imgur.com
https://hackerone.com/reports/111860 |  Error Page Text Injection #106350
https://hackerone.com/reports/111915 |  [CRITICAL] HTML injection issue leading to account take over
https://hackerone.com/reports/111950 |  [allods.my.com] SSRF / XSPA
https://hackerone.com/reports/111968 |  Interstitial redirect bypass / open redirect in https://hackerone.com/zendesk_session
https://hackerone.com/reports/112057 |  Heapoverflow in zipimporter module
https://hackerone.com/reports/112386 |  smartlist_add, smartlist_insert (may) cause heap corruption as a result of inadequate checks in smartlist_ensure_capacity
https://hackerone.com/reports/112496 |  Session Issue Maybe Can lead to huge loss [CRITICAL]
https://hackerone.com/reports/112555 |  [afisha.mail.ru] SQL Injection
https://hackerone.com/reports/112632 |  [tor] libevent dns remote stack overread vulnerability
https://hackerone.com/reports/112723 |  PHP-FPM fpm_log.c memory leak and buffer overflow
https://hackerone.com/reports/112784 |  libevent (stack) buffer overflow in evutil_parse_sockaddr_port
https://hackerone.com/reports/112855 |  EIP control using type confusion in json encoding
https://hackerone.com/reports/112858 |  UAF in xmlparser_setevents (1)
https://hackerone.com/reports/112860 |  UAF  in xmlparser_setevents (2)
https://hackerone.com/reports/112863 |  Trivial age-old heap overflow in 32-bit PHP
https://hackerone.com/reports/112935 |  Unintended HTML inclusion as a result of https://hackerone.com/reports/110578
https://hackerone.com/reports/112955 |  WordPress Failure Notice page will generate arbitrary hyperlinks
https://hackerone.com/reports/113070 |  Multiple issues with Markdown and URL parsing
https://hackerone.com/reports/113112 |  Open-redirect on paragonie.com
https://hackerone.com/reports/113120 |  An integer overflow bug in php_implode() could lead heap overflow, make PHP to crash
https://hackerone.com/reports/113122 |  An integer overflow bug in php_str_to_str_ex() led arbitrary code execution.
https://hackerone.com/reports/113268 |  Integer overflow in wordwrap
https://hackerone.com/reports/113288 |  OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701) 
https://hackerone.com/reports/113424 |  [tor] control connection pre-auth DoS (infinite loop) with --enable-bufferevents
https://hackerone.com/reports/113798 |  Null pointer deref with ob_start with compact
https://hackerone.com/reports/113799 |  Null pointer deref with ob_start with get_defined_vars
https://hackerone.com/reports/114024 |  Stack overflow when decompressing tar archives
https://hackerone.com/reports/114078 |  Use-after-free vulnerability in SPL(ArrayObject, unserialize)
https://hackerone.com/reports/114079 |  Use-after-free vulnerability in SPL(SplObjectStorage, unserialize)
https://hackerone.com/reports/114125 |  Remote Server Restart Lead to Denial of Server by only one Request.
https://hackerone.com/reports/114169 |  Bypassing Digits web authentication's host validation with HPP
https://hackerone.com/reports/114172 |  	Out-of-Bound Read in phar_parse_zipfile()
https://hackerone.com/reports/114339 |  Type Confusion in WDDX Packet Deserialization
https://hackerone.com/reports/114414 |  openssl_seal() uninitialized memory usage
https://hackerone.com/reports/114430 |  CSRF on https://shopify.com/plus
https://hackerone.com/reports/114476 |  Ğ’Ğ½ĞµĞ´Ñ€ĞµĞ½Ğ¸Ğµ Ğ²Ğ½ĞµÑˆĞ½Ğ¸Ñ… ÑÑƒÑ‰Ğ½Ğ¾ÑÑ‚ĞµĞ¹ Ğ² Ñ„ÑƒĞ½ĞºÑ†Ğ¸Ğ¾Ğ½Ğ°Ğ»Ğµ Ğ¸Ğ¼Ğ¿Ğ¾Ñ€Ñ‚Ğ° Ğ¿Ğ¾Ğ»ÑŒĞ·Ğ¾Ğ²Ğ°Ñ‚ĞµĞ»ĞµĞ¹ YouTrack
https://hackerone.com/reports/114529 |  Content Spoofing and Local Redirect in Mapbox Studio
https://hackerone.com/reports/114698 |  Remote Server Restart Lead to Denial of Service by only one Request.
https://hackerone.com/reports/115007 |  Race conditions can be used to bypass invitation limit
https://hackerone.com/reports/115205 |  Putting link inside link in markdown
https://hackerone.com/reports/115230 |  Content spoofing due to the improper behavior  of the not-found meesage
https://hackerone.com/reports/115275 |  SPF DNS Record 
https://hackerone.com/reports/115284 |  prevent content spoofing on /search
https://hackerone.com/reports/115291 |  [orsotenslimselfie.lady.mail.ru] SQL Injection
https://hackerone.com/reports/115337 |  Full Path Disclosure
https://hackerone.com/reports/115686 |  [tor] pre-emptive defenses, potential vulnerabilities
https://hackerone.com/reports/115702 |  [tor] libevent dns OOB read
https://hackerone.com/reports/115748 |  SSRF in https://imgur.com/vidgif/url
https://hackerone.com/reports/115857 |  SSRF and local file read in video to gif converter
https://hackerone.com/reports/115978 |  SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg
https://hackerone.com/reports/116006 |  XSS on hardware.shopify.com
https://hackerone.com/reports/116029 |  Private program activity timeline information disclosure
https://hackerone.com/reports/116032 |  Private Program Disclosure in /:handle/reports/draft.json endpoint
https://hackerone.com/reports/116286 |  Type confusion in partial.setstate, partial_repr, partial_call leads to memory corruption, reliable control flow hijack
https://hackerone.com/reports/116360 |  The POODLE attack (SSLv3 supported) for https://grtp.co/
https://hackerone.com/reports/116372 |  Use-After-Free / Double-Free in WDDX Deserialize
https://hackerone.com/reports/116419 |  an xss issue in https://hunter22.slack.com/help/requests/793043
https://hackerone.com/reports/116508 |  [3k.mail.ru] SQL Injection
https://hackerone.com/reports/116570 |  VERY DANGEROUS XSS STORED inside emails 
https://hackerone.com/reports/116764 |  vk.com/login.php 
https://hackerone.com/reports/116773 |  Type Confusion Vulnerability - SOAP / make_http_soap_request()
https://hackerone.com/reports/116798 |  Private Program Disclosure in /:handle/settings/allow_report_submission.json endpoint
https://hackerone.com/reports/116937 |  Chat History CSV Export Excel Injection Vulnerability
https://hackerone.com/reports/116951 |  Increase number of bugs by sending duplicate of your own valid report
https://hackerone.com/reports/116973 |  No Valid SPF Records.
https://hackerone.com/reports/117068 |  XSS @ love.uber.com
https://hackerone.com/reports/117080 |  Multiple Vulnerabilities (Including SQLi) in love.uber.com
https://hackerone.com/reports/117097 |  Email Forgery through Mandrillapp SPF
https://hackerone.com/reports/117142 |  limit HTTP methods on other domains
https://hackerone.com/reports/117149 |  SPF/DKIM/DMARC for grtp.co
https://hackerone.com/reports/117159 |  SPF/DKIM/DMARC for aspen.io
https://hackerone.com/reports/117187 |  Prevent content spoofing on /~username/emails/verify.html
https://hackerone.com/reports/117190 |  Reflected XSS on Uber.com careers
https://hackerone.com/reports/117325 |  DMARC is misconfigured for grtp.co
https://hackerone.com/reports/117330 |  stop serving grtp.co over HTTP
https://hackerone.com/reports/117449 |  XSS in Draft Orders in Timeline i SHOPIFY Admin Site!
https://hackerone.com/reports/117458 |  strengthen Diffie-Hellman (DH) key exchange parameters in grtp.co
https://hackerone.com/reports/117480 |  Stored XSS via Angular Expression injection on developer.zendesk.com
https://hackerone.com/reports/117651 |  Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes
https://hackerone.com/reports/117739 |  limit number of images in statement
https://hackerone.com/reports/117902 |  Ğ”Ğ¾Ñ€Ğº
https://hackerone.com/reports/118066 |  Content Spoofing in mango.qiwi.com
https://hackerone.com/reports/118582 |  CSV Injection at the CSV export feature
https://hackerone.com/reports/118631 |  XSSI (Cross Site Script Inclusion)
https://hackerone.com/reports/118688 |  File name and folder enumeration.
https://hackerone.com/reports/118718 |  User with Read-Only permissions can manually public disclosure the report 
https://hackerone.com/reports/118855 |  CVE-2016-0799 memory issues in BIO_*printf functions
https://hackerone.com/reports/118925 |  API Key added for one Indices works for all other indices too.
https://hackerone.com/reports/118965 |  Distinguish EP+Private vs Private programs in HackerOne
https://hackerone.com/reports/119022 |  Tweet Deck XSS- Persistent- Group DM name
https://hackerone.com/reports/119166 |  Able to view others' gifts on /gift/share URL, giftId is predictable, and easy to manipulate
https://hackerone.com/reports/119220 |  Sub-Domain Takeover
https://hackerone.com/reports/119221 |  User with Read-Only permissions can edit the Internal comment Activities on Bug Reports After Revoke the team access permissions
https://hackerone.com/reports/119236 |  Open Redirection on Uber.com
https://hackerone.com/reports/119250 |  xss in the all widgets of shopifyapps.com
https://hackerone.com/reports/119317 |  Read-Only user can execute arbitraty shell commands on AirOS
https://hackerone.com/reports/119471 |  DOMXSS in Tweetdeck
https://hackerone.com/reports/119652 |  Adobe Flash Player ASnative(101,10) Memory Corruption Vulnerability
https://hackerone.com/reports/119653 |  Adobe Flash Player ASnative(900,1).call(MovieClip) Use-After-Free Vulnerability
https://hackerone.com/reports/119655 |  Adobe Flash Player ASnative(900,1).call(TextField) Use-After-Free Vulnerability
https://hackerone.com/reports/119657 |  Adobe Flash Player Race Condition Vulnerability
https://hackerone.com/reports/119873 |  BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
https://hackerone.com/reports/120026 |  don't serve hidden files from Nginx
https://hackerone.com/reports/121461 |  Subdomain takeover due to unclaimed Amazon S3 bucket on a2.bime.io
https://hackerone.com/reports/121469 |  Broken Authentication on Badoo
https://hackerone.com/reports/121489 |  CRLF injection in https://verkkopalvelu.lahitapiola.fi/
https://hackerone.com/reports/121696 |  Bypass  two-factor authentication
https://hackerone.com/reports/121827 |  Account Takeover
https://hackerone.com/reports/121863 |  Buffer overflow in HTTP url parsing functions
https://hackerone.com/reports/121940 |  Shell Injection via Web Management Console (dl-fw.cgi)
https://hackerone.com/reports/122050 |  Mapbox API Access Token with No Scope Can Read Styles
https://hackerone.com/reports/122113 |  OpenSSH / dropbearSSHd xauth command injection
https://hackerone.com/reports/122254 |  Adobe Flash Player TextField Use-After-Free Vulnerability
https://hackerone.com/reports/122256 |  Adobe Flash Player  Uninitialised Memory Corruption
https://hackerone.com/reports/122849 |  Stored XSS in https://checkout.shopify.com/
https://hackerone.com/reports/123027 |  Edit Auto Response Messages
https://hackerone.com/reports/123119 |  Use after free with assign by ref to overloaded objects
https://hackerone.com/reports/123125 |  XSS on hardware.shopify.com
https://hackerone.com/reports/123339 |  CSRF allows attacker to delete item from customer's "Postilaatikko"
https://hackerone.com/reports/123615 |  SECURITY: Referencing  previous Reports attachment_IDs on new Reports via Draft_Sync DELETES Attachments
https://hackerone.com/reports/123742 |  suppress version in Server header on gratipay.com or grtp.co
https://hackerone.com/reports/123849 |  Cookie Does Not Contain The "secure" Attribute
https://hackerone.com/reports/123897 |  auto-logout after 20 minutes
https://hackerone.com/reports/124100 |  Shopify GitHub Login and Password exposed all private source code might be available.
https://hackerone.com/reports/124223 |  CSV Injection via the CSV export feature
https://hackerone.com/reports/124277 |  XSS via React element spoofing
https://hackerone.com/reports/124429 |  Stored XSS via "Free Shipping" option (Discounts)
https://hackerone.com/reports/124611 |  Disclosure of private programs that have an "external" page on HackerOne
https://hackerone.com/reports/124737 |  Multiple Heap Overflows in php_raw_url_encode/php_url_encode
https://hackerone.com/reports/124845 |  Bypassed password authentication before enabling OTP verification
https://hackerone.com/reports/124889 |  Websites opened from reports can change url of report page
https://hackerone.com/reports/124976 |  Hijacking user session by forcing the use of  invalid HTTPs Certificate on images.gratipay.com
https://hackerone.com/reports/125000 |  Open Redirect in m.uber.com
https://hackerone.com/reports/125027 |  Reflected XSS on developer.uber.com via Angular template injection
https://hackerone.com/reports/125112 |  XSS in getrush.uber.com 
https://hackerone.com/reports/125200 |  Lack of rate limiting on get.uber.com leads to enumeration of promotion codes and estimation of a lower bound on the number of Uber drivers
https://hackerone.com/reports/125250 |  Avoiding Surge Pricing
https://hackerone.com/reports/125498 |  Dom Based Xss
https://hackerone.com/reports/125505 |  Possibility to brute force invite codes in riders.uber.com
https://hackerone.com/reports/125587 |  Hogging up all the resources on hackerone.com
https://hackerone.com/reports/125791 |  Reflected XSS via Unvalidated / Open Redirect in uber.com
https://hackerone.com/reports/125849 |  XSS found on Snapchat website
https://hackerone.com/reports/125980 |  uber.com may RCE by Flask Jinja2 Template Injection
https://hackerone.com/reports/126010 |  prevent content spoofing on /~username/emails/verify.html
https://hackerone.com/reports/126099 |  Stored XSS in drive.uber.com WordPress admin panel
https://hackerone.com/reports/126109 |  CSV Injection in business.uber.com
https://hackerone.com/reports/126197 |  XSS In archive.uber.com Due to Mime Sniffing in IE
https://hackerone.com/reports/126203 |  CBC "cut and paste" attack may cause Open Redirect(even XSS)
https://hackerone.com/reports/126209 |  Posting modified information in 'Investment section' will cause unintended information change in verkkopalvelu.tapiola.fi
https://hackerone.com/reports/126416 |  Integer Overflow in php_raw_url_encode
https://hackerone.com/reports/126522 |  Incorrect param parsing in Digits web authentication
https://hackerone.com/reports/126539 |  XSS on https://app.shopify.com/
https://hackerone.com/reports/126652 |  potential remote code execution with phar archive 
https://hackerone.com/reports/126797 |  Use-after-free during XML transformations (MFSA-2016-27)
https://hackerone.com/reports/126906 |  Stored XSS in archive.uber.com Due to Injection of Javascript:alert(0)
https://hackerone.com/reports/127077 |  www.lahitapiola.fi DOM XSS by choosing regional company
https://hackerone.com/reports/127154 |  XSS using javascript:alert(8007)
https://hackerone.com/reports/127212 |  php_snmp_error() Format String Vulnerability
https://hackerone.com/reports/127242 |  Negative size parameter (-1) in memcpy mbfl_strcut 
https://hackerone.com/reports/127620 |  New hacktivity view discloses report IDs of non-public reports
https://hackerone.com/reports/127703 |  [CRITICAL] Full account takeover using CSRF
https://hackerone.com/reports/127844 |  Web Authentication Endpoint Credentials Brute-Force Vulnerability
https://hackerone.com/reports/127918 |  Easy spam with USE My PHONE Feature
https://hackerone.com/reports/127948 |  Stored XSS on newsroom.uber.com admin panel / Stream WordPress plugin
https://hackerone.com/reports/127995 |  Limit email address length
https://hackerone.com/reports/128088 |  AWS S3 bucket writeable for authenticated aws users
https://hackerone.com/reports/128114 |  Administrator access to a Django Administration Panel on *.sc-corp.net via bruteforced credentials
https://hackerone.com/reports/128121 |  fix bug in username restriction
https://hackerone.com/reports/128169 |  BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
https://hackerone.com/reports/128750 |  Read-Only user can execute arbitraty shell commands on AirOS
https://hackerone.com/reports/128777 |  No rate-limit in Two factor Authentication leads to bypass using bruteforce attack
https://hackerone.com/reports/128856 |  Send email asynchronously
https://hackerone.com/reports/129001 |  Cookie-based client-side denial-of-service to all of the LÃ¤hitapiola domains
https://hackerone.com/reports/129091 |  CPU utilization 99% on visiting wordpress site url & open redirect found
https://hackerone.com/reports/129381 |  niche s3 buckets are readable/writeable/deleteable by authorized AWS users
https://hackerone.com/reports/129436 |  xss in DM group name in twitter
https://hackerone.com/reports/129771 |  Python 2.7 strop.replace Integer Overflow
https://hackerone.com/reports/129773 |  Previous attachments can be referenced when creating a new report
https://hackerone.com/reports/129862 |  Stored XSS on [your_zendesk].zendesk.com in Facebook Channel
https://hackerone.com/reports/129873 |  Bypassing Digits origin validation which leads to account takeover
https://hackerone.com/reports/130889 |  Reflected XSS in scores.ubnt.com
https://hackerone.com/reports/131065 |  bring grtp.co up to A grade on SSLLabs
https://hackerone.com/reports/131082 |  Open Redirector via (apps/files_pdfviewer) for un-authenticated users.
https://hackerone.com/reports/131108 |  Akismet Several CSRF vulnerabilities
https://hackerone.com/reports/131202 |  [Critical] - Steal OAuth Tokens
https://hackerone.com/reports/131450 |  Stored XSS in developer.uber.com
https://hackerone.com/reports/132104 |  Stored XSS on team.slack.com using new Markdown editor of posts inside the Editing mode and using javascript-URIs
https://hackerone.com/reports/132602 |  Stored XSS at Udemy
https://hackerone.com/reports/133963 |  XSS on www.wordpress.com
https://hackerone.com/reports/134061 |  Reflected XSS via Livefyre Media Wall in newsroom.uber.com
https://hackerone.com/reports/134321 |  RCE on facebooksearch.algolia.com
https://hackerone.com/reports/134388 |  Content Spoofing or Text Injection (404 error page injection on yrityspalvelu)
https://hackerone.com/reports/134434 |  XSS In /zuora/ functionality
https://hackerone.com/reports/134546 |  WordPress Flash XSS in *flashmediaelement.swf*
https://hackerone.com/reports/134738 |  WordPress SOME bug in plupload.flash.swf leading to RCE
https://hackerone.com/reports/134757 |  staff memeber can install apps even if have limitied access 
https://hackerone.com/reports/134880 |  ASN.1 BIO excessive memory allocation (CVE-2016-2109)
https://hackerone.com/reports/135072 |  RCE in profile picture upload
https://hackerone.com/reports/135152 |  Integer overflow in ZipArchive::getFrom*
https://hackerone.com/reports/135217 |  Reflected cross-site scripting (XSS) on api.tiles.mapbox.com
https://hackerone.com/reports/135288 |  Multiple vulnerabilities in a WordPress plugin at drive.uber.com
https://hackerone.com/reports/135291 |  Out-of-bounds reads in zif_grapheme_stripos with negative offset
https://hackerone.com/reports/135293 |  bcpowmod accepts negative scale and corrupts _one_ definition
https://hackerone.com/reports/135294 |  xml_parse_into_struct segmentation fault
https://hackerone.com/reports/135756 |  View all deleted comments and rating of any app .
https://hackerone.com/reports/135797 |  Session Fixation
https://hackerone.com/reports/135944 |  EVP_EncodeUpdate overflow (CVE-2016-2105)
https://hackerone.com/reports/135945 |  EVP_EncryptUpdate overflow (CVE-2016-2106)
https://hackerone.com/reports/135946 |  EBCDIC overread (CVE-2016-2176)
https://hackerone.com/reports/136169 |  OneLogin authentication bypass on WordPress sites
https://hackerone.com/reports/136221 |  Denial of service in account statistics endpoint
https://hackerone.com/reports/136454 |  User credentials leak and arbitrary local file read/leak due to same-origin-policy violation
https://hackerone.com/reports/136481 |  CSRF on Vimeo via cross site flashing leading to info disclosure and private videos go public
https://hackerone.com/reports/136582 |  OAuth 2 Authorization Bypass via CSRF and Cross Site Flashing
https://hackerone.com/reports/136600 |  Reflected XSS in Backend search
https://hackerone.com/reports/136720 |  don't leak server version of grtp.co in error pages
https://hackerone.com/reports/136850 |  Images and Subtitles Leakage from private videos
https://hackerone.com/reports/136986 |  Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
https://hackerone.com/reports/137487 |  Amazon Bucket Accessible (http://inpref.s3.amazonaws.com/)
https://hackerone.com/reports/137502 |  All Vimeo Private videos disclosure via Authorization Bypass
https://hackerone.com/reports/137956 |  SQL Injection
https://hackerone.com/reports/138025 |  Heap corruption via memarea.c
https://hackerone.com/reports/138075 |  [stored xss, pornhub.com] stream post function
https://hackerone.com/reports/138179 |  Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
https://hackerone.com/reports/138181 |  Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
https://hackerone.com/reports/138243 |  [IDOR] Deleting other users comment
https://hackerone.com/reports/138244 |  Missing access control exposing detailed information on all users
https://hackerone.com/reports/138516 |  Adobe Flash Player ContentFactory class Memory Corruption Vulnerability
https://hackerone.com/reports/138517 |  Adobe Flash Player Metadata class Memory Corruption Vulnerability
https://hackerone.com/reports/138518 |  Adobe Flash Player OpportunityGenerator class Memory Corruption Vulnerability
https://hackerone.com/reports/138869 |  OneLogin authentication bypass on WordPress sites via XMLRPC
https://hackerone.com/reports/139004 |  Persistent XSS at verkkopalvelu.tapiola.fi using spoofed React element and React v.0.13.3
https://hackerone.com/reports/139192 |  Ability to collect users' ids that have visited a specific web page with malicious code 
https://hackerone.com/reports/139245 |  WordPress core stored XSS via attachment file name
https://hackerone.com/reports/139398 |  Read-Only user can execute arbitraty shell commands on AirOS
https://hackerone.com/reports/139626 |  Passphrase credential lock bypass
https://hackerone.com/reports/139879 |  Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability
https://hackerone.com/reports/140432 |  configure a redirect URI for Facebook OAuth
https://hackerone.com/reports/140447 |  Open Redirect on slack.com
https://hackerone.com/reports/140548 |  [upload-X.my.mail.ru] /uploadphoto Insecure Direct Object References
https://hackerone.com/reports/140616 |  www.starbucks.co.uk Reflected XSS via utm_source parameter
https://hackerone.com/reports/140705 |  [my.mail.ru] HTML injection Ğ² Ğ¿Ğ¸ÑÑŒĞ¼Ğ°Ñ… Ğ¾Ñ‚ myadmin@corp.mail.ru
https://hackerone.com/reports/140865 |  Integer Overflow in php_html_entities()
https://hackerone.com/reports/141065 |  Security Issue : CSRF Token Design Flaw
https://hackerone.com/reports/141125 |  Ngnix Server version disclosure
https://hackerone.com/reports/141174 |  node.drchrono.com - Information Disclosure and Windows Host Exposed
https://hackerone.com/reports/141197 |  get_icu_value_internal out-of-bounds read
https://hackerone.com/reports/141198 |  Template stored XSS
https://hackerone.com/reports/141202 |  imagescale out-of-bounds read
https://hackerone.com/reports/141212 |  Integer underflow / arbitrary null write in fread/gzread
https://hackerone.com/reports/141240 |  Angular injection in the profile name of onpatient
https://hackerone.com/reports/141244 |  XSS in zendesk.com/product/
https://hackerone.com/reports/141344 |  [CRITICAL]  CSRF  leading to account take over 
https://hackerone.com/reports/141463 |  Stored XSS via AngularJS Injection
https://hackerone.com/reports/141541 |  User with no permissions can access full wdcalendar feed
https://hackerone.com/reports/141629 |  Able to remove the admin access of my program
https://hackerone.com/reports/141700 |  Bypass GlassWire's monitoring of Hosts file
https://hackerone.com/reports/141734 |  Bypassing Password Reset  
https://hackerone.com/reports/141839 |  Multiple vulnerabilities related to PCRE functions (already fixed)
https://hackerone.com/reports/142084 |  Stored XSS in unifi.ubnt.com
https://hackerone.com/reports/142096 |  [Screenhero] Subdomain takeover
https://hackerone.com/reports/142101 |  User with no permissions can create, edit, delete favorite prescriptions /erx/
https://hackerone.com/reports/142135 |  XSS Ğ² upload.php
https://hackerone.com/reports/142472 |  CVE-2016-2177 Undefined pointer arithmetic in SSL code
https://hackerone.com/reports/142549 |  Information Disclosure through .DS_Store in â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ
https://hackerone.com/reports/142709 |  Fetching external resources through svg images
https://hackerone.com/reports/142773 |  16 instances where return value of OpenSSL i2d_RSAPublicKey is discarded -- might lead to use of uninitialized memory
https://hackerone.com/reports/142940 |  Bug Report 
https://hackerone.com/reports/142946 |  xss vulnerability in http://ubermovement.com/community/daniel
https://hackerone.com/reports/143022 |  Heap corruption via Python 2.7.11 IOBase readline()
https://hackerone.com/reports/143064 |  Information Disclosure
https://hackerone.com/reports/143139 |  upgrade Aspen on inside.gratipay.com to pick up CR injection fix
https://hackerone.com/reports/143220 |  XSS on www.mapbox.com/authorize
https://hackerone.com/reports/143234 |  Integer Overflow in _gd2GetHeader() resulting in heap overflow
https://hackerone.com/reports/143240 |  XSS on www.mapbox.com/authorize/ because of open redirect at /core/oauth/auth
https://hackerone.com/reports/143669 |  ĞŸĞ¾Ğ»ÑƒÑ‡ĞµĞ½Ğ¸Ğµ Ğ¾Ñ€Ğ¸Ğ³Ğ¸Ğ½Ğ°Ğ»Ğ° ÑĞºÑ€Ñ‹Ñ‚Ğ¾Ğ³Ğ¾ Ğ¸Ğ·Ğ¾Ğ±Ñ€Ğ°Ğ¶ĞµĞ½Ğ¸Ñ
https://hackerone.com/reports/143717 |  Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical)
https://hackerone.com/reports/143903 |  File upload over private IM channel
https://hackerone.com/reports/143935 |  [sms-be-vip.twitter.com] vulnerable to Jetleak
https://hackerone.com/reports/143966 |  Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)
https://hackerone.com/reports/143975 |  Homograph attack in escalate report
https://hackerone.com/reports/144000 |  Authorization Bypass in Delivery Chat Logs
https://hackerone.com/reports/144129 |  Old titles are not hidden in reports with limited disclosure
https://hackerone.com/reports/144482 |  StringIO strio_getline() can divulge arbitrary memory
https://hackerone.com/reports/144616 |  Brute-Forcing invite codes  in partners.uber.com 
https://hackerone.com/reports/144674 |  [townwars.mail.ru] Time-Based SQL Injection
https://hackerone.com/reports/144782 |  CVE-2016-0772 - python: smtplib StartTLS stripping attack
https://hackerone.com/reports/145086 |  Stored XSS in SupportFlow Ticket Subject
https://hackerone.com/reports/145091 |  Stored XSS from ticket messages in admin table in SupportFlow
https://hackerone.com/reports/145128 |  [account-global.ubnt.com] CRLF Injection
https://hackerone.com/reports/145150 |  Bulk UUID enumeration via invite codes
https://hackerone.com/reports/145224 |  Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry
https://hackerone.com/reports/145265 |  Adobe Flash Player ShimContentFactory class Memory Corruption Vulnerability
https://hackerone.com/reports/145266 |  Adobe Flash Player ShimContentFactory.retrieveResolvers Memory Corruption Vulnerability
https://hackerone.com/reports/145267 |  Adobe Flash Player ShimContentResolver.configure Memory Corruption Vulnerability
https://hackerone.com/reports/145269 |  Adobe Flash Player ShimOpportunityGenerator class Memory Corruption Vulnerability
https://hackerone.com/reports/145271 |  Adobe Flash Player ShimContentResolver(resolverType=0) class Memory Corruption Vulnerability
https://hackerone.com/reports/145272 |  Adobe Flash Player ShimContentResolver(resolverType=1) class Memory Corruption Vulnerability
https://hackerone.com/reports/145278 |  xss in https://www.uber.com
https://hackerone.com/reports/145355 |  Stored XSS on Share-popup of a directory's Gallery-view
https://hackerone.com/reports/145452 |  Share owner has no possibility to list all existing derived shares
https://hackerone.com/reports/145463 |  Nextcloud server software: Content Spoofing
https://hackerone.com/reports/145467 |  Downloading password protected / restricted videos
https://hackerone.com/reports/145629 |  2-factor authentication bypass
https://hackerone.com/reports/145950 |  Uploading files to a folder where invited user don't have any EDIT privilege
https://hackerone.com/reports/146180 |  Integer Overflow in SplFileObject::fread
https://hackerone.com/reports/146182 |  Integer Overflow/Heap Overflow in json_encode()/json_decode()
https://hackerone.com/reports/146183 |  Integer Overflow in nl2br()
https://hackerone.com/reports/146184 |  Integer Overflow in addcslashes()/addslashes()
https://hackerone.com/reports/146185 |  Integer Overflow in Length of String-typed ZVAL
https://hackerone.com/reports/146200 |  _php_mb_regex_ereg_replace_exec - double free
https://hackerone.com/reports/146202 |  Invalid free in phar_extract_file()
https://hackerone.com/reports/146233 |  Use After Free Vulnerability in PHP's GC algorithm and unserialize
https://hackerone.com/reports/146235 |  ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
https://hackerone.com/reports/146255 |  Double Free Corruption in wddx.c (extension)
https://hackerone.com/reports/146278 |  Log pollution can lead to HTML Injection.
https://hackerone.com/reports/146336 |  XSS vulnerable parameter in a location hash
https://hackerone.com/reports/146360 |  Heap Overflow Due To Integer Overflow
https://hackerone.com/reports/146707 |  Mixed Active Scripting Issue on https://www.lahitapiola.fi
https://hackerone.com/reports/146845 |  Race Conditions in Popular reports feature.
https://hackerone.com/reports/146910 |  RC4 cipher suites detected
https://hackerone.com/reports/146911 |  The POODLE attack (SSLv3 supported)
https://hackerone.com/reports/146936 |  CVE-2015-8874 Stack overflow with imagefilltoborder
https://hackerone.com/reports/146940 |  pass2_no_dither out-of-bounds access
https://hackerone.com/reports/146944 |  NULL Pointer Dereference at _gdScaleVert
https://hackerone.com/reports/147125 |  Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
https://hackerone.com/reports/147369 |  User can start call in a channel of an unpaid account
https://hackerone.com/reports/147544 |  Generate new Test token
https://hackerone.com/reports/147577 |  Application error message
https://hackerone.com/reports/147776 |  Change contents of the careers iframe in https://corp.badoo.com/jobs
https://hackerone.com/reports/148050 |  Know undisclosed Bounty Amount when Bounty Statistics are enabled.
https://hackerone.com/reports/148151 |  SMB User Authentication Bypass and Persistence
https://hackerone.com/reports/148467 |  ĞŸĞ°Ğ±Ğ»Ğ¸ĞºĞ¸: ĞœĞ¾Ğ´ĞµÑ€Ğ°Ñ‚Ğ¾Ñ€ Ğ¿Ğ°Ğ±Ğ»Ğ¸ĞºĞ° Ğ¼Ğ¾Ğ¶ĞµÑ‚ ÑƒĞ´Ğ°Ğ»ÑÑ‚ÑŒ Ğ´Ğ¾Ğ±Ğ°Ğ²Ğ»ĞµĞ½Ğ½Ñ‹Ğµ Ñ€ĞµĞ´Ğ°ĞºÑ‚Ğ¾Ñ€Ğ°Ğ¼Ğ¸ Ğ¼Ğ°Ñ‚ĞµÑ€Ğ¸Ğ°Ğ»Ñ‹ Ñ Ñ‚Ğ°Ğ¹Ğ¼ĞµÑ€Ğ¾Ğ¼ Ğ½Ğ° Ğ¿ÑƒĞ±Ğ»Ğ¸ĞºĞ°Ñ†Ğ¸Ñ.
https://hackerone.com/reports/148609 |  Register multiple users using one invitation (race condition)
https://hackerone.com/reports/148741 |  Stored Cross-Site-Scripting in CMS Airship's  authors profiles
https://hackerone.com/reports/148751 |  Stored XSS in comments
https://hackerone.com/reports/148764 |  [idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs)
https://hackerone.com/reports/148770 |  Subdomain takeover at api.legalrobot.com due to non-used domain in Modulus.io.
https://hackerone.com/reports/148777 |  Microsoft IIS tilde directory enumeration
https://hackerone.com/reports/148848 |  "a stored xss issue in share post menu"
https://hackerone.com/reports/148853 |  Stored XSS using  SVG 
https://hackerone.com/reports/148865 |  HTML in Diffusion not escaped in certain circumstances
https://hackerone.com/reports/148963 |  Application error message
https://hackerone.com/reports/149011 |  a stored xss issue in https://files.slack.com
https://hackerone.com/reports/149154 |  Stored xss 
https://hackerone.com/reports/149287 |  Reflected Xss in AirMax [Nanostation Loco M2]
https://hackerone.com/reports/149571 |  Stored XSS in wis.pr
https://hackerone.com/reports/149798 |  Content (Text) Injection at NextCloud Server 9.0.52 - via http://custom_nextcloud_url/remote.php/dav/files/ 
https://hackerone.com/reports/149855 |  Reflected XSS in m.imgur.com
https://hackerone.com/reports/149907 |  Urgent: attacker can access every data source on Bime
https://hackerone.com/reports/149914 |  Attacker can access graphic representation of every query
https://hackerone.com/reports/150083 |  Cross Site Scripting(XSS) on IRCCloud Badges Page (using Parameter Pollution)
https://hackerone.com/reports/150156 |  SQL Injection on sctrack.email.uber.com.cn
https://hackerone.com/reports/150179 |  Html Injection and Possible XSS in sms-be-vip.twitter.com
https://hackerone.com/reports/150374 |  https://windsor.shopify.com/ takeover
https://hackerone.com/reports/150626 |  Heap Buffer Overflow
https://hackerone.com/reports/150905 |  Information disclosure through directory listing at http://dockerhost01.maximum.nl:8080
https://hackerone.com/reports/150976 |  Flash â€œlocal-with-filesystemâ€ Bypass in navigateToURL
https://hackerone.com/reports/151034 |  Xss on billing
https://hackerone.com/reports/151039 |  Adobe Flash Player TimedEvent.parent Memory Corruption Vulnerability
https://hackerone.com/reports/151040 |  Adobe Flash Player ShimAdPolicySelector(adPolicySelectorType=0) class Memory Corruption
https://hackerone.com/reports/151043 |  Adobe Flash Player PSDK Class Use After Free Vulnerability
https://hackerone.com/reports/151058 |  Stealing livechat token and using it to chat as the user - user information disclosure 
https://hackerone.com/reports/151117 |  [bbPress] Stored XSS in any forum post.
https://hackerone.com/reports/151459 |  Creating Post on a restricted channel
https://hackerone.com/reports/151465 |  Get organization info base on uuid
https://hackerone.com/reports/151470 |  [IODR] Get business trip via organization id
https://hackerone.com/reports/151475 |  ownCloud 2.2.2.6192 DLL Hijacking Vulnerability
https://hackerone.com/reports/151516 |  CSV Injection at Camptix Event Ticketing
https://hackerone.com/reports/151868 |  No Rate Limit In Inviting Similar Contact Multiple Times
https://hackerone.com/reports/152013 |  CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php'
https://hackerone.com/reports/152067 |  Stored XSS on developer.uber.com via admin account compromise
https://hackerone.com/reports/152231 |  Out of bound read in exif_process_IFD_in_MAKERNOTE
https://hackerone.com/reports/152232 |  NULL Pointer Dereference in exif_process_user_comment
https://hackerone.com/reports/152266 |  Use After Free Vulnerability in SNMP with GC and unserialize()
https://hackerone.com/reports/152267 |  Use After Free in unserialize() with Unexpected Session Deserialization
https://hackerone.com/reports/152278 |  Stack-based buffer overflow vulnerability in php_stream_zip_opener
https://hackerone.com/reports/152280 |  Stack-based buffer overflow vulnerability in virtual_file_ex
https://hackerone.com/reports/152281 |  Use After Free/Double Free in Garbage Collection
https://hackerone.com/reports/152398 |  In correct casting from size_t to int lead to heap overflow in mcrypt_generic
https://hackerone.com/reports/152399 |  php curl ext size_t overflow lead to heap corruption
https://hackerone.com/reports/152400 |  php mcrypt ext - In correct casting from size_t to int lead to heap overflow in mdecrypt_generic
https://hackerone.com/reports/152407 |  Missing Access Control(IDOR) To Know LinkedAccounts 
https://hackerone.com/reports/152416 |  Lazy Load stored XSS
https://hackerone.com/reports/152569 |  Cross-Site Request Forgery (CSRF)
https://hackerone.com/reports/152577 |  Content Injection at First & Last Name Parameters that could Lead Fraud Issue
https://hackerone.com/reports/152584 |  S3 bucket takeover due to proxy.harvestfiles.com
https://hackerone.com/reports/152586 |  CSRF token fixation in Sign in with Google
https://hackerone.com/reports/152591 |  Stored XSS on invoice, executing on any subdomain
https://hackerone.com/reports/152669 |  Users enumeration is possible through cycling through recurring[client_id] argument value.
https://hackerone.com/reports/152692 |  Persistent Cross-Site Scripting in WooCommerce WordPress plugin
https://hackerone.com/reports/152696 |  Leak of all project names and all user names , even across applications
https://hackerone.com/reports/152772 |  Inadequate error handling in bzread()
https://hackerone.com/reports/152782 |  locale_accept_from_http out-of-bounds access
https://hackerone.com/reports/152784 |  imagegif/output out-of-bounds access
https://hackerone.com/reports/152929 |  Project Disclosure of all Harvest Instances
https://hackerone.com/reports/152958 |  Multiple XSS in Camptix Event Ticketing Plugin
https://hackerone.com/reports/153093 |  WordPress core  - Denial of Service via Cross Site Request Forgery
https://hackerone.com/reports/153618 |  Reflected XSS via #tags= while using a callback in newswire  http://www.rockstargames.com/newswire
https://hackerone.com/reports/153666 |  csp bypass + xss
https://hackerone.com/reports/153776 |  gdImageTrueColorToPaletteBody allows arbitrary write/read access
https://hackerone.com/reports/153863 |  heap-buffer-overflow (write) simplestring_addn simplestring.c
https://hackerone.com/reports/153905 |  IDOR - Disable sharing
https://hackerone.com/reports/154096 |  Blind OOB XXE At "http://ubermovement.com/"
https://hackerone.com/reports/154369 |  Unauthorized access to Zookeeper on http://locutus-zk3.ec2.shopify.com:2181
https://hackerone.com/reports/154400 |  Opportunity to set arbitrary cookies
https://hackerone.com/reports/154405 |  Read access to hidden orders,products,customers etc. by limited access Staff member through reference page in Comments (Information disclosure )
https://hackerone.com/reports/154410 |  Delete/modify  your own comment after limited access(IDOR)
https://hackerone.com/reports/154425 |  Subdomain takeover on http://fastly.sc-cdn.net/
https://hackerone.com/reports/154827 |  More content spoofing through dir param in the files app
https://hackerone.com/reports/154963 |  Stealing User emails by clickjacking cards.twitter.com/xxx/xxx
https://hackerone.com/reports/155222 |  (BYPASS) Open Redirect after login at http://ecommerce.shopify.com
https://hackerone.com/reports/155223 |  Use After Free Vulnerability in array_walk()/array_walk_recursive()
https://hackerone.com/reports/155618 |  Watch any Password Video without password
https://hackerone.com/reports/155657 |  Arbitrary Code Injection in ownCloudâ€™s Windows Client
https://hackerone.com/reports/155704 |  Staff member can delete Private Apps
https://hackerone.com/reports/155774 |  CSRF - Add optional two factor mobile number
https://hackerone.com/reports/156258 |  OX (Guard): Stored Cross-Site Scripting via Incoming Email
https://hackerone.com/reports/156347 |  Stored XSS triggered by json key during UI generation
https://hackerone.com/reports/156373 |  Stored xss
https://hackerone.com/reports/156387 |  Stored XSS from Display Settings triggered on Save and viewing realtime search demo
https://hackerone.com/reports/156520 |  Unauthorized team members can leak information and see all API calls through /1/admin/* endpoints, even after they have been removed.
https://hackerone.com/reports/156542 |  Avoid "resend verification email" confusion
https://hackerone.com/reports/156948 |  Repeated mediation requests and multiple emails possible on a report.
https://hackerone.com/reports/157412 |  Querying private posts and changing post meta
https://hackerone.com/reports/157699 |  Disclosure of external users invited to a specific report
https://hackerone.com/reports/157876 |  (FULL PATH DISCLOSURE) Unknown MySQL server host 'shardm-reader.chi2.shopify.io'  
https://hackerone.com/reports/157956 |  CSRF To change Email Notification Settings 
https://hackerone.com/reports/157958 |  Stored XSS
https://hackerone.com/reports/157993 |  Cross-Site Request Forgery (CSRF)
https://hackerone.com/reports/157996 |  Race Condition in Redeeming Coupons
https://hackerone.com/reports/158002 |  Missing rel=noreferrer tag allows link in list to change url of currently open tab
https://hackerone.com/reports/158016 |  Server side request forgery on image upload for lists
https://hackerone.com/reports/158019 |  Host Header Injection/Redirection in: https://www.instacart.com/
https://hackerone.com/reports/158021 |  Image Upload Path Disclosure
https://hackerone.com/reports/158118 |  Access to Splunk at https://apt.ec2.shopify.com:8089
https://hackerone.com/reports/158148 |  reverb.twitter.com redirects to vulnerable reverb.guru
https://hackerone.com/reports/158157 |  shopper login_code's can be brute forced
https://hackerone.com/reports/158186 |  Non-secure requests are not automatically upgraded to HTTPS
https://hackerone.com/reports/158434 |  (BYPASS) Open redirect and XSS in supporthiring.shopify.com
https://hackerone.com/reports/158484 |  [scores.ubnt.com] DOM based XSS at form.html
https://hackerone.com/reports/158554 |  Hyperlink Injection in Friend Invitation Emails
https://hackerone.com/reports/158853 |  OX Guard: DOM Based Cross-Site Scripting
https://hackerone.com/reports/158979 |  PM with can Set up email for invoices and estimates (Access control Issue)
https://hackerone.com/reports/159156 |  Hacker.One Subdomain Takeover
https://hackerone.com/reports/159387 |  PM can delete the company logo image (Vertical Privilege Escalation )
https://hackerone.com/reports/159391 |  Record payment for any invoice by PM (Access control Issue)
https://hackerone.com/reports/159393 |  PM can delete payment of any invoice in company (Access control Issue)
https://hackerone.com/reports/159395 |  Unauthorized access to all the actions of invoices by PM (Access control Issues) 
https://hackerone.com/reports/159399 |  Unauthorized read access to Invoices by PM (Access control Issues)
https://hackerone.com/reports/159460 |   Stored XSS(Cross Site Scripting) In Slack App Name
https://hackerone.com/reports/159498 |  Blind Stored XSS Against Lahitapiola Employees - Session and Information leakage
https://hackerone.com/reports/159512 |  Requesting Mediation possible on reports that are too old for mediation
https://hackerone.com/reports/159522 |  Open redirect using checkout_url
https://hackerone.com/reports/159526 |  Information leakage of private program
https://hackerone.com/reports/159686 |  integer overflow in the _csv module's join_append_data function
https://hackerone.com/reports/159687 |  integer overflow in binascii.b2a_qp
https://hackerone.com/reports/159690 |  stack buffer overflows in the curses module
https://hackerone.com/reports/159693 |  Py_DECREF on a non-owned object in the _sre module
https://hackerone.com/reports/159696 |  Two vulnerabilities in the ssl module
https://hackerone.com/reports/159820 |  Issues with uploading list images
https://hackerone.com/reports/159878 |  [render.bitstrips.com] Stored XSS via an incorrect avatar property value
https://hackerone.com/reports/159943 |  Create an Unexpected Object and Don't Invoke __wakeup() in During Deserialization
https://hackerone.com/reports/159946 |  PHP Session Data Injection Vulnerability
https://hackerone.com/reports/159948 |  Use After Free Vulnerability in unserialize()
https://hackerone.com/reports/159953 |  integer overflow in curl_escape caused heap corruption
https://hackerone.com/reports/159954 |  integer overflow in base64_decode caused heap corruption
https://hackerone.com/reports/159955 |  integer overflow in bzdecompress caused heap corruption
https://hackerone.com/reports/159958 |  Integer overflow lead to heap corruption in sql_regcase
https://hackerone.com/reports/159959 |  integer overflow in quoted_printable_encode caused heap corruption
https://hackerone.com/reports/159960 |  integer overflow in urlencode caused heap corruption
https://hackerone.com/reports/159961 |  integer overflow in php_uuencode caused heap corruption
https://hackerone.com/reports/159988 |  Heap Overflow due to integer overflows
https://hackerone.com/reports/159992 |  memory allocator fails to realloc small block to large one
https://hackerone.com/reports/160047 |  [apps.shopify.com] Open Redirect
https://hackerone.com/reports/160109 |  Brute force login and bypass locked account restrictions via iOS app
https://hackerone.com/reports/160294 |  Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128)
https://hackerone.com/reports/160295 |  Heap overflow in curl_escape
https://hackerone.com/reports/160520 |  Bypass fix in https://hackerone.com/reports/151516 report.
https://hackerone.com/reports/160981 |  Extracting private info of estimates.
https://hackerone.com/reports/161189 |  select_colors write out-of-bounds
https://hackerone.com/reports/161193 |  imagegammacorrect allows arbitrary write access
https://hackerone.com/reports/161198 |  wddx_deserialize null dereference with invalid xml
https://hackerone.com/reports/161200 |  wddx_deserialize allows illegal memory access
https://hackerone.com/reports/161216 |  wddx_deserialize null dereference
https://hackerone.com/reports/161217 |  wddx_deserialize null dereference in php_wddx_pop_element
https://hackerone.com/reports/161301 |  READ .svg files by changing .svg into .png extension
https://hackerone.com/reports/161485 |  Non-secure requests to www.lahitapiola.fi are not automatically upgraded to HTTPS
https://hackerone.com/reports/161710 |  Possible to steal any protected files on Android
https://hackerone.com/reports/162822 |  Fetch private list metadata and any user's personal name
https://hackerone.com/reports/162955 |  Code Injection in Slack's Windows Desktop Client leads to Privilege Escalation
https://hackerone.com/reports/163067 |  Stealing users password (Limited Scenario)
https://hackerone.com/reports/163087 |  use of uninitialized variables in operator.methodcaller
https://hackerone.com/reports/163307 |  WordPress Authentication Denial of Service
https://hackerone.com/reports/163459 |  potential memory corruption in or/buffers.c (particularly on 32 bit)
https://hackerone.com/reports/163464 |  User Information sent to client through websockets
https://hackerone.com/reports/163467 |  User Information leak allows user to bypass email verification.
https://hackerone.com/reports/163476 |  Information Disclosure in AWS S3 Bucket
https://hackerone.com/reports/163491 |  CORS (Cross-Origin Resource Sharing)
https://hackerone.com/reports/163676 |   Legal | Application is Missing CSP(Content Security Policy) Header 
https://hackerone.com/reports/164027 |  Reflected Self-XSS Vulnerability in the Comment section of Files Information
https://hackerone.com/reports/164137 |  Possible content spoofing due to missing error page
https://hackerone.com/reports/164152 |  [ibank.qiwi.ru] XSS via Request-URI
https://hackerone.com/reports/164224 |  Urgent: Server side template injection via Smarty template allows for RCE
https://hackerone.com/reports/164515 |  Project Manager can approve pending reports(Access control Issue)
https://hackerone.com/reports/164546 |  CSRF bypass on Submit Time sheet for Approval
https://hackerone.com/reports/164578 |  Reflected XSS in www.lahitapiola.fi (/cs/Satellite) using Oracle WebCenter -page
https://hackerone.com/reports/164581 |  Oracle WebCenter Sites Support Tools available and Information disclosure (/cs/Satellite)
https://hackerone.com/reports/164649 |  [Studio.twitter.com] See someone else pics 
https://hackerone.com/reports/164656 |  [contact-sys.com] XSS via Request-URI
https://hackerone.com/reports/164662 |  [wallet.rapida.ru] XSS Cookie flashcookie
https://hackerone.com/reports/164674 |  CSV Injection in Camptix
https://hackerone.com/reports/164684 |  [lk.contact-sys.com] SQL Injection reset_password FP_LK_USER_LOGIN
https://hackerone.com/reports/164704 |  [contact-sys.com] XSS /ajax/transfer/status trn param
https://hackerone.com/reports/164739 |  SQL Injection on `/cs/Satellite` path
https://hackerone.com/reports/164821 |  OX Guard: DOM Based Cross-Site Scripting (#2)
https://hackerone.com/reports/164833 |  Hyperlink Injection in Friend Invitation Emails
https://hackerone.com/reports/164916 |  Same origin policy bypass on e.mail.ru via Cross-Site Flashing
https://hackerone.com/reports/164933 |  [lk.contact-sys.com] LKlang Path Traversal
https://hackerone.com/reports/164945 |  [contact-sys.com] SQL Injectionâ–ˆâ–ˆâ–ˆâ–ˆ limit param
https://hackerone.com/reports/165046 |  Open redirect allows changing iframe content in *.myshopify.com/admin/themes/<id>/editor
https://hackerone.com/reports/165102 |  urllib HTTP header injection CVE-2016-5699
https://hackerone.com/reports/165131 |  Seemingly sensitive information at /api/v2/zones
https://hackerone.com/reports/165154 |  Additional information for CVE-2016-5699
https://hackerone.com/reports/165219 |  [id.rapida.ru] Full Path Disclosure
https://hackerone.com/reports/165229 |  Nextcloud 10.0 privilege escalation issue - Normal user can mask external storage shared by admin    
https://hackerone.com/reports/165275 |  OX (Guard): Stored Cross-Site Scripting via Email Attachment
https://hackerone.com/reports/165324 |  XSS on expenses attachments
https://hackerone.com/reports/165570 |  Race Condition in account survey
https://hackerone.com/reports/165686 |  Reflected XSS in Gallery App
https://hackerone.com/reports/165727 |  Rate-limit bypass
https://hackerone.com/reports/165862 |  Invoices can be added to any retainers - even closs-platform
https://hackerone.com/reports/165930 |  PHP info page disclosure on http://www.day.dk/
https://hackerone.com/reports/166080 |  null pointer dereference in set_conversion_mode due uncheck _ctypes_conversion_errors
https://hackerone.com/reports/166265 |  Verification of E-Mail address possible on https://biz.yelp.com/login and https://biz.yelp.com/forgot
https://hackerone.com/reports/166629 |  Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
https://hackerone.com/reports/166634 |  SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
https://hackerone.com/reports/166661 |  Arbitrary heap overread in strscan on 32 bit Ruby, patch included
https://hackerone.com/reports/166682 |  Denial of Service through set_preference.json
https://hackerone.com/reports/166709 |  Self-XSS via location cookie city field when getting suggestions for a new location
https://hackerone.com/reports/166826 |  Potential Subdomain Takeover Possible
https://hackerone.com/reports/166871 |  Instance of Apache Vulnerable to Several Issues
https://hackerone.com/reports/166887 |  Unsanitized Location Name in POS Channel can lead to XSS in Orders Timeline
https://hackerone.com/reports/166942 |  leaking Digits OAuth authorization to third party websites
https://hackerone.com/reports/167075 |  XSS in SHOPIFY: Unsanitized Supplier Name  can lead to XSS in Transfers Timeline
https://hackerone.com/reports/167489 |  Bybass The Closing of the account and logged again to your account
https://hackerone.com/reports/167688 |  msilib.OpenDatabase Type Confusion
https://hackerone.com/reports/167731 |  Make victim buy in attacker's account without any idea - http://www.booztlet.com/
https://hackerone.com/reports/167846 |  Deleted Post and Administrative Function Access in eCommerce Forum
https://hackerone.com/reports/167888 |  Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF
https://hackerone.com/reports/167895 |  Out of bound when verify signature of zip phar in phar_parse_zipfile
https://hackerone.com/reports/167896 |  Out of bound when verify signature of tar phar in phar_parse_tarfile
https://hackerone.com/reports/167901 |  integer overflow in pg_escape_string caused heap corruption
https://hackerone.com/reports/167902 |  integer overflow in php_ldap_do_escape caused heap corruption
https://hackerone.com/reports/167903 |   integer overflow in str_pad caused heap corruption
https://hackerone.com/reports/167904 |  heap overflow in substr_replace
https://hackerone.com/reports/167905 |  integer overflow in pg_escape_bytea caused heap corruption
https://hackerone.com/reports/167906 |  integer overflow in imap_binary caused heap corruption
https://hackerone.com/reports/167907 |  integer overflow in preg_quote caused heap corruption
https://hackerone.com/reports/167908 |  integer overflow in fgets cause heap corruption
https://hackerone.com/reports/167909 |  integer overflow in recode_string caused heap corruption
https://hackerone.com/reports/167910 |  memory corruption in wordwrap function
https://hackerone.com/reports/167911 |  integer overflow in fgetcsv caused heap corruption
https://hackerone.com/reports/167921 |  integer overflow in xml_utf8_encode
https://hackerone.com/reports/167931 |  Memory Corruption in During Deserialized-object Destruction
https://hackerone.com/reports/167977 |  Missing type check when unserializing SplArray
https://hackerone.com/reports/168027 |  gzdecode does NOT check output string size which leads to an overflow
https://hackerone.com/reports/168028 |  gzuncompress does NOT check output string size which leads to an overflow
https://hackerone.com/reports/168029 |  ldap_escape could produce string larger than 2Gb
https://hackerone.com/reports/168116 |  Insufficient validation on Digits bridge
https://hackerone.com/reports/168458 |  Stored XSS in https://productreviews.shopifyapps.com/proxy/v4/reviews/product
https://hackerone.com/reports/168476 |  Incoming email hijacking on sc-cdn.net
https://hackerone.com/reports/168485 |  Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE
https://hackerone.com/reports/168538 |  Twitter iOS fails to validate server certificate and sends oauth token
https://hackerone.com/reports/169699 |  CSRF in the "Add restaurant picture" function
https://hackerone.com/reports/169759 |  Open redirect in bulk edit
https://hackerone.com/reports/170138 |  SEH buffer overflow msgfmt_format_message
https://hackerone.com/reports/170144 |  wddx_deserialize use-after-free
https://hackerone.com/reports/170161 |  Password reset token not expiring
https://hackerone.com/reports/170260 |  imap_rfc822_parse_headers GS Violation
https://hackerone.com/reports/170310 |  Bypass rate limiting on /users/password (possibly site-wide rate limit bypass?)
https://hackerone.com/reports/170548 |  Ruby OpenSSL Library - IV Reuse in GCM Mode
https://hackerone.com/reports/170618 |  CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element
https://hackerone.com/reports/170619 |  PHP Integer Overflow in gdImageWebpCtx
https://hackerone.com/reports/170894 |  Facebook and twitter page claimed of maximum.com [important]
https://hackerone.com/reports/171205 |  No rate limit for Referral Program
https://hackerone.com/reports/172115 |  Multiple use after frees in obj2ast_* methods
https://hackerone.com/reports/172137 |  Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com
https://hackerone.com/reports/172227 |  Stored XSS in photo comment functionality
https://hackerone.com/reports/172289 |  HackerOne Integrations Design Issue
https://hackerone.com/reports/172403 |  Python 2.7 32-bit JSON encoding heap corruption
https://hackerone.com/reports/172411 |  Heap overflow caused by type confusion vulnerability in merge_param()
https://hackerone.com/reports/172545 |  IDOR - Ability to view unlisted products
https://hackerone.com/reports/172549 |  Possible Blind Writing to S3 Bucket
https://hackerone.com/reports/172562 |  LZMADecompressor.decompress Use After Free
https://hackerone.com/reports/172574 |  Follow Button XSS
https://hackerone.com/reports/172595 |  Reflected XSS in LTContactFormReceiver (/cs/Satellite)
https://hackerone.com/reports/172698 |  Subdomain take over signup.websummit
https://hackerone.com/reports/172711 |  Content Spoofing in udemy
https://hackerone.com/reports/172733 |  Add signature to transactions without any permission
https://hackerone.com/reports/172780 |  out of date disqus shortname usage in the web app source code
https://hackerone.com/reports/172837 |  password less login token expiration issue
https://hackerone.com/reports/172843 |  DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request
https://hackerone.com/reports/172933 |  IDNs displayed in unicode in messages/about/talk sections (Homograph Attack)
https://hackerone.com/reports/173043 |  Bypassing "You've requested your data the maximum number of times today." + "Please Verify an email address with snapchat to continue" 
https://hackerone.com/reports/173681 |  [CRITICAL]-Taking over entire subdomain of romit.io
https://hackerone.com/reports/173811 |  Git available containing passwords. 
https://hackerone.com/reports/173969 |  Full access to any list
https://hackerone.com/reports/174069 |  Buffer overflow in HTTP parse_hostinfo(), parse_userinfo() and parse_scheme()
https://hackerone.com/reports/174328 |  CSRF in github integration
https://hackerone.com/reports/174474 |  Cookie Injection at 'harvestapp.com'
https://hackerone.com/reports/174632 |  Information disclosure in mmap module - python 2.7.12
https://hackerone.com/reports/174645 |  Existence of Folder path by guessing the path through response
https://hackerone.com/reports/174668 |  No rate-limit in SERVER_SECURITY_CHECK
https://hackerone.com/reports/174721 |  View liked twits of private account via publish.twitter.com
https://hackerone.com/reports/174871 |  Linking Invoice to uninvited project.
https://hackerone.com/reports/174882 |  Requesting Show CheckIn Alert for Non Friend User
https://hackerone.com/reports/175070 |  Subdomain takeover on rider.uber.com due to non-existent distribution on Cloudfront
https://hackerone.com/reports/175091 |  chain.__setstate__ Type Confusion
https://hackerone.com/reports/175168 |  [ecommerce.shopify.com] Invalidated redirection
https://hackerone.com/reports/175260 |  missing NULL check in dom_document_save_html
https://hackerone.com/reports/175262 |  NULL pointer dereference in SimpleXMLElement::asXML()
https://hackerone.com/reports/175263 |  crash in openssl_random_pseudo_bytes function
https://hackerone.com/reports/175264 |  heap overflow in php_ereg_replace function
https://hackerone.com/reports/175286 |  Homograph attack
https://hackerone.com/reports/175310 |  Write out-of-bounds at number_format
https://hackerone.com/reports/175311 |  memcpy negative size parameter in php_resolve_path
https://hackerone.com/reports/175312 |  memcpy negative parameter _bc_new_num_ex
https://hackerone.com/reports/175315 |  Illegal write access through Locale methods
https://hackerone.com/reports/175316 |  stack-buffer-overflow through "ResourceBundle" methods
https://hackerone.com/reports/175320 |  2 Directory Listing on ledger.brave.com & vault-staging.brave.com
https://hackerone.com/reports/175403 |  [website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html
https://hackerone.com/reports/175490 |  Able to Login deactivated staff account in shopify app mobile
https://hackerone.com/reports/175529 |  URI Obfuscation
https://hackerone.com/reports/175587 |  Stack Buffer Overflow in GD dynamicGetbuf
https://hackerone.com/reports/175779 |  Address Bar Spoofing - Already resolved - Retroactive report
https://hackerone.com/reports/175958 |  [iOS/Android] Address Bar Spoofing Vulnerability 
https://hackerone.com/reports/175979 |  Access to local file system using javascript
https://hackerone.com/reports/175982 |  Use-after-free in unserialize()
https://hackerone.com/reports/176065 |  [Android] HTML Injection in BatterySaveArticleRenderer WebView
https://hackerone.com/reports/176066 |  Denial of service attack on Brave Browser.
https://hackerone.com/reports/176197 |  Denial of service attack(window object) on brave browser
https://hackerone.com/reports/176226 |  CachingIterator null dereference when convert to string
https://hackerone.com/reports/176279 |  Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412)
https://hackerone.com/reports/176308 |  Wordpress.com REST API oauth bypass via Cross Site Flashing
https://hackerone.com/reports/176754 |   Cross-site scripting (reflected)
https://hackerone.com/reports/176899 |  Editing a project (LIMITED)
https://hackerone.com/reports/176929 |  [ios] Address bar spoofing in Brave for iOS
https://hackerone.com/reports/176979 |  Authentication Issue
https://hackerone.com/reports/177472 |  CSRF: add item to victim's cart automatically (starbucks.com - updatecart)
https://hackerone.com/reports/177508 |  Reflected XSS by exploiting CSRF vulnerability on teavana.com wishlist comment module. (wishlist-comments)
https://hackerone.com/reports/177624 |  Unvalidated redirect on team.badoo.com
https://hackerone.com/reports/177635 |  CSRF vulnerability in saving payment card on store.starbucks.com (COBilling -AddCreditCard)
https://hackerone.com/reports/177639 |  CSRF exploit | Adding/Editing comment of wishlist items (teavana.com - Wishlist-Comments)
https://hackerone.com/reports/177757 |  Stored XSS in Restoring Archived Tasks
https://hackerone.com/reports/178049 |  Ğ Ğ°ÑĞºÑ€Ñ‹Ñ‚Ğ¸Ğµ Ğ±Ğ°Ğ»Ğ°Ğ½ÑĞ° Ğ½Ğ° //kopilka.qiwi.com
https://hackerone.com/reports/178094 |  php_snmp_parse_oid integer overflow in memory allocation
https://hackerone.com/reports/178144 |  imagecropauto out-of-bounds access
https://hackerone.com/reports/178184 |  SSRF in https://cards-dev.twitter.com/validator
https://hackerone.com/reports/178284 |  [vitrina.contact-sys.com] Full Path Disclosure
https://hackerone.com/reports/178293 |  Misconfiguration in Two Factor Authorisation
https://hackerone.com/reports/178506 |  Access private list metadata
https://hackerone.com/reports/178567 |  Arbitrary modification value "session" (Cookie) in badoo.com
https://hackerone.com/reports/178742 |  Leave inaccessible messaging system with a message (https://us1.badoo.com)
https://hackerone.com/reports/178831 |  CSRF on signup endpoint (auto-api.yelp.com)
https://hackerone.com/reports/179164 |  Stored XSS in community.ubnt.com
https://hackerone.com/reports/179328 |  Open Redirect (verkkopalvelu.lahitapiola.fi)
https://hackerone.com/reports/179426 |  Reflected XSS on blockchain.info
https://hackerone.com/reports/179559 |  Stored XSS in Template Documents
https://hackerone.com/reports/179568 |  Tab nabbing via window.opener
https://hackerone.com/reports/179695 |  XSS via unicode characters in upload filename
https://hackerone.com/reports/179751 |  SQL Injection on /webApp/omatalousuk (viestinta.lahitapiola.fi)
https://hackerone.com/reports/179763 |  Suspicious browser fingerprinting(?) scripts on http://www.lahitapiola.fi/ redirector
https://hackerone.com/reports/180037 |  Selecting encryption for email with drive attachment overrides the drive email password
https://hackerone.com/reports/180109 |  crash in gzcompress and 3 other compress functions
https://hackerone.com/reports/180110 |  crash in implode() function
https://hackerone.com/reports/180111 |  crash in bzcompress function
https://hackerone.com/reports/180112 |  iconv() function missing string length check
https://hackerone.com/reports/180113 |  crash in get_icu_value_internal function
https://hackerone.com/reports/180115 |  crash in locale_get_keywords() when keyword value in locale string too long
https://hackerone.com/reports/180116 |  another crash in locale_get_keywords function
https://hackerone.com/reports/180253 |  Reflected Cross-Site Scripting due to vulnerable Flash component (Flashmediaelement.swf)
https://hackerone.com/reports/180434 |  cURL / libcURL - CVE-2016-8624 invalid URL parsing with '#'
https://hackerone.com/reports/180538 |  X.509 certificate validation fails on international vanity domains
https://hackerone.com/reports/180562 |  Memory corruption in _php_math_number_format_ex()
https://hackerone.com/reports/180563 |  Heap overflow due to integer overflow in bzdecompress() function
https://hackerone.com/reports/180572 |  Memory corruption due to missing check size in _php_math_number_format_ex()
https://hackerone.com/reports/180582 |  Heap overflow due to integer overflow in php_escape_html_entities_ex() function
https://hackerone.com/reports/180584 |  Heap overflow due to integer overflow in pg_escape_string() function
https://hackerone.com/reports/180588 |  Invalid memory access in zend_strtod() function
https://hackerone.com/reports/180589 |  crash in simplestring_addn function
https://hackerone.com/reports/180590 |  Invalid memory access in spl_filesystem_dir_open function
https://hackerone.com/reports/180591 |  Invalid memory access in php_basename function
https://hackerone.com/reports/180592 |  Invalid memory access in spl_filesystem_info_set_filename function
https://hackerone.com/reports/180695 |  ruby DoS https://www.mruby.science
https://hackerone.com/reports/180814 |  crash in locale_compose() function
https://hackerone.com/reports/180908 |  NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
https://hackerone.com/reports/180909 |  Use-after-free in ArrayObject Deserialization
https://hackerone.com/reports/180977 |  Exception cause SIGABRT
https://hackerone.com/reports/181073 |  malloc negative size parameter
https://hackerone.com/reports/181088 |  Window.opener bug at www.coinbase.com
https://hackerone.com/reports/181210 |  Incorrect detection of onion URLs
https://hackerone.com/reports/181225 |  Missing rel=noopener noreferrer in target=_blank links (Phishing attack)
https://hackerone.com/reports/181232 |  Denial of Service in mruby due to null pointer dereference
https://hackerone.com/reports/181319 |  Memory disclosure in mruby String#lines method
https://hackerone.com/reports/181321 |  Use after free vulnerability in mruby Array#to_h causing DOS possible RCE
https://hackerone.com/reports/181558 |  [DOS] denial of service using code snippet on brave browser
https://hackerone.com/reports/181594 |  Error Page Content Spoofing or Text Injection (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181642 |  libtiff 4.0.6 heap bufer overflow / out of bounds read (CVE-2016-9273)
https://hackerone.com/reports/181665 |  Subdomain Takeover (moderator.ubnt.com)
https://hackerone.com/reports/181677 |  NULL pointer dereference when parsing ternary operators
https://hackerone.com/reports/181685 |  Range#initialize_copy null pointer dereference
https://hackerone.com/reports/181686 |  [DOS] Browser hangs on loading the code snippet
https://hackerone.com/reports/181695 |  Undefined method_missing null pointer dereference
https://hackerone.com/reports/181748 |  [IDOR][translate.twitter.com] Opportunity to change any comment at the forum
https://hackerone.com/reports/181768 |  Poodle attack SSLv3 Support (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181803 |  SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181810 |  HTML Injection in email /webApp/lahti (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181826 |  SQL Injection /webApp/sijoitustalous_peruutus locId parameter (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181828 |  Segfault in mruby, mruby_engine and the parent MRI Ruby due to null pointer dereference
https://hackerone.com/reports/181842 |  Multiple Reflected XSS /webApp/lahti (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181871 |  DoS: type confusion in mrb_no_method_error
https://hackerone.com/reports/181874 |  SIGSEGV when invalid argument on remove_method
https://hackerone.com/reports/181879 |  Struct type confusion RCE
https://hackerone.com/reports/181893 |  TOCTTOU bug in mrb_str_setbyte leading the memory corruption
https://hackerone.com/reports/181910 |  Range constructor type confusion DoS
https://hackerone.com/reports/182027 |  SIGSEV on mrb_ary_splice
https://hackerone.com/reports/182104 |  Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com
https://hackerone.com/reports/182140 |  libtiff 4.0.6 segfault / read outside of buffer (CVE-2016-9297)
https://hackerone.com/reports/182160 |  XSS in IE11 on portswigger.net via Flash
https://hackerone.com/reports/182169 |  Type confusion in FutureIter_throw() which may potentially lead to an arbitrary code execution
https://hackerone.com/reports/182265 |  Option method enabled (viestinta.lahitapiola.fi)
https://hackerone.com/reports/182274 |  Null pointer dereference due to TOCTTOU bug in mrb_time_initialize
https://hackerone.com/reports/182358 |  Partial disclosure of report activity through new "Export as .zip" feature
https://hackerone.com/reports/182420 |  Illegal write/read access caused by gdImageAALine overflow
https://hackerone.com/reports/182467 |  Email Spoofing
https://hackerone.com/reports/182474 |  Use After Free in PHP7 unserialize()
https://hackerone.com/reports/182484 |  Broken handling of maximum number of method call arguments leads to segfault
https://hackerone.com/reports/182670 |  Email link poisoning / Host header attack
https://hackerone.com/reports/183231 |  SIGSEGV on mruby mrb_str_modify() (Invalid memory access)
https://hackerone.com/reports/183239 |  SIGSEGV on mruby's mark_tbl() (Invalid memory access)
https://hackerone.com/reports/183356 |  Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop
https://hackerone.com/reports/183405 |  Null target_class DoS
https://hackerone.com/reports/183425 |  Segmentation fault when a Ruby method is invoked by a C method via Object#send
https://hackerone.com/reports/183548 |  SMTP configuration vulnerability viestinta.lahitapiola.fi
https://hackerone.com/reports/183568 |  [Buddypress] Arbitrary File Deletion through bp_avatar_set
https://hackerone.com/reports/183796 |  XSS and open redirect in verkkopalvelu.lahitapiola.fi
https://hackerone.com/reports/184452 |  Disclosure of IBM Websphere page
https://hackerone.com/reports/184661 |  mruby-time: Crash host with uninitialized Time obj
https://hackerone.com/reports/184698 |  Eavesdropping on private Slack calls
https://hackerone.com/reports/184712 |  Denial of service due to invalid memory access in mrb_ary_concat
https://hackerone.com/reports/184715 |  Read after free in mrb_vm_exec with OP_ARYCAT reading R(B)
https://hackerone.com/reports/184857 |  Crash: calling Proc::initialize_copy with a Proc instance where initialize never ran leads to a crash
https://hackerone.com/reports/185041 |  Type confusion in mrb_exc_set leading to memory corruption
https://hackerone.com/reports/185051 |  Type confusion in wrap_decimal leading to memory corruption
https://hackerone.com/reports/185387 |  Null pointer dereference regression in parse.y
https://hackerone.com/reports/185775 |  Crash: Initialize Decimal with itself triggers an assertion
https://hackerone.com/reports/185794 |  Crash: mrb_any_to_s can't handle NilClass, Symbol and Fixnum
https://hackerone.com/reports/185826 |  XSS in my.shopify.com in  widget
https://hackerone.com/reports/185833 |  Incomplete or No Cache-control and Pragma HTTP Header Set
https://hackerone.com/reports/185862 |  Twitter for android is exposing user's location to any installed android app
https://hackerone.com/reports/185899 |  Invalid memory write caused by incorrect upper bound in array_copy
https://hackerone.com/reports/185907 |  unchecked unserialize usage in WordPress-Functionality-Plugin-Skeleton/functionality-plugin-skeleton.php
https://hackerone.com/reports/185909 |  unchecked unserialize usages in audit-trail-extension/audit-trail-extension.php
https://hackerone.com/reports/185914 |  constant cache_page_secret in regolith
https://hackerone.com/reports/185957 |  Crash: A call to Symbol.new leads to a crash when inspecting the resulting object
https://hackerone.com/reports/186230 |  Internal attachments can be exported via "Export as .zip" feature
https://hackerone.com/reports/186352 |  Fetching binaries (for software installation) over HTTP without verification (RCE as ROOT by MITM)
https://hackerone.com/reports/186462 |  Stored XSS at 'Buy Button' page
https://hackerone.com/reports/186554 |  Stored XSS in Adress Book (starbucks.com/account/profile)
https://hackerone.com/reports/186723 |  Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory
https://hackerone.com/reports/186766 |  Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record
https://hackerone.com/reports/187305 |  Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox
https://hackerone.com/reports/187410 |  Store XSS
https://hackerone.com/reports/187520 |  Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth
https://hackerone.com/reports/187536 |  Null pointer derefence due to bug in codegen with negation without using value
https://hackerone.com/reports/187542 |  Brave Browser unexpectedly allows to send arbitrary IPC messages
https://hackerone.com/reports/187714 |  Vine - overwrite account associated with email via android application
https://hackerone.com/reports/188086 |  Sending arbitrary IPC messages via overriding Function.prototype.apply
https://hackerone.com/reports/188102 |  3 heap corruptions in PHP
https://hackerone.com/reports/188185 |  Dom Based Xss DIV.innerHTML  parameters store.starbucks*
https://hackerone.com/reports/188313 |  Segmentation fault due to bad memory access in kh_get_mt
https://hackerone.com/reports/188326 |  Buffer overflow in mrb_time_asctime
https://hackerone.com/reports/188661 |  Invalid read when wddx decodes empty boolean element
https://hackerone.com/reports/188719 |  Information Disclosure in /skills call
https://hackerone.com/reports/188972 |  Persistent XSS in www.starbucks.com
https://hackerone.com/reports/189378 |  Unauthenticated Stored XSS on <any>.myshopify.com via checkout page
https://hackerone.com/reports/189633 |  Certain inputs cause tight C-level recursion leading to process stack overflow
https://hackerone.com/reports/189726 |  Websites opened from reports can change url of report page 
https://hackerone.com/reports/189768 |  [controlsyou.quora.com] 429 Too Many Requests Error-Page XSS
https://hackerone.com/reports/189793 |  [Android] XSS via start ContentActivity
https://hackerone.com/reports/190133 |  Segfault when passing invalid values to `values_at`
https://hackerone.com/reports/190188 |  Open Redirect bypass and cookie leakage on www.lahitapiola.com
https://hackerone.com/reports/190798 |  Reflected XSS on teavana.com (Locale-Change)
https://hackerone.com/reports/190863 |  imagefilltoborder stackoverflow on truecolor images
https://hackerone.com/reports/190933 |  Invalid parameter in memcpy function trough openssl_pbkdf2
https://hackerone.com/reports/190951 |  XSS on manually entering Postal codes
https://hackerone.com/reports/191095 |  Reflected XSS on sankarikoulutus (viestinta.lahitapiola.fi)
https://hackerone.com/reports/191146 |  SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi)
https://hackerone.com/reports/191323 |  Sub Domain Takeover at mk.prd.vine.co
https://hackerone.com/reports/191328 |  Invalid memory access in `mrb_str_format`
https://hackerone.com/reports/191380 |  CRLF and XSS stored on ton.twitter.com
https://hackerone.com/reports/191387 |  Reflected XSS and Open Redirect in several parameters (viestinta.lahitapiola.fi)
https://hackerone.com/reports/191601 |  SQL Injection on /webApp/sijoitustalousuk email-parameter + potential lack of CSRF Token (viestinta.lahitapiola.fi)
https://hackerone.com/reports/191689 |  Incorrect code generation when result of NODE_NEGATE is not used
https://hackerone.com/reports/191890 |  DOM Based XSS in Discourse Search
https://hackerone.com/reports/191909 |  XSS Vulnerability on Image link parser
https://hackerone.com/reports/191938 |  SIGSEGV on mruby mrb_get_args() 
https://hackerone.com/reports/191994 |  SIGSEGV mrb_obj_freeze() Manipulating Register RAX and RSI
https://hackerone.com/reports/192127 |  Buffer underflow in sprintf
https://hackerone.com/reports/192131 |  CSRF Attack on (m.badoo.com)deleting account and erasing imported contacts
https://hackerone.com/reports/192140 |  XSS on postal codes
https://hackerone.com/reports/192210 |  Stored XSS in blog comments through Shopify API
https://hackerone.com/reports/192223 |  XSS vulnerability on Audio and Video parsers
https://hackerone.com/reports/192235 |  Integer Overflow in mrb_ary_set
https://hackerone.com/reports/192318 |  mrb_vformat() heap overflow could lead to code execution
https://hackerone.com/reports/192362 |  Heap Overflow in mrb_arb_splice
https://hackerone.com/reports/192388 |  Unauthorised read Access to Expense Receipt of any user in the company(Vertical Privilege escalation)
https://hackerone.com/reports/192485 |  SIGSEGV on mrb_vm_exec() Null Deref
https://hackerone.com/reports/192532 |  SIGABRT, SIGSEGV mspace_free() and mrb_default_allocf()
https://hackerone.com/reports/192578 |  kh_get_n2s() stack overrun
https://hackerone.com/reports/192665 |  heap-buffer-overflow on mruby
https://hackerone.com/reports/192734 |  SIGSEGV Null Pointer mrb_str_concat()
https://hackerone.com/reports/192896 |  Memory disclosure in timegm
https://hackerone.com/reports/193056 |  Subdomain Takeover at http://gameday.websummit.net
https://hackerone.com/reports/193075 |  SIGSEGV - mrb_check_intern_str() - NullPointer
https://hackerone.com/reports/193077 |  mrb_str_modify try to write to memory not marked for writing
https://hackerone.com/reports/193081 |  Null pointer dereference in mrb_str_prepend
https://hackerone.com/reports/193143 |  Use After Free in str_replace
https://hackerone.com/reports/193314 |  SMTP user enumeration via mail.zendesk.com
https://hackerone.com/reports/193517 |  attempting double-free using the mruby compiler `mrbc`
https://hackerone.com/reports/193719 |  Double free of filename after codegen error
https://hackerone.com/reports/193724 |  SIGSEGV - kh_resize_iv - Null Deref
https://hackerone.com/reports/193773 |  SIGABRT - mrb_default_allocf 
https://hackerone.com/reports/194017 |  Open redirect - user interaction needed (verkkopalvelu.lahitapiola.fi/e2/..) - based on #179328
https://hackerone.com/reports/194329 |  No session logout after changing password & alsoandroid sessions not shown in sessions list so they can be deleted
https://hackerone.com/reports/194351 |  Able to download arbitrary  PHP files at yelpblog.com
https://hackerone.com/reports/194574 |  IDOR - Folder names disclosure inside a domain, regardless of user
https://hackerone.com/reports/194721 |  Verification of email addresses possible through https://www.yelp.com/signup/facebook
https://hackerone.com/reports/194761 |  OpenSSL Padding Oracle Attack (CVE-2016-2107) on viestinta.lahitapiola.fi
https://hackerone.com/reports/194790 |  IDOR - Downloading all attachements if having access to a shared link
https://hackerone.com/reports/194832 |  Authentication Bypass on monitoring server
https://hackerone.com/reports/194884 |  Heap use-after-free during range creation
https://hackerone.com/reports/194906 |  Heap overflow due to off-by-one when expanding stack
https://hackerone.com/reports/195045 |  Set Cookie Via SVG
https://hackerone.com/reports/195156 |  CSRF in all API endpoints when authenticated using HTTP Authentication
https://hackerone.com/reports/195350 |  Subdomain takeover on podcasts.slack-core.com
https://hackerone.com/reports/195580 |  Crash (DoS) when parsing a hostile TIFF
https://hackerone.com/reports/195586 |  Memory corruption when parsing a hostile PHAR archive
https://hackerone.com/reports/195688 |  NULL Pointer Dereference while unserialize php object
https://hackerone.com/reports/195842 |  Segmentation fault - mrb_gc_mark
https://hackerone.com/reports/195950 |  Use of uninitialized memory in unserialize()
https://hackerone.com/reports/196221 |  XSS in instacart.com/store/partner_recipe
https://hackerone.com/reports/196222 |  RTLO char allowed in chat
https://hackerone.com/reports/196380 |  SIGSEGV in mrb_vm_exec
https://hackerone.com/reports/196386 |  SIGSEGV - mrb_vm_exec - vm.c in line:1272
https://hackerone.com/reports/196458 |  apps.shopify.com - CSRF token leakage through Google Analytics
https://hackerone.com/reports/196498 |  Segmentation fault on program counter
https://hackerone.com/reports/196624 |  dom xss in https://www.slackatwork.com
https://hackerone.com/reports/196655 |  Disclose any user's private email through API
https://hackerone.com/reports/196846 |  Open redirect / Reflected XSS payload in root that affects all your sites (store.starbucks.* / shop.starbucks.* / teavana.com)
https://hackerone.com/reports/197443 |  XSS in topics because of bandcamp preview engine vulnerability
https://hackerone.com/reports/197693 |  SIGSEGV - mrb_vm_exec - line:1681
https://hackerone.com/reports/197694 |  SIGSEGV - mrb_obj_extend - line:413
https://hackerone.com/reports/197719 |  Still heap overflow in mrb_ary_splice
https://hackerone.com/reports/197723 |  Null pointer dereference in mrb_str_modify
https://hackerone.com/reports/197789 |  [insideok.ru] Database Dump
https://hackerone.com/reports/197902 |  Stored XSS in topics because of whitelisted_generic engine vulnerability
https://hackerone.com/reports/197914 |  Stored XSS in posts because of absence of oembed variables values escaping
https://hackerone.com/reports/197916 |  Crash in print_backtrace
https://hackerone.com/reports/198249 |  [XSS/3dsecure.qiwi.com] 3DSecure XSS
https://hackerone.com/reports/198251 |  [XSS/pay.qiwi.com] Pay SubDomain Hard-Use XSS
https://hackerone.com/reports/198452 |  SIGABRT - mrb_realloc_simple - gc.c - line:201
https://hackerone.com/reports/198622 |  Clickjacking Periscope.tv on Chrome
https://hackerone.com/reports/198723 |  Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization
https://hackerone.com/reports/198732 |  Use After Free in unserialize()
https://hackerone.com/reports/198733 |  Type Confusion in Object Deserialization
https://hackerone.com/reports/198734 |  GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability]
https://hackerone.com/reports/198969 |  IDOR - Deleting other user's reminders just by id
https://hackerone.com/reports/199281 |  IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA
https://hackerone.com/reports/199321 |  IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown)
https://hackerone.com/reports/199764 |  Aborted - proc.c - line:143
https://hackerone.com/reports/199779 |  Google Analytics could be used as CSP bypass for data exfiltration on hackerone.com
https://hackerone.com/reports/199804 |  Persistent XSS on ForecastApp
https://hackerone.com/reports/200387 |  Incorrect code generation with redo inside NODE_RESCUE.
https://hackerone.com/reports/200487 |  Incomplete HTML sanitization + Session id leaking + private information disclosure
https://hackerone.com/reports/200576 |  Logic flaw enables restricted account to access account license key
https://hackerone.com/reports/200753 |  [nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html
https://hackerone.com/reports/200818 |  SQL Injection /webApp/cancel_iltakoulu regId parameter (viestinta.lahitapiola.fi)
https://hackerone.com/reports/200821 |   heap-use-after-free /home/operac/testafl/mruby/mrubylast/mruby/src/gc.c
https://hackerone.com/reports/200826 |  [github.algolia.com] DOM Based XSS github-btn.html
https://hackerone.com/reports/200909 |  Out of bounds memory read in unserialize()
https://hackerone.com/reports/201137 |  Reflected XSS on iltakoulu_varkaus (viestinta.lahitapiola.fi)
https://hackerone.com/reports/201314 |  Enumeration in unsubscribe -function of /omatalousuk (viestinta.lahitapiola.fi)
https://hackerone.com/reports/201346 |  CVE-2017-3730: Bad (EC)DHE parameters cause a client crash
https://hackerone.com/reports/201529 |  Can upload files without authentication on AirFibre 3.2
https://hackerone.com/reports/201723 |  Single user DOS on selectedLanguage -cookie (yrityspalvelu.lahitapiola.fi)
https://hackerone.com/reports/201796 |  cloudup Subdomain Takeover That resolves to Desk.com ( CNAME cloudup.desk.com ) 
https://hackerone.com/reports/201897 |  Recursion causing uninitialized memory reads leading to a segfault
https://hackerone.com/reports/201901 |  Test Page available with Server details on /r/test (viestinta.lahitapiola.fi)
https://hackerone.com/reports/201905 |  SIGSEGV - vm.c - line:1214
https://hackerone.com/reports/201984 |  Wordpress directories/files visible to internet
https://hackerone.com/reports/202177 |  Login with Google Not Authenticated on iOS App
https://hackerone.com/reports/202354 |  Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/
https://hackerone.com/reports/202362 |  Null pointer dereference in mrb_random_initialize
https://hackerone.com/reports/202425 |  Two-factor authentication bypass on Grab Android App
https://hackerone.com/reports/202499 |  User with only Viewing Privilege can send message to Room
https://hackerone.com/reports/202501 |  Restricted user is able to delete filter sets of admin users in https://infrastructure.newrelic.com/accounts/{{ACC#}}/settings/filterSets
https://hackerone.com/reports/202582 |  Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval
https://hackerone.com/reports/202584 |  Denial of service (segfault) due to null pointer dereference in mrb_vm_exec
https://hackerone.com/reports/202767 |  Subdomain takeover at info.hacker.one
https://hackerone.com/reports/202960 |  CVE-2017-5204: The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print()
https://hackerone.com/reports/202965 |  CVE-2017-5341 The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print()
https://hackerone.com/reports/202967 |  CVE-2017-5484 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print()
https://hackerone.com/reports/202968 |  CVE-2017-5342 In tcpdump before 4.9.0 a bug in multiple protocol parsers could cause a buffer overflow in print-ether.c:ether_print()
https://hackerone.com/reports/202969 |  CVE-2017-5482 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print().
https://hackerone.com/reports/203002 |  Incorrect GC behavior in xxlimited could lead to use-after-free
https://hackerone.com/reports/203042 |  Find whether a video has been favourited or not, for any user [via YouPorn Mobile API]
https://hackerone.com/reports/203513 |  SIGSEGV - mrb_vm_exec - line:1312
https://hackerone.com/reports/203515 |  Wordpress 4.7.2 - Two XSS in Media Upload when file too large.
https://hackerone.com/reports/203595 |  forgot to add the patch
https://hackerone.com/reports/203673 |  AirFibre products vulnerable to HTTP Header injection
https://hackerone.com/reports/203726 |  Open Redirect in <customer>.greenhouse.io
https://hackerone.com/reports/204047 |  Segmentation fault while printing backtrace
https://hackerone.com/reports/204208 |  High server resource usage on captcha (viestinta.lahitapiola.fi)
https://hackerone.com/reports/204421 |  Heap buffer oveflow with many arguments
https://hackerone.com/reports/204513 |  Infrastructure - Photon - SSRF
https://hackerone.com/reports/204628 |  segafult in mruby's sprintf - mrb_str_format
https://hackerone.com/reports/204774 |  A crash when an exception is caught in a caller and the receiver returned from `ensure`
https://hackerone.com/reports/204802 |  pam-ussh may be tricked into using another logged in user's ssh-agent
https://hackerone.com/reports/204984 |  IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs
https://hackerone.com/reports/205000 |  Authorization bypass using login by phone option+horizontal escalation possible on Grab Android App
https://hackerone.com/reports/205284 |  SIGABRT - method_missing - mark_context_stack
https://hackerone.com/reports/205481 |  Wordpress unzip_file path traversal
https://hackerone.com/reports/205884 |  Interger overflow in str_substr leading to read/write out of bound memory
https://hackerone.com/reports/205953 |  CSRF - Adding unlimited number of saved items via GET request
https://hackerone.com/reports/206109 |  mruby heap use-after-free 
https://hackerone.com/reports/206227 |  Remote Code Execution on Git.imgur-dev.com 
https://hackerone.com/reports/206319 |  Persistent CSRF in /GiftCert-AddToBasket prevents purchases on eCommerce sites
https://hackerone.com/reports/206650 |  Broken Authentication - Security token gets captured via man in the middle attack
https://hackerone.com/reports/206653 |  Captcha bypass for the most important function - At en.instagram-brand.com
https://hackerone.com/reports/206894 |  SSRF at iris.lystit.com
https://hackerone.com/reports/207042 |  Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP
https://hackerone.com/reports/207053 |  Writable RubyCi Amazon s3 bucket
https://hackerone.com/reports/207266 |  Information leakage via CSV when content is valid JavaScript
https://hackerone.com/reports/207321 |  Controlled address leak due to type confusion - ASLR bypass
https://hackerone.com/reports/207576 |  Subdomain takeover on s3.shopify.com
https://hackerone.com/reports/207710 |  Heap use-after-free in mrb_vm_exec 
https://hackerone.com/reports/207983 |  read outside of buffer (heap buffer overflow) in S_regmatch - regexec.c:6057
https://hackerone.com/reports/208237 |  Brute force unsubscription on /webApp/unsub_sb (viestinta.lahitapiola.fi)
https://hackerone.com/reports/208363 |  Memory corrouption in mrb_gc_mark
https://hackerone.com/reports/208480 |  Site configured improperly at subdomain of lyst.co.uk
https://hackerone.com/reports/208526 |  Null pointer dereference in mark_context_stack
https://hackerone.com/reports/208622 |  Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter.
https://hackerone.com/reports/208719 |  Subdomain Takeover at Landing.udemy.com 
https://hackerone.com/reports/208734 |  CSRF @ configuration 
https://hackerone.com/reports/209004 |  Subdomain takeover #2  at info.hacker.one
https://hackerone.com/reports/209008 |  Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com
https://hackerone.com/reports/209223 |  Open S3 Bucket WriteAble To Any Aws User
https://hackerone.com/reports/209251 |  public report - Reproducible - Writable RubyCi Amazon s3 bucket[207053]
https://hackerone.com/reports/209352 |  Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand
https://hackerone.com/reports/209368 |  [wallet.rapida.ru] Mass SMS flood
https://hackerone.com/reports/209398 |  HTML Injection in email from http://www.lahitapiola.fi/henkilo/sivut/tonttutesti
https://hackerone.com/reports/209449 |  Heap buffer overflow with long array assignment
https://hackerone.com/reports/209736 |  DOM XSS on teavana.com via "pr_zip_location" parameter
https://hackerone.com/reports/209765 |  Heap buffer overflow in mruby value_move
https://hackerone.com/reports/209917 |  javascript: and mailto: links are allowed in JIRA integration settings
https://hackerone.com/reports/209937 |  SIGSEGV - mark_context_stack
https://hackerone.com/reports/209949 |  Arbitrary heap exposure in JSON.generate
https://hackerone.com/reports/210190 |  Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers
https://hackerone.com/reports/210331 |  SSLv3 POODLE Vulnerability
https://hackerone.com/reports/210354 |  RTLO character in file names
https://hackerone.com/reports/210429 |  mrb_vm_exec - null ptr dereference
https://hackerone.com/reports/210572 |  Full path Disclosure in Rockstargames.comâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ 
https://hackerone.com/reports/210779 |  [Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable
https://hackerone.com/reports/210875 |  use of unsafe host header leads to open redirect
https://hackerone.com/reports/210908 |  XSS on 3rd party service Localtapiola is using
https://hackerone.com/reports/211149 |  Inadequate/dangerous jQuery behavior
https://hackerone.com/reports/211418 |  Source Code Disclosure (CGI)
https://hackerone.com/reports/211477 |  Stealing users' facebook access tokens - kitcrm.com
https://hackerone.com/reports/212067 |  An â€œalgobotâ€-s GitHub access token was leaked
https://hackerone.com/reports/212074 |  SIGSEGV - mrb_yield_with_class
https://hackerone.com/reports/212107 |  Null pointer dereference in mrb_class
https://hackerone.com/reports/212239 |  sprintf gem - format string combined attack
https://hackerone.com/reports/212241 |  sprintf combined format string attack
https://hackerone.com/reports/212456 |  SIGSEGV - kh_get_n2s - in /src/symbol.c:37
https://hackerone.com/reports/212508 |  Single User DOS on SelectedLocale -cookie (verkkopalvelu.tapiola.fi)
https://hackerone.com/reports/212696 |  RCE by command line argument injection to `gm convert` in `/edit/process?a=crop`
https://hackerone.com/reports/212721 |  IE 11 Self-XSS on Jira Integration Preview Base Link
https://hackerone.com/reports/212882 |  SIGABRT in only mirb
https://hackerone.com/reports/213255 |  SIGSEGV in str_buf_cat
https://hackerone.com/reports/213261 |  Use-after-free leading to an invalid pointer dereference
https://hackerone.com/reports/213418 |  User able to access company details in yrityspalvelu without proper permissions
https://hackerone.com/reports/213437 |  Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516 Invalid Curve attack
https://hackerone.com/reports/213558 |  Arbitrary Local-File Read from Admin - Restore From Backup due to Symlinks
https://hackerone.com/reports/213779 |  SIGSEGV - mrb_obj_value
https://hackerone.com/reports/213942 |  Differential "Show Raw File" feature exposes generated files to unauthorised users
https://hackerone.com/reports/214000 |  SIGABRT - mirb and mruby
https://hackerone.com/reports/214001 |  File access controls incorrectly enforced for files shared via QuickLink - Unshared files can be accessed
https://hackerone.com/reports/214022 |  Admin Command Injection via username in user_archive ExportCsvFile
https://hackerone.com/reports/214044 |  Stored XSS in [shop].myshopify.com/admin/orders/[id]
https://hackerone.com/reports/214087 |  Clickjacking Vulnerability found on Yelp
https://hackerone.com/reports/214571 |  Login form on non-HTTPS page
https://hackerone.com/reports/214576 |  SIGABRT - mirb - Double Free
https://hackerone.com/reports/214581 |  Stored passive XSS at scheduled posts (kitcrm.com)
https://hackerone.com/reports/214681 |  Null pointer dereference in ary_concat 
https://hackerone.com/reports/214845 |  SIGSEGV in mrb_vm_exec
https://hackerone.com/reports/215044 |  [iOS] URL can be replaceState by blob URL in iOS Brave
https://hackerone.com/reports/215381 |  CSRF on Periscope Web OAuth authorization endpoint 
https://hackerone.com/reports/215447 |  SIGSEGV in mrb_class
https://hackerone.com/reports/215625 |  A HackerOne employee's GitHub personal access token exposed in Travis CI build logs
https://hackerone.com/reports/215854 |  Garbage collector crash
https://hackerone.com/reports/215891 |  Null pointer dereference in mrb_class
https://hackerone.com/reports/215967 |  SIGABRT in mrb_debug_info_append_file
https://hackerone.com/reports/216151 |  Use-after-free in _asyncio_Future_remove_done_callback
https://hackerone.com/reports/216615 |  Crash in ary_concat() 
https://hackerone.com/reports/216700 |  heap use-after-free in mrb_vm_exec()
https://hackerone.com/reports/216725 |  SIGABRT - in free
https://hackerone.com/reports/216746 |  Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks.
https://hackerone.com/reports/216812 |  Reflected XSS in error pages (NC-SA-2017-008)
https://hackerone.com/reports/216840 |  OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
https://hackerone.com/reports/217007 |  Stored XSS in e.mail.ru (payload affect multiple users)
https://hackerone.com/reports/217083 |  SIGSEGV in mrb_str_inum
https://hackerone.com/reports/217097 |  SIGSEGV in mrb_vm_exec
https://hackerone.com/reports/217358 |  Subdomain takeover #3 at info.hacker.one
https://hackerone.com/reports/217555 |  Possible to unsubscribe from activities using CSRF @ mijn.werkenbijdefensie.nl
https://hackerone.com/reports/217558 |  Possible to view and takeover other user's education and courses @ mijn.werkenbijdefensie.nl
https://hackerone.com/reports/217610 |  kh_put_iv SEGFAULT - mruby 1.2.0
https://hackerone.com/reports/217745 |  XSS in $shop$.myshopify.com/admin/ via "Button Objects" in malicious app
https://hackerone.com/reports/217790 |  XSS in $shop$.myshopify.com/admin/ via twine template injection in "Shopify.API.Modal.input" method when using a malicious app
https://hackerone.com/reports/218088 |  Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier
https://hackerone.com/reports/218226 |  Stored XSS in comments on https://www.starbucks.co.uk/blog/*
https://hackerone.com/reports/218233 |  Null pointer dereference in OP_ENTER
https://hackerone.com/reports/218287 |  In App purchase Hack 
https://hackerone.com/reports/218451 |  [Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME 
https://hackerone.com/reports/218465 |  [staging-engineering.gnip.com] Publicly accessible GIT directory
https://hackerone.com/reports/218567 |  SIGSEGV in array_copy - array.c:71
https://hackerone.com/reports/218570 |  Invalid pointer dereference in OP_ENTER
https://hackerone.com/reports/218680 |  [buy.coinbase.com]Content Injection
https://hackerone.com/reports/218803 |  SIGABRT in sym_validate_len - symbol.c:44
https://hackerone.com/reports/219170 |  XSS
https://hackerone.com/reports/219192 |  Resend invitation to members by Read only user(Privilege Escalation)
https://hackerone.com/reports/219197 |  [â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ.gnip.com] .htpasswd disclosure
https://hackerone.com/reports/219205 |  Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com
https://hackerone.com/reports/219215 |  Client can redirect payment, causing payment discrepancy between Harvest and PayPal
https://hackerone.com/reports/219607 |  Dovecot authentication is vulnerable to timing attacks.
https://hackerone.com/reports/219821 |  XSS
https://hackerone.com/reports/219870 |  mirb only: stack-buffer-overflow (OOB write) in main()
https://hackerone.com/reports/220002 |  Subdomain takeover #4 at info.hacker.one
https://hackerone.com/reports/220009 |  Lack of input sanitization in Marketo form leads to execution of HTML in lead emails
https://hackerone.com/reports/220385 |  Delete All Data of Any User
https://hackerone.com/reports/220494 |  [GitHub Extension] Unsanitised HTML leading to XSS on GitHub.com
https://hackerone.com/reports/220615 |  Expired SSL certificate
https://hackerone.com/reports/220737 |  Tabnabbing via Window.Opener @Mavenlink
https://hackerone.com/reports/220864 |  Unauthorized access to attachments details of Private Calendar appointments  (Access control issue)
https://hackerone.com/reports/220874 |  Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation)
https://hackerone.com/reports/220903 |  Authenticated Cross-site Scripting in Template Name
https://hackerone.com/reports/221251 |  heap-buffer-overflow (read outside of buffer) in mrb_vm_exec()
https://hackerone.com/reports/221328 |  HTTP 401 response injection on "amp.twimg.com/amplify-web-player/prod/source.html" through "image_src" parameter
https://hackerone.com/reports/221558 |  Private Grab Messages on Android App can be accessed and cached by Search Engines
https://hackerone.com/reports/221785 |  OOB write in MDC2_Update() (CVE-2016-6303)
https://hackerone.com/reports/221787 |  Malformed SHA512 ticket DoS (CVE-2016-6302)
https://hackerone.com/reports/221788 |  OOB write in BN_bn2dec() (CVE-2016-2182)
https://hackerone.com/reports/221789 |  OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
https://hackerone.com/reports/221790 |  Certificate message OOB reads (CVE-2016-6306)
https://hackerone.com/reports/221791 |  Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
https://hackerone.com/reports/221792 |  Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
https://hackerone.com/reports/221893 |  XSS in the search bar of mercantile.wordpress.org
https://hackerone.com/reports/222020 |  Mercurial can be tricked into granting authorized users access to the Python debugger
https://hackerone.com/reports/222040 |  Reflected XSS at https://da.wordpress.org/themes/?s= via "s=" parameter 
https://hackerone.com/reports/222224 |  Stored but [SELF] XSS in mercantile.wordpress.org
https://hackerone.com/reports/222252 |  Ğ”ÑƒĞ±Ğ»Ğ¸ĞºĞ°Ñ‚: https://hackerone.com/reports/219171 (Ğ´Ğ¾ÑÑ‚ÑƒĞ¿ Ğº Ğ°ĞºĞºĞ°ÑƒĞ½Ñ‚Ñƒ, Ñ‡ĞµÑ€ĞµĞ· ÑĞ±Ñ€Ğ¾Ñ Ğ¿Ğ°Ñ€Ğ¾Ğ»Ñ)
https://hackerone.com/reports/222294 |  heap-use-after-free in mrb_vm_exec - vm.c:1247
https://hackerone.com/reports/222692 |  plugins.trac.wordpress.org likely vulnerable to Cross Site Tracing (xst), TRACE HTTP method should be disabled
https://hackerone.com/reports/222870 |  IRC-Bot exposes information
https://hackerone.com/reports/223203 |  SVG Server Side Request Forgery (SSRF)
https://hackerone.com/reports/223363 |  Escape sequence injection vulnerability in WEBrick BasicAuth
https://hackerone.com/reports/223625 |  Subdomain Takeover (and Stored XSS) via Trailing Dot at https://coding-exercises.udemy.com
https://hackerone.com/reports/223906 |  Dropbox Paper - Markdown XSS
https://hackerone.com/reports/225243 |  phone number exposure for riders/drivers given email/uuid
https://hackerone.com/reports/225831 |  Extract Billing admin email address using random team id
https://hackerone.com/reports/225897 |  Throttling Bypass - ws1.dashlane.com
https://hackerone.com/reports/226191 |  Android MailRu Email: Thirdparty can access private data files with small user interaction
https://hackerone.com/reports/226199 |  Changing Victim's JIRA Integration Settings Through Multiple Bugs
https://hackerone.com/reports/226200 |  OP_SCALL in LHS of a OP_ASGN resulting in arbitrary memory write
https://hackerone.com/reports/226203 |  Cross-site-Scripting
https://hackerone.com/reports/226335 |  Escape sequence injection in "summary" field
https://hackerone.com/reports/226418 |  HackerOne reports escalation to JIRA is CSRF vulnerable
https://hackerone.com/reports/226428 |  Reflected XSS in <any>.myshopify.com through theme preview
https://hackerone.com/reports/226783 |  HTML Injection on airlink.ubnt.com
https://hackerone.com/reports/226960 |  [platform.harvestapp.com] Reflected XSS in Error Message via URL parameters
https://hackerone.com/reports/227181 |  Xss Ğ² https://e.mail.ru/
https://hackerone.com/reports/227486 |  XSS on https://www.starbucks.co.uk (can lead to credit card theft) (/shop/paymentmethod)
https://hackerone.com/reports/227522 |  IDOR in editing courses
https://hackerone.com/reports/227663 |  [https://www.dashlane.com] Test Panel Disclosure
https://hackerone.com/reports/227762 |  Heap Overflow in fiber_switch triggered from Fiber.transfer
https://hackerone.com/reports/227809 |  XSS at in instacart.com/store/partner_recipe
https://hackerone.com/reports/227833 |  Reverse Tab-nabbing at www.instacart.com/store/partner_recipe?recipe_url=
https://hackerone.com/reports/228006 |  Cross-site Scripting (XSS) on [maximum.nl] 
https://hackerone.com/reports/228112 |  Directory Disclose,Email Disclose Zendmail vulnerability
https://hackerone.com/reports/228377 |  SSRF in upload IMG through URL
https://hackerone.com/reports/228399 |  Any authenticated user can download full list of users, including email
https://hackerone.com/reports/228531 |  Xss Ğ² https://e.mail.ru/
https://hackerone.com/reports/228648 |  WannaCrypt â€œKillswitchâ€
https://hackerone.com/reports/229498 |  Host header injection/redirection via newsletter signup
https://hackerone.com/reports/229619 |  Ability to verify any email address you don't own - accounts.shopify.com
https://hackerone.com/reports/229622 |  Directory traversal at https://nightly.ubnt.com
https://hackerone.com/reports/230232 |  Stored self-XSS in mercantile.wordpress.org checkout
https://hackerone.com/reports/230234 |  [mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection
https://hackerone.com/reports/230435 |  DOM Based XSS In mercantile.wordpress.org
https://hackerone.com/reports/231053 |  XSS on any Shopify shop via abuse of the HTML5 structured clone algorithm in postMessage listener on "/:id/digital_wallets/dialog"
https://hackerone.com/reports/231917 |  Shared file link - password protection bypass under certain conditions
https://hackerone.com/reports/232150 |  heap-buffer-overflow (READ of size 11) in Perl 5.25.x
https://hackerone.com/reports/232174 |  XSS on $shop$.myshopify.com/admin/ and partners.shopify.com via whitelist bypass in SVG icon for sales channel applications
https://hackerone.com/reports/232347 |  [FG-VD-17-063] NextCloud Insufficient Attack Protection Vulnerability Notification
https://hackerone.com/reports/232432 |  Universal Cross-Site Scripting in Keybase Chrome extension
https://hackerone.com/reports/232463 |  Possible sweet32 lahitapiola.fi
https://hackerone.com/reports/232653 |  CSRF. Ğ£Ğ´Ğ°Ğ»ĞµĞ½Ğ¸Ğµ Ğ°Ğ´Ñ€ĞµÑĞ½Ğ¾Ğ¹ ĞºĞ½Ğ¸Ğ³Ğ¸, Ğ´Ğ¾Ğ±Ğ°Ğ²Ğ»ĞµĞ½Ğ¸Ğµ ĞºĞ¾Ğ½Ñ‚Ğ°ĞºÑ‚Ğ¾Ğ²
https://hackerone.com/reports/233099 |  CSRF in Report Lost or Stolen Page https://www.starbucks.com/account/card
https://hackerone.com/reports/233440 |  heap-buffer-overflow (READ of size 61) in Perl_re_intuit_start()
https://hackerone.com/reports/235200 |  Cross-origin resource sharing misconfig | steal user information 
https://hackerone.com/reports/235866 |  Cross-site Scripting (XSS) in /updates-pro/archive/
https://hackerone.com/reports/236552 |  Unauthenticated RCE in Vaultpress
https://hackerone.com/reports/237184 |  Session fixation in password protected public download.
https://hackerone.com/reports/237357 |  CRLF Injection at vpn.bitstrips.com
https://hackerone.com/reports/237381 |  SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing
https://hackerone.com/reports/237915 |  PHP mbstring / Oniguruma multiple remote heap/stack corruptions
https://hackerone.com/reports/238260 |  Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication
https://hackerone.com/reports/239359 |  Timing attack woocommerce, simplify commerce gateway
https://hackerone.com/reports/239503 |  Open Redirect & Information Disclosure [mijn.werkenbijdefensie.nl]
https://hackerone.com/reports/240083 |  Updating payout preference to CurrencyCloud doesn't notify user via email
https://hackerone.com/reports/240821 |  Ability To Takeover any account by Emaill.
https://hackerone.com/reports/240886 |  Multiple File Manipulation bugs in WP Super Cache 
https://hackerone.com/reports/241008 |  Stored XSS in *.myshopify.com
https://hackerone.com/reports/241202 |  Unsafe arithmetic in PyString_DecodeEscape
https://hackerone.com/reports/241323 |  woocommerce - prevent_caching() bug / bypass
https://hackerone.com/reports/241610 |  ap_find_token() Buffer Overread
https://hackerone.com/reports/241619 |  DOM-based XSS in store.starbucks.co.uk on IE 11
https://hackerone.com/reports/242314 |  Open redirect on https://werkenbijdefensie.nl/
https://hackerone.com/reports/242354 |  Null pointer dereference with send/method_missing
https://hackerone.com/reports/242727 |  Android content provider exposes password-protected share password hashes
https://hackerone.com/reports/242765 |  Any user with invite capabilities can take-over any account on Discourse
https://hackerone.com/reports/243058 |  XSS bypass Script execute,Read any file,execute any javascript code--UXSS
https://hackerone.com/reports/243094 |  Paragonie Airship Admin CSRF on Extensions Pages
https://hackerone.com/reports/243156 |  Installing a crafted gem package may create or overwrite files
https://hackerone.com/reports/243943 |  IDOR [partners.shopify.com] - User with ONLY Manage apps permission is able to get shops info and staff names from inside the shop
https://hackerone.com/reports/244504 |  Possible SOP bypass in www.starbucks.com due to insecure crossdomain.xml
https://hackerone.com/reports/244904 |  Use after free in mruby-mpdecimal
https://hackerone.com/reports/245172 |  Double Stored Cross-Site scripting in the admin panel
https://hackerone.com/reports/245228 |  Object Injection in Woocommerce / Handle PDT Responses from PayPal
https://hackerone.com/reports/245296 |  Persistent XSS on keybase.io via "payload" field in `/user/sigchain_signature.toffee` template
https://hackerone.com/reports/245833 |  The user, who was deleted from Github Organization, still can access all functions of federalist, in case he didn't do logout
https://hackerone.com/reports/245872 |  [IDOR] The authenticated user can restart website build or view build logs on any another Federalist account
https://hackerone.com/reports/245956 |  Use-after-free in PHP7's unserialize()
https://hackerone.com/reports/246794 |  XSS on "widgets.shopifyapps.com" via "stripping" attribute and "shop" parameter
https://hackerone.com/reports/246801 |  Captcha Bypass in Coinbase SignUp Form
https://hackerone.com/reports/246803 |  [spectacles.com] Bypassing quantity limit in orders
https://hackerone.com/reports/246897 |  Open Redirect
https://hackerone.com/reports/247246 |  Dom based xss affecting all pages from https://www.grab.com/.
https://hackerone.com/reports/247628 |  Reading redacted data via hackbot's answers
https://hackerone.com/reports/247680 |  SSRF in imgur video GIF conversion
https://hackerone.com/reports/248560 |  [parcel.grab.com] DOM XSS at /assets/bower_components/lodash/perf/
https://hackerone.com/reports/248599 |  Information disclosure same issue #176002
https://hackerone.com/reports/248601 |  PHP INI Parsing Stack Buffer Overflow Vulnerability
https://hackerone.com/reports/248609 |  PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy)
https://hackerone.com/reports/248659 |  PHP WDDX Deserialization Heap OOB Read in timelib_meridian()
https://hackerone.com/reports/248668 |  XXE on sms-be-vip.twitter.com in SXMP Processor
https://hackerone.com/reports/248693 |  Git repository found
https://hackerone.com/reports/249131 |  Ability to create own account UUID leads to stored XSS
https://hackerone.com/reports/249234 |  Posting to Twitter CSRF on php/post_twitter_authenticate.php
https://hackerone.com/reports/249319 |  Race condition on the Federalist API endpoints can lead to the Denial of Service attack
https://hackerone.com/reports/249798 |  Intercom chat session information persists after logout
https://hackerone.com/reports/250386 |  CSRF ĞŸÑ€Ğ¾Ğ²ĞµÑ€Ğ¸Ñ‚ÑŒ ÑĞ²Ğ»ÑĞµÑ‚ÑÑ Ğ»Ğ¸ Ğ¿Ğ¾Ğ»ÑŒĞ·Ğ¾Ğ²Ğ°Ñ‚ĞµĞ»ÑŒ Ğ°Ğ´Ğ¼Ğ¸Ğ½Ğ¾Ğ¼ Ğ³Ñ€ÑƒĞ¿Ğ¿Ñ‹.
https://hackerone.com/reports/250688 |  The Federalsit session cookie (federalist.sid) is not properly invalidated - backdoor access to the account is possible
https://hackerone.com/reports/250729 |  Content Security Policy not applied to error pages at multiple HackerOne endpoints
https://hackerone.com/reports/250837 |  Stored xss via template injection
https://hackerone.com/reports/251224 |  Blind stored xss [parcel.grab.com] > name parameter 
https://hackerone.com/reports/251572 |  Length extension attack leading to HTML injection
https://hackerone.com/reports/251918 |  Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg]
https://hackerone.com/reports/252580 |  Scrollbar Width permits detecting browser platform
https://hackerone.com/reports/252908 |  Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)
https://hackerone.com/reports/253313 |  XSS Vulnerability in WooCommerce Product Vendors plugin
https://hackerone.com/reports/253429 |  Linux TBB SFTP URI allows local IP disclosure
https://hackerone.com/reports/253934 |  Password reset token issue
https://hackerone.com/reports/254269 |  Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability.
https://hackerone.com/reports/254285 |  Gain access to random information via group chat "about" property
https://hackerone.com/reports/254588 |  Removed staff members who had "Manage shops" permission can still create development stores
https://hackerone.com/reports/255021 |  Profile shows incorrect account creation date
https://hackerone.com/reports/255100 |  No error or notification on Reset password page
https://hackerone.com/reports/255474 |  Profile fields validation bypass
https://hackerone.com/reports/255651 |  Unauthorized update of merchants' information via /php/merchant_details.php
https://hackerone.com/reports/255668 |  Weak Password
https://hackerone.com/reports/255685 |  [New Relic Infrastructure] Restricted User can still integrate with AWS via forced browsing (plus, a few other bugs)
https://hackerone.com/reports/255978 |  Non-Cloudflare IPs allowed to access origin servers
https://hackerone.com/reports/255991 |  URL Spoof / Brave Shield Bypass
https://hackerone.com/reports/256647 |  Simple CSS line-height identifies platform
https://hackerone.com/reports/257305 |  [www.boozt.com] - Authentication bypass
https://hackerone.com/reports/257335 |  ssh: unprivileged users may hijack due to backdated ssh version open port found(â–ˆâ–ˆâ–ˆ.unikrn.com)
https://hackerone.com/reports/257942 |  languagechange event fires simultaneously on all tabs
https://hackerone.com/reports/258084 |  Access to all files of remote user through shared file
https://hackerone.com/reports/258198 |  The Custom Emoji Page has a Reflected XSS
https://hackerone.com/reports/258201 |  Overwrite Drafts of Everyone 
https://hackerone.com/reports/258237 |  [et.mail.ru] ssrf 2
https://hackerone.com/reports/258260 |  Accessing Private Files Shared in message of other users
https://hackerone.com/reports/258318 |  filin.mail.ru user's e-mail address disclosure
https://hackerone.com/reports/258460 |  [Quora Android] Possible to steal arbitrary files from mobile device
https://hackerone.com/reports/258578 |  application/x-brave-tab should not be readable.
https://hackerone.com/reports/258585 |  OS username disclosure
https://hackerone.com/reports/258710 |  Download attribute allows downloading local files
https://hackerone.com/reports/258876 |  XSS when clicking "Share to Twitter" at quora.com/widgets/embed_iframe?path=...
https://hackerone.com/reports/259100 |  XSS through `__e2e_action_id` delivered by JSONP
https://hackerone.com/reports/259390 |  Use-after-free in XML::LibXML::Node::replaceChild
https://hackerone.com/reports/259400 |  Issues with Forgot password Error Handling 
https://hackerone.com/reports/259415 |  Lengthy manual entry of 2FA secret
https://hackerone.com/reports/259416 |  Incorrect email content when disabling 2FA
https://hackerone.com/reports/259742 |  Incorrect error message
https://hackerone.com/reports/260005 |  RCE via ssh:// URIs in multiple VCS 
https://hackerone.com/reports/260278 |  TabNabbing issue (due to taget=_blank)
https://hackerone.com/reports/260420 |  [dev-nightly.ubnt.com] Local File Reading
https://hackerone.com/reports/260632 |  Improper validation of parameters while creating issues
https://hackerone.com/reports/260662 |  No length limit in invite_code can cause server degradation
https://hackerone.com/reports/260697 |  CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception)
https://hackerone.com/reports/260744 |  [dev.twitter.com] XSS and Open Redirect
https://hackerone.com/reports/260755 |  https://secure.gravatar.com
https://hackerone.com/reports/260938 |  Homograph IDNs displayed in Description
https://hackerone.com/reports/261221 |  Participation of expired account holders in Projects can occure financial loss to Mavenlink 
https://hackerone.com/reports/261335 |  Heap Use After Free Read in unserialize()
https://hackerone.com/reports/261336 |  Out of Bounds Memory Read in unserialize()
https://hackerone.com/reports/261338 |  Heap Use After Free in unserialize()
https://hackerone.com/reports/261592 |  Open Redirection Found in users.whisper.sh
https://hackerone.com/reports/261734 |  Ğ˜Ğ½Ğ´ĞµĞºÑĞ°Ñ†Ğ¸Ñ Ğ¿Ğ¾Ñ‡Ñ‚Ñ‹/Ğ»Ğ¾Ğ³Ğ¸Ğ½Ğ¾Ğ² Ğ¿Ğ¾Ğ»ÑŒĞ·Ğ¾Ğ²Ğ°Ñ‚ĞµĞ»ĞµĞ¹
https://hackerone.com/reports/262004 |  HTML injection in email in unikrn.com
https://hackerone.com/reports/262230 |  Tinymce 2.4.0
https://hackerone.com/reports/262649 |  Information disclosure (system username) in the x-amz-meta-s3cmd-attrs response header on federation.data.gov
https://hackerone.com/reports/262830 |  Rate-limit protection get executed in the last stage of the registration process, allowing enumeration of existing account.
https://hackerone.com/reports/263010 |  Improper validation at Phone verification (possible cost increase + SMS SPAM attack)
https://hackerone.com/reports/263109 |  Buddypress 2.9.1 - Exceeding the maximum upload size  - XSS leading to potential RCE. 
https://hackerone.com/reports/263226 |  HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute
https://hackerone.com/reports/263684 |  [qiwi.com] XSS on payment form
https://hackerone.com/reports/263760 |  Opportunity to obtain private tweets through search widget preview caches
https://hackerone.com/reports/263876 |  Stored XSS Deleting Menu Links in the Shopify Admin
https://hackerone.com/reports/264177 |  XSS when replying / forwarding to a malicious email on iOS
https://hackerone.com/reports/264494 |  Subdomain Takeover at creatorforum.roblox.com
https://hackerone.com/reports/264832 |  xss filter bypass [polldaddy]
https://hackerone.com/reports/265050 |  Blind SSRF in emblem editor (2)
https://hackerone.com/reports/265528 |  Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers)
https://hackerone.com/reports/265740 |  [Cross Domain Referrer Leakage] Password Reset Token Leaking to Third party Sites.
https://hackerone.com/reports/265775 |  Password reset token issue
https://hackerone.com/reports/267177 |  stored xss in invited team member via email parameter
https://hackerone.com/reports/267570 |  Stored XSS through Facebook Page Connection
https://hackerone.com/reports/267636 |  [NR Synthetics] (IDOR) Ability to see full name associated with other New Relic accounts through workaround of #255894
https://hackerone.com/reports/267783 |  Stored XSS and html injection in biz.mail.ru
https://hackerone.com/reports/268228 |  A manager of a determinate group of users still might have access to any user account from any group that he doesn't administrate anymore.
https://hackerone.com/reports/268245 |  XSS in biz.mail.ru/error
https://hackerone.com/reports/268382 |  Nginx misconfiguration leading to direct PHP source code download
https://hackerone.com/reports/268541 |  [Synthetics/Infrastructure/everything] Individual account permissions are not properly managed and inherited on sub accounts 
https://hackerone.com/reports/268803 |  CVE-2017-12985: The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ip6_print()
https://hackerone.com/reports/268804 |  CVE-2017-12986 The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
https://hackerone.com/reports/268805 |  CVE-2017-13008 The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
https://hackerone.com/reports/268806 |  CVE-2017-13009 The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().
https://hackerone.com/reports/268807 |  CVE-2017-13010 The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
https://hackerone.com/reports/268808 |  CVE-2017-13038 The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
https://hackerone.com/reports/268888 |  Sensitive Information Disclosure https://cards-dev.twitter.com
https://hackerone.com/reports/268984 |  Homograph Attack Bypass [ Tested on Linux & Windows ]
https://hackerone.com/reports/269230 |  Emails of invited collaborators are disclosed in full in payload for report participants
https://hackerone.com/reports/269279 |  SQL injection in partner id field on https://www.teavana.com (Sign-up form)
https://hackerone.com/reports/269349 |  XSS on https://account.mail.ru/login via postMessage
https://hackerone.com/reports/269458 |  XSS Ğ² Ğ¿Ğ¸ÑÑŒĞ¼Ğµ, Ğ² Ñ‚ĞµĞ»Ğµ Ğ¿Ğ¸ÑÑŒĞ¼Ğ°.
https://hackerone.com/reports/269568 |  Optionsbleed / CVE-2017-9798
https://hackerone.com/reports/270060 |  Reflected Swf XSS In ( plugins.svn.wordpress.org )
https://hackerone.com/reports/270072 |  Unpacker improperly validates symlinks, allowing gems writes to arbitrary locations
https://hackerone.com/reports/270993 |  resolved bugs in a program are public despite the program settings
https://hackerone.com/reports/271007 |  [app.simplenote.com] Stored XSS via Markdown SVG filter bypass
https://hackerone.com/reports/271176 |  Bypassing one-time checkout router page (revealing payment information)
https://hackerone.com/reports/271324 |  Homograph fix Bypass 
https://hackerone.com/reports/271330 |  Format string implementation vulnerability, resulting in code execution
https://hackerone.com/reports/271506 |  Banned researcher gets email updates on a private program.
https://hackerone.com/reports/271533 |  Bruteforcing password reset tokens, could lead to account takeover
https://hackerone.com/reports/271765 |  Stored XSS in partners dashboard
https://hackerone.com/reports/272095 |  SSRF/XSPA in labs.data.gov/dashboard/validate
https://hackerone.com/reports/272497 |  Perl $ENV Key Stack Buffer Overflow
https://hackerone.com/reports/272588 |  CSRF in Raffles Ticket Purchasing
https://hackerone.com/reports/272839 |  Weak Session ID Implementation - No Session change on Password change
https://hackerone.com/reports/273099 |  User with removed manage shops permissions is still able to make changes to a shop 
https://hackerone.com/reports/273557 |  ability to install paid themes for free
https://hackerone.com/reports/273805 |  Improper access control lead  To delete anyone comment
https://hackerone.com/reports/273946 |  www.drivegrab.com SQL injection
https://hackerone.com/reports/273998 |  CSRF token does not valided during blog comment
https://hackerone.com/reports/274541 |  Invited user to a Author profile can remove the owner of that Author
https://hackerone.com/reports/274844 |  Stored XSS when you read eamils. <style>
https://hackerone.com/reports/274868 |  Xss on community.imgur.com
https://hackerone.com/reports/274990 |  Remote code execution on rubygems.org
https://hackerone.com/reports/275186 |  Get all instacart emails - missing rate limit on /accounts/register
https://hackerone.com/reports/275269 |  Gem signature forgery
https://hackerone.com/reports/275386 |  Stored XSS Using Media
https://hackerone.com/reports/275515 |  Stored XSS in dev-ucrm-billing-demo.ubnt.com In Client Custom Attribute 
https://hackerone.com/reports/275518 |  Blind XSS in Mobpub Marketplace Admin Production | Sentry via demand.mopub.com (User-Agent)
https://hackerone.com/reports/275714 |  Subdomain takeover on developer.openapi.starbucks.com
https://hackerone.com/reports/277163 |  XSS Ğ² Ñ‚ĞµĞ»Ğµ Ğ¿Ğ¸ÑÑŒĞ¼Ğ°, Ğ² Ğ±Ğ»Ğ¾Ñ‡Ğ½Ñ‹Ñ… ÑÑ‚Ğ¸Ğ»ÑÑ….
https://hackerone.com/reports/277502 |  [BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint
https://hackerone.com/reports/277525 |  Formula injection via CSV exports in WordCamp Talks plugin
https://hackerone.com/reports/277534 |  Timing Attack in Google Authenticator - Per User Prompt
https://hackerone.com/reports/278095 |  Invalid Host detection at https://hackerone.com/redirect
https://hackerone.com/reports/278191 |  Listing of Amazon S3 Bucket accessible to any amazon authenticated user (metrics.pscp.tv)
https://hackerone.com/reports/279932 |  Users Unable to login using Gmail/Facebook on https://boozt-stage1.booztx.com/login
https://hackerone.com/reports/280748 |  High server resource usage on captcha (viestinta.lahitapiola.fi)
https://hackerone.com/reports/280912 |  apache access.log leakage via long request on https://rapida.ru/
https://hackerone.com/reports/282176 |  Unauthenticated hidden groups disclosure via Ajax groups search
https://hackerone.com/reports/282748 |  Detecting Tor Browser UI Language
https://hackerone.com/reports/283058 |  [IRCCloud Android] Opening arbitrary URLs/XSS in SAMLAuthActivity
https://hackerone.com/reports/283063 |  [IRCCloud Android] XSS in ImageViewerActivity
https://hackerone.com/reports/283460 |  Open Redirect Protection Bypass
https://hackerone.com/reports/283644 |  Out-Of-Bounds Read in timelib_meridian()
https://hackerone.com/reports/284346 |  Download attachments with traversal path into any sdcard directory (incomplete fix 106097)
https://hackerone.com/reports/285432 |  IDOR - setAttribute action of user object in API
https://hackerone.com/reports/286667 |  Self-XSS in password reset functionality
https://hackerone.com/reports/286740 |  Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse
https://hackerone.com/reports/287789 |  IDOR to view User Order Information
https://hackerone.com/reports/287837 |  217.147.95.145 NFS Exposed with Zeus Server configs
https://hackerone.com/reports/288219 |  Open Redirection while saving User account Settings 
https://hackerone.com/reports/288704 |  Command injection on Phabricator instance with an evil hg branch name
https://hackerone.com/reports/288955 |  [IRCCloud Android] Theft of arbitrary files leading to token leakage
https://hackerone.com/reports/288966 |  POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)
https://hackerone.com/reports/288993 |  SSL_peek() hang on empty record (CVE-2016-6305)
https://hackerone.com/reports/289246 |  Following links are vulnerable to clickjacking
https://hackerone.com/reports/289568 |  Program profile metrics endpoint contains mean time to triage, even when turned off
https://hackerone.com/reports/289823 |  Improper markup sanitization.
https://hackerone.com/reports/291057 |  MySQL username and password leaked in developer.valvesoftware.com via source code dislosure
https://hackerone.com/reports/291522 |  XSS on account.mail.ru/login
https://hackerone.com/reports/291539 |  [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron
https://hackerone.com/reports/291683 |  Crafted frame injection leading to form-based UI redressing.
https://hackerone.com/reports/291750 |  Link filter protection bypass
https://hackerone.com/reports/291764 |  SQL Injection found in NextCloud Android App Content Provider
https://hackerone.com/reports/292457 |  Reflected XSS in www.dota2.com
https://hackerone.com/reports/292463 |  Exposed authentication (/cs/Satellite)
https://hackerone.com/reports/292636 |  session_id is not being validated at email invitation endpoint
https://hackerone.com/reports/292797 |  ActionController::Parameters .each returns an unsafe hash
https://hackerone.com/reports/293016 |  CSRF log victim into the attacker account
https://hackerone.com/reports/293105 |  XSS Ğ² Ğ»Ğ¸Ñ‡Ğ½Ñ‹Ñ… ÑĞ¾Ğ¾Ğ±Ñ‰ĞµĞ½Ğ¸ÑÑ…
https://hackerone.com/reports/293299 |  Validation message in Bounty award endpoint can be used to determine program balances
https://hackerone.com/reports/293490 |  [www.zomato.com] Leaking Email Addresses of merchants via reset password feature
https://hackerone.com/reports/293689 |  Query parameter reordering causes redirect page to render unsafe URL
https://hackerone.com/reports/293743 |  [public-api.wordpress.com] Stored XSS via Crafted Developer App Description
https://hackerone.com/reports/293845 |  [IDOR] Deleting other people's tasks
https://hackerone.com/reports/293847 |  SSRF in /appsuite/api/autoconfig 
https://hackerone.com/reports/294147 |  Mercurial git subrepo lead to arbritary command injection
https://hackerone.com/reports/294201 |  subdomain takeover at news-static.semrush.com
https://hackerone.com/reports/294232 |  Adding external participants to unaccessible appointments
https://hackerone.com/reports/294462 |  NET::Ftp allows command injection in filenames
https://hackerone.com/reports/294505 |  Cross-site scripting in "Contact customer" form
https://hackerone.com/reports/294867 |  Improper Host Detection During Team Up  on tweetdeck.twitter.com
https://hackerone.com/reports/295276 |  heap-use-after-free in OP_RESCUE
https://hackerone.com/reports/295330 |  code.wordpress.net subdomain Takeover
https://hackerone.com/reports/295380 |  heap-buffer-overflow in OP_R_BREAK
https://hackerone.com/reports/295540 |  [XSS] Portal Widget Mail
https://hackerone.com/reports/295680 |  Invalid read leading to a segfault
https://hackerone.com/reports/295841 |  Blind SQL injection in Hall of Fap
https://hackerone.com/reports/296045 |  SSRF in VCARD photo upload functionality
https://hackerone.com/reports/296198 |  SEGV on ary_concat
https://hackerone.com/reports/297181 |  Common response suggestion is sent to Google Analytics when user accepts duplicate comment Genius suggestion
https://hackerone.com/reports/297203 |  Reflected XSS using Header Injection
https://hackerone.com/reports/297339 |  PHPMYADMIN Setup is accessible without authentication on https://lml.lahitapiola.fi/
https://hackerone.com/reports/297359 |  No Rate Limit in email leads to huge Mass mailings
https://hackerone.com/reports/297383 |  mruby heredoc notation
https://hackerone.com/reports/297478 |  SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent 
https://hackerone.com/reports/297547 |  Improper markup sanitisation in Simplenote Android application.
https://hackerone.com/reports/297751 |  Registered users can change app password permissions for any user
https://hackerone.com/reports/297803 |  [crm.unikrn.com] Open Redirect
https://hackerone.com/reports/297968 |  Persistent DOM-based XSS in https://help.twitter.com via localStorage
https://hackerone.com/reports/298176 |  SQL injection in MilestoneFinder order method
https://hackerone.com/reports/298246 |  controlled buffer under-read in pack_unpack_internal()
https://hackerone.com/reports/298265 |  HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms
https://hackerone.com/reports/298873 |  Command injection by overwriting authorized_keys file through GitLab import
https://hackerone.com/reports/299009 |  Single Sing On - Clickjacking
https://hackerone.com/reports/299130 |  SSRF - RSS feed, blacklist bypass (IP Formatting)
https://hackerone.com/reports/299135 |  SSRF - RSS feed, blacklist bypass (301 re-direct)
https://hackerone.com/reports/299403 |  Domain spoofing in redirect page using RTLO
https://hackerone.com/reports/299424 |  Bypass Filter and get Stored Xss 
https://hackerone.com/reports/299466 |  [XSS] Mail <style> v2.0
https://hackerone.com/reports/299473 |  Evaluating Ruby code by injecting Rescue job on the system_hook_push queue through web hook
https://hackerone.com/reports/299552 |  Information disclosure on https://paycard.rapida.ru
https://hackerone.com/reports/299728 |  Markdown parsing issue enables insertion of malicious tags and event handlers
https://hackerone.com/reports/299835 |  Link poisoning on https://secure.login.gov/ login page
https://hackerone.com/reports/300099 |  [www.zomato.com] Privilege Escalation - Control reviews - /â–ˆâ–ˆâ–ˆâ–ˆdashboard_handler.php
https://hackerone.com/reports/300179 |  User uploaded portfolio files can be accessed by any user even after deleted
https://hackerone.com/reports/300181 |  Torrent Viewer extension web service available on all interfaces
https://hackerone.com/reports/300270 |  Stored XSS in learnboost.com via the lesson[goals] parameter.
https://hackerone.com/reports/300305 |  Ability to bypass partner email confirmation to take over any store given an employee email
https://hackerone.com/reports/300391 |  The parameter in the POST query allows to control size of returned page which in turn can lead to the potential DOS attack
https://hackerone.com/reports/300454 |  [www.zomato.com] Privilege Escalation - /php/restaurant_menus_handler.php
https://hackerone.com/reports/300812 |  Stored XSS in www.learnboost.com via ZIP codes.
https://hackerone.com/reports/300879 |  User to Admin privilege escalation in Infrastructure Conditions - /v2/accounts/1835740/alerts/conditions
https://hackerone.com/reports/300881 |  Account members can re-add themselve after has been deleted by administrator
https://hackerone.com/reports/301137 |  GitHub import allows user to create child group under existing namespace
https://hackerone.com/reports/301432 |  GitLab CI runner can read and poison cache of all other projects
https://hackerone.com/reports/301458 |  Remote Code Execution in Wordpress Desktop
https://hackerone.com/reports/301526 |  Invitation token leaks to https://bat.bing.com
https://hackerone.com/reports/301680 |  Reflected XSS Vulnerability in https://www.lahitapiola.fi/cs/Satellite
https://hackerone.com/reports/301718 |  https://fundl.qiwi.com CSRF Ğ½Ğ° Ğ¿Ğ¾Ğ´Ñ‚Ğ²ĞµÑ€Ğ¶Ğ´ĞµĞ½Ğ¸Ğ¸ sms 
https://hackerone.com/reports/301862 |  Path traversal leading to limited CSRF on GET requests on two endpoints
https://hackerone.com/reports/301919 |  CSRF Add user templates
https://hackerone.com/reports/302253 |  ĞÑ‡ĞµĞ½ÑŒ Ğ¶ĞµÑÑ‚ĞºĞ°Ñ XSS Ğ² Ğ»Ğ¸Ñ‡Ğ½Ñ‹Ñ… ÑĞ¾Ğ¾Ğ±Ñ‰ĞµĞ½Ğ¸ÑÑ… m.ok.ru
https://hackerone.com/reports/302298 |  Unintentional file creation caused at Tempfile with directory traversal
https://hackerone.com/reports/302338 |  The possibility that unintended file operation may be performed because some methods of `Dir` do not check NULL characters.
https://hackerone.com/reports/302485 |  IDOR allow to extract all registered email
https://hackerone.com/reports/302651 |  Leak of Platform Authentication credentials via Repeater
https://hackerone.com/reports/302885 |  ImageMagick GIF coder vulnerability leading to memory disclosure
https://hackerone.com/reports/302997 |  Unix domain socket and a path containing a null character
https://hackerone.com/reports/303061 |  RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi)
https://hackerone.com/reports/303378 |  SSRF - Blacklist bypass for mail account addition
https://hackerone.com/reports/303522 |  Zomato.com Reflected Cross Site Scripting
https://hackerone.com/reports/303632 |  Fastify denial-of-service vulnerability with large JSON payloads
https://hackerone.com/reports/303730 |  Defacement of catalog.data.gov via web cache poisoning to stored DOMXSS
https://hackerone.com/reports/303744 |  Arbitrary local system file read on open-xchange server 
https://hackerone.com/reports/304098 |  [XSS/CSRF] filter content-type bypass in Files
https://hackerone.com/reports/304240 |  Unrestricted access to Eureka server on â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ
https://hackerone.com/reports/304386 |  Unrestricted access to https://â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ.â–ˆâ–ˆâ–ˆâ–ˆâ–ˆmyteksi.net/
https://hackerone.com/reports/304679 |  XSS ( Ğ Ğ°Ğ±Ğ¾Ñ‚Ğ° Ñ Ğ¿Ğ¸ÑÑŒĞ¼Ğ°Ğ¼Ğ¸ )
https://hackerone.com/reports/304708 |  Information exposure via error pages (www.lahitapiola.fi Tomcat)
https://hackerone.com/reports/305082 |  Query string parameter modifications returned in page
https://hackerone.com/reports/305128 |  ClickJacking on IMPORTANT Functions of Yelp
https://hackerone.com/reports/305237 |  Malicious file upload (secure.lahitapiola.fi)
https://hackerone.com/reports/305972 |  Potential infinite loop in gdImageCreateFromGifCtx!
https://hackerone.com/reports/305973 |  Inappropriately parsing HTTP response leads to PHP segment fault!
https://hackerone.com/reports/305974 |  Inappropriate URL parsing may cause security risk!
https://hackerone.com/reports/305978 |  Urllib connects to a wrong host
https://hackerone.com/reports/306414 |  Window.opener protection  Bypass
https://hackerone.com/reports/307670 |  Difference in query string parameter processing between Hacker News and Keybase Chrome extension spawns chat to incorrect user
https://hackerone.com/reports/307672 |  Keybase extension hostname-validation regular expression issue.
https://hackerone.com/reports/307675 |  Claiming ownership of GitHub handles via forked GitHub gists.
https://hackerone.com/reports/308489 |  wpjobmanager - unserialize of user input
https://hackerone.com/reports/308610 |  Read Access to all comments on unauthorized forums' discussions! IDOR! 
https://hackerone.com/reports/309058 |  Open Redirect on the nl.wordpress.net
https://hackerone.com/reports/310105 |  Disclosure of 152 cookie names via crafted input
https://hackerone.com/reports/310185 |  Removing a user from a private group doesn't remove him from group's project, if his project's role was changed
https://hackerone.com/reports/310280 |  [Informational] Possible SQL Injection in inc/ajax-actions-frontend.php
https://hackerone.com/reports/310946 |  The request tells the number of private programs, the new system of authorization /invite/token
https://hackerone.com/reports/311326 |  ms5 debug page exposing internal info (internal IPs, headers)
https://hackerone.com/reports/311330 |  Open Redirect
https://hackerone.com/reports/311639 |  Reflected XSS on https://www.zomato.com
https://hackerone.com/reports/311776 |  Securemail server used to internal spam and resource exhaustion
https://hackerone.com/reports/312118 |  Using GitLab to monitor and hijack domains in mass quantity.
https://hackerone.com/reports/312543 |  XXE in Site Audit function exposing file and directory contents
https://hackerone.com/reports/312548 |  XSS via Cookie in e.mail.ru
https://hackerone.com/reports/312647 |  Gaining access to private topics using quoting feature
https://hackerone.com/reports/313050 |  IDOR in treat subscriptions
https://hackerone.com/reports/313250 |  Xss was found by exploiting the URL markdown on http://store.steampowered.com
https://hackerone.com/reports/314126 |  Blind XSS - Report review - Admin panel
https://hackerone.com/reports/314204 |  [XSS] Style/Event Filter Bypass v3.0
https://hackerone.com/reports/314518 |  Reflected XSS+CSRF on secure.lahitapiola.fi
https://hackerone.com/reports/314808 |  Full account takeover
https://hackerone.com/reports/314814 |  [oauth token leak] at oauth.semrush.com
https://hackerone.com/reports/315205 |  Debug information disclosure on oauth-redirector.services.greenhouse.io
https://hackerone.com/reports/315837 |  blind XXE in autodiscover parser
https://hackerone.com/reports/316319 |  XSS on redirection page( Bypassed) 
https://hackerone.com/reports/316713 |  Ad Builder Display Ads Path Traversal
https://hackerone.com/reports/316810 |  Can read features from any user
https://hackerone.com/reports/317005 |  Subdomain Takeover due to unclaimed domain pointing to AWS
https://hackerone.com/reports/317243 |  Window.opener fix bypass
https://hackerone.com/reports/317321 |  Delete directory using symlink when decompressing tar
https://hackerone.com/reports/317476 |  Account Takeover in Periscope TV
https://hackerone.com/reports/317711 |  twofactor_auth bypassable if provider fails to load
https://hackerone.com/reports/317931 |  Bypassing Homograph Attack Using /@ [ Tested On Windows ]
https://hackerone.com/reports/318068 |  SSH server compatible with several vulnerable cryptographic algorithms
https://hackerone.com/reports/318099 |  Registration enabled on â–ˆâ–ˆâ–ˆgrab.com
https://hackerone.com/reports/318399 |  Program profile_metrics.json contains time to triage for deptofdefense even it's turned off
https://hackerone.com/reports/318571 |  Imformation Disclosure on id.rapida.ru
https://hackerone.com/reports/318603 |  Sitemap causing strain on your Lahitapiola.fi server
https://hackerone.com/reports/318751 |  Access to Private Photos of Apps in App section(IDOR)
https://hackerone.com/reports/320200 |  [NR Alerts/Synthetics?] User with no Synthetics permissions can view synthetic monitor details through /internal_api/ endpoint
https://hackerone.com/reports/320222 |  memory corruption while parsing HTTP response
https://hackerone.com/reports/320355 |  myshopify.com domain takeover
https://hackerone.com/reports/320376 |  Open Redirection in index.php page
https://hackerone.com/reports/320679 |  [growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite
https://hackerone.com/reports/320689 |  [NR Synthetics] Restricted user can view synthetics monitors and user permissions through .json endpoint at /permissions/securablemetadata/{GROUP ID}
https://hackerone.com/reports/321029 |  HTML Injection inside Slack promotional emails
https://hackerone.com/reports/321249 |  Forum Users Information Disclosure
https://hackerone.com/reports/321410 |  A user can create an event in a group without being in it http://littleguy.vanillastaging.com/
https://hackerone.com/reports/321420 |  xss reflected in littleguy.vanillastaging.com
https://hackerone.com/reports/321444 |  Fix bypass of different processing of usernames on Hackernews
https://hackerone.com/reports/321725 |  A user can comment in private discussions without having permission to access the discussion
https://hackerone.com/reports/321938 |  [www.zomato.com] Getting a complimentary dessert [Zomato Treats] on ordering a Meal at no cost
https://hackerone.com/reports/321980 |  [XSS/CSRF] filter content-type bypass in Files v2.0
https://hackerone.com/reports/322661 |  Replace other user files in Inbox messages 
https://hackerone.com/reports/322935 |  Exim off-by-one RCE vulnerability
https://hackerone.com/reports/323005 |  CSRF leads to a stored self xss
https://hackerone.com/reports/323975 |  CSRF in Inviting users
https://hackerone.com/reports/324005 |  Server-Side Request Forgery on SAML Application - Import via URL
https://hackerone.com/reports/324006 |  SaaS admin can modify/delete/get user information.
https://hackerone.com/reports/324136 |  XSS *.myshopify.com/collections/vendors?q=
https://hackerone.com/reports/324423 |  Reflected XSS (myynti.lahitapiolarahoitus.fi)
https://hackerone.com/reports/324442 |  Reflected XSS on bbe_open_htmleditor_popup.php of BBE Theme via "value"-GET-parameter
https://hackerone.com/reports/325040 |  xmlrpc.php FILE IS enable it will used for bruteforce attack and denial of service
https://hackerone.com/reports/325336 |  Subdomain takeover on svcgatewayus.starbucks.com
https://hackerone.com/reports/325510 |  Stored-XSS with user interaction on [sandbox.open-xchange.com] via inserted link in mail
https://hackerone.com/reports/326434 |  Able to Select Every Poll Option[http://tedwebers-famous-loudspeakers.vanillacommunities.com]
https://hackerone.com/reports/326639 |  DoS through cache poisoning using invalid HTTP parameters
https://hackerone.com/reports/327088 |  Extra program metrics disclosed via /PROGRAM_NAME json response
https://hackerone.com/reports/327200 |  disclosure of email by sending a message.
https://hackerone.com/reports/327512 |  Potential command injection in `Shell#[]` and `Shell#test`
https://hackerone.com/reports/327671 |  Error Page Content Spoofing or Text Injection 
https://hackerone.com/reports/327674 |  Invitation reminder emails contain insecure links
https://hackerone.com/reports/328337 |  IDOR widget.support.my.com
https://hackerone.com/reports/328486 |  [Zomato Android/iOS] Theft of user session
https://hackerone.com/reports/329209 |  Making further registrations difficult on Vanilla forum
https://hackerone.com/reports/329791 |  Internal IP Address Disclosure at https://www.lahitapiolarahoitus.fi/wp-json/wp/v2/pages
https://hackerone.com/reports/329798 |  h1-202 leaderboard photo discloses local wifi password 
https://hackerone.com/reports/329862 |  Stored xss in shop name @ lp.reverb.com
https://hackerone.com/reports/329957 |  Tracking of users on third-party websites using the Twitter cookie, due to a flaw in authenticating image requests
https://hackerone.com/reports/330008 |  [dev.twitter.com] XSS and Open Redirect Protection Bypass
https://hackerone.com/reports/330135 |  S3 bucket unnecessarily discloses permissions
https://hackerone.com/reports/330716 |  F5 BIG-IP Cookie Remote Information Disclosure
https://hackerone.com/reports/331223 |  Order notifications being sent for a deactivated staff account
https://hackerone.com/reports/331302 |  Improper protection of FileContentProvider
https://hackerone.com/reports/331489 |  Extremly simple way to bypass Nextcloud-Client PIN/Fingerprint lock
https://hackerone.com/reports/331691 |  Email Forwarding invitations for Drafts are not marked as accepted, allowing multiple users to join a program after disabling Email Forwarding
https://hackerone.com/reports/331975 |  [XSS] Pasting bootstrap in mail compose
https://hackerone.com/reports/332381 |  Internal API endpoint discloses full account name of email address associated with unconfirmed user
https://hackerone.com/reports/332632 |  (Possible) staff account takeover via reset token bruteforce at helpdesk.bistudio.com
https://hackerone.com/reports/333008 |  Persistent XSS in https://sandbox.reverb.com/item/
https://hackerone.com/reports/333419 |  TURN server allows TCP and UDP proxying to internal network, localhost and meta-data services
https://hackerone.com/reports/333507 |  Stored XSS in "post last edited" option
https://hackerone.com/reports/333767 |  IDOR to view other user folder name
https://hackerone.com/reports/334139 |  CSRF Trial 14 days express subscription
https://hackerone.com/reports/334143 |  [NR Synthetics] Restricted User can add/modify alert conditions on monitors without any synthetics privileges 
https://hackerone.com/reports/334205 |  Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature
https://hackerone.com/reports/334253 |  CSRF at [Apply to this program] that lead to submit your request automatic with out any validations
https://hackerone.com/reports/334488 |  Blind XXE via Powerpoint files
https://hackerone.com/reports/334709 |  Cache poisoning using NULL bytes and long URLs
https://hackerone.com/reports/335123 |  Invalid Phabricator API token revealed through error message when escalating a report
https://hackerone.com/reports/335177 |  DoS of www.lahitapiolarahoitus.fi via CVE-2018-6389 exploitation
https://hackerone.com/reports/335330 |  Subdomain Takeover to Authentication bypass 
https://hackerone.com/reports/335341 |  Disclosure of Users Information via Wordpress API (?rest_route)
https://hackerone.com/reports/335427 |  WordPress username enumeration (/author)
https://hackerone.com/reports/335481 |  [Zomato's Blog] POST based XSS on https://www.zomato.com/blog/wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=8.2
https://hackerone.com/reports/335607 |  [XSS] select/onchange in TinyMCE via set body
https://hackerone.com/reports/335735 |  Reflected XSS of bbe-child-starter Theme via "value"-GET-parameter
https://hackerone.com/reports/335779 |  User Information Disclosure via Json response
https://hackerone.com/reports/335990 |  Flash-based XSS on mediaelement-flash-audio-ogg.swf of www.lahitapiolarahoitus.fi
https://hackerone.com/reports/336131 |  Potential to abuse pricing errors in saved carts
https://hackerone.com/reports/337488 |  [XSS] Forgot password link
https://hackerone.com/reports/337680 |  burp does not validate the common name of the presented collaborator server certificate
https://hackerone.com/reports/337986 |  CVE-2018-6797:  A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written
https://hackerone.com/reports/339137 |  XSS Ğ¿Ñ€Ğ¸ Ğ´Ğ¾Ğ±Ğ°Ğ²Ğ»ĞµĞ½Ğ¸Ğ¸ Ğ² Ñ‡Ğ°Ñ‚ Ğ¿Ğ¾Ğ»ÑŒĞ·Ğ¾Ğ²Ğ°Ñ‚ĞµĞ»Ñ 
https://hackerone.com/reports/339237 |  [web.icq.com] Stored XSS in link when sending message
https://hackerone.com/reports/339352 |  CSRF logs the victim into attacker's account
https://hackerone.com/reports/339483 |  "Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons
https://hackerone.com/reports/340926 |  [XSS] Parameter Theme 
https://hackerone.com/reports/341876 |  SSRF in Exchange leads to ROOT access in all instances
https://hackerone.com/reports/341884 |  api.icq.com / Ğ²Ğ¾Ğ·Ğ¼Ğ¾Ğ¶Ğ½Ğ¾ÑÑ‚ÑŒ Ğ¿Ñ€Ğ¸ÑĞ¾ĞµĞ´Ğ¸Ğ½Ğ¸Ñ‚ÑŒÑÑ Ğº Ğ»ÑĞ±Ğ¾Ğ¼Ñƒ Ñ‡Ğ°Ñ‚Ñƒ (Ğ´Ğ°Ğ¶Ğµ Ğ·Ğ°ĞºÑ€Ñ‹Ñ‚Ğ¾Ğ¼Ñƒ).
https://hackerone.com/reports/341908 |  XSS via Direct Message deeplinks
https://hackerone.com/reports/341925 |  invalid handling of redirect_uri at o2.mail.ru/jsapi/button
https://hackerone.com/reports/342610 |  [XSS] Style/Event Filter Bypass v4.0
https://hackerone.com/reports/342693 |  Password reset token leakage via referer
https://hackerone.com/reports/342976 |  Referer in /servlet/TestServlet
https://hackerone.com/reports/342978 |  Team object in GraphQL disclosed total number of whitelisted hackers
https://hackerone.com/reports/343464 |  Team object in GraphQL discloses team group names and permissions
https://hackerone.com/reports/343752 |  lootdog.io XSS
https://hackerone.com/reports/344035 |  Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
https://hackerone.com/reports/344049 |  XSS touch.mail.ru compose Body
https://hackerone.com/reports/344112 |  XSS account.mail.ru in state JSON script
https://hackerone.com/reports/344145 |  [www.zomato.com] IDOR - Gold Subscription Details, Able to view "Membership ID" and "Validity Details" of other Users
https://hackerone.com/reports/344228 |  Stored xss Ğ² Ğ¿ĞµÑ€ĞµÑĞ»Ğ°Ğ½Ğ½Ğ¾Ğ¼ ÑĞ¾Ğ¾Ğ±Ñ‰ĞµĞ½Ğ¸Ğ¸.
https://hackerone.com/reports/344309 |  Adding a new user discloses their full name in the "Users" section of NR Alerts notification channels page
https://hackerone.com/reports/344468 |  User is able to access and create private synthetics locations without upgrading (regression of #276157) 
https://hackerone.com/reports/345152 |  Publicly Accessible Datadog link
https://hackerone.com/reports/346219 |  XSS e.mail.ru fixSpecialSymbols
https://hackerone.com/reports/347282 |  Linux kernel: CVE-2017-6074: DCCP double-free vulnerability
https://hackerone.com/reports/347296 |  Docker Registry HTTP API v2 exposed in HTTP without authentication leads to docker images dumping and poisoning
https://hackerone.com/reports/347439 |  [synthetics.newrelic.com] SMTP header injection leads to (mass) arbitrary email sending
https://hackerone.com/reports/347665 |  Permissions leaks the full name of other NR accounts - Regression of #267636
https://hackerone.com/reports/347693 |  Program metrics disclosed response_efficiency_percentage via /program_name json response despite the team decided not to show on their profile
https://hackerone.com/reports/347748 |  Improper session handling on web browsers
https://hackerone.com/reports/348076 |  Stored XSS in Brower `name` field reflected in two pages
https://hackerone.com/reports/348443 |  Snippet JS template allows attacker to read a user's private snippets
https://hackerone.com/reports/349291 |  IDOR via internal_api "users" endpoint 
https://hackerone.com/reports/350847 |  Bypass of request line length limit to DoS via cache poisoning
https://hackerone.com/reports/351014 |  Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution
https://hackerone.com/reports/351016 |  Malformed Skybox .TGA in Half-Life (GoldSRC) leads to Access Violation
https://hackerone.com/reports/351106 |  resetreportedcount & updatetags doesn't verify appid param
https://hackerone.com/reports/351171 |  Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name
https://hackerone.com/reports/351275 |  DOM Based XSS charting_library
https://hackerone.com/reports/351361 |  Administrator can create user without entering high security mode
https://hackerone.com/reports/351376 |  XSS in main search, use class tag to imitate Reverb.com core functionality, create false login window
https://hackerone.com/reports/351519 |  Improper access check by Kit  leads to controlling attributes of store & getting analytics by deleted Store member via dual messenger A/C
https://hackerone.com/reports/351555 |  Disclosure of all uploads to Cloudinary via hardcoded api secret in Android app
https://hackerone.com/reports/352869 |   Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com
https://hackerone.com/reports/353293 |  XSS in buying and selling pages, can created spoofed content (false login message)
https://hackerone.com/reports/353310 |  People who interviewed for HackerOne security analyst position can be enumerated and their personal email address may be exposed
https://hackerone.com/reports/353784 |  Vanilla SQL Injection Vulnerability
https://hackerone.com/reports/354650 |  [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
https://hackerone.com/reports/355773 |  XSS on support.wordcamp.org in ajax-quote.php
https://hackerone.com/reports/355859 |  CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse. 
https://hackerone.com/reports/356047 |  Wordpress Users Disclosure (/wp-json/wp/v2/users/)
https://hackerone.com/reports/356566 |  HackerOne support disclosing report state without checking user identity
https://hackerone.com/reports/356586 |  [XSS] content_disposition=inline in files
https://hackerone.com/reports/357485 |  Hacktivity of a private program visible to banned user if he gets invited to a program by hackbot
https://hackerone.com/reports/357665 |  DoS in Brave browser for iOS
https://hackerone.com/reports/357929 |  Items bought for free due to lacks of quantity controls
https://hackerone.com/reports/358007 |  Compromising the user ID
https://hackerone.com/reports/358049 |  RCE via Print function [Simplenote 1.1.3 - Desktop app] 
https://hackerone.com/reports/358339 |  File access control rules not enforced on image files
https://hackerone.com/reports/358570 |  A SQL injection vulnerability in Vanilla
https://hackerone.com/reports/360171 |  Multiple Bugs in api.data.gov/signup endpoint leads to send custom messages to Anyone
https://hackerone.com/reports/360191 |  [account.mail.ru] XSS Ğ½Ğ° ÑÑ‚Ñ€Ğ°Ğ½Ğ¸Ñ†Ğµ ÑƒĞ´Ğ°Ğ»ĞµĞ½Ğ¸Ñ Ğ°ĞºĞºĞ°ÑƒĞ½Ñ‚Ğ° Ñ‡ĞµÑ€ĞµĞ· backUrl
https://hackerone.com/reports/360787 |  [account.mail.ru] XSS Ğ½Ğ° ÑÑ‚Ñ€Ğ°Ğ½Ğ¸Ñ†Ğµ Ğ²Ğ¾ÑÑÑ‚Ğ°Ğ½Ğ¾Ğ²Ğ»ĞµĞ½Ğ¸Ñ Ğ¿Ğ°Ñ€Ğ¾Ğ»Ñ
https://hackerone.com/reports/360811 |  Information Leak - Github - JMS Information
https://hackerone.com/reports/361287 |  DOMXSS in redirect param
https://hackerone.com/reports/361793 |  [SSRF] PDF documentconverterws
https://hackerone.com/reports/361938 |  [XSS] RSS Feed Widget
https://hackerone.com/reports/361951 |  Exploiting JSONP callback on /username/charts.json endpoint leads to information disclosure despite user's privacy settings
https://hackerone.com/reports/361957 |  Unsanitized input in email field
https://hackerone.com/reports/361960 |  Insufficient validation of sides/modifiers quantity
https://hackerone.com/reports/362129 |  XSS https://health.mail.ru/my/ Ñ‡ĞµÑ€ĞµĞ· Ğ²Ğ½ĞµÑˆĞ½ĞµĞµ Ğ¸Ğ¼Ñ Ğ°ĞºĞºĞ°ÑƒĞ½Ñ‚Ğ°
https://hackerone.com/reports/363636 |  DoS through PeerExplorer
https://hackerone.com/reports/363971 |  Insecure Infrastructure Integrations YML Loading leads to Windows Privilege Escalation
https://hackerone.com/reports/364843 |  OLO Total price manipulation using negative quantities
https://hackerone.com/reports/364964 |  Client DoS due to large DH parameter (CVE-2018-0732)
https://hackerone.com/reports/365093 |  XSS https://agent.postamat.tech/ Ğ² Ğ¿Ñ€Ğ¾Ñ„Ğ¸Ğ»Ğµ + Ğ´Ğ¸ÑĞºĞ»Ğ¾Ğ· ÑĞµĞºÑ€ĞµÑ‚Ğ½Ğ¾Ğ¹ Ğ¸Ğ½Ñ„Ğ¾Ñ€Ğ¼Ğ°Ñ†Ğ¸Ğ¸
https://hackerone.com/reports/365271 |  Remote code execution on Basecamp.com
https://hackerone.com/reports/365504 |  Comment restriction in subsection "Workshop" of domain "steamcommunity.com" can be bypassed using IDOR
https://hackerone.com/reports/365853 |  Subdomain Takeover - https://competition.shopify.com/
https://hackerone.com/reports/367581 |  Basic auth details is still work on report ( 351555 ) 
https://hackerone.com/reports/367966 |  FileUpload Plugin: CSRF (delete all attached files)
https://hackerone.com/reports/368119 |  [engineering.udemy.com] - Subdomain Takeover (ghost.io)
https://hackerone.com/reports/369086 |  URL spoofing in Brave for macOS
https://hackerone.com/reports/369185 |  Unsafe handling of protocol handlers
https://hackerone.com/reports/369218 |  Navigation to restricted origins via "Open in new tab"
https://hackerone.com/reports/369451 |  SSRF in CI after first run
https://hackerone.com/reports/370094 |  Ğ’Ñ‹Ğ²Ğ¾Ğ´ Ğ·Ğ½Ğ°Ñ‡ĞµĞ½Ğ¸Ğ¹ Ğ¿ĞµÑ€ĞµĞ¼ĞµĞ½Ğ½Ñ‹Ñ… Nginx Ğ² Ñ‚ĞµĞ»Ğµ ÑÑ‚Ñ€Ğ°Ğ½Ğ¸Ñ†Ñ‹
https://hackerone.com/reports/370777 |  [affiliates.udemy.com] Wordpress user admin information discloure
https://hackerone.com/reports/371135 |  CVE-2018-12882: heap-use-after-free in PHP 7.2 through 7.2.6, possible 7.2.7
https://hackerone.com/reports/373721 |  URL spoofing using protocol handlers
https://hackerone.com/reports/374106 |  Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass
https://hackerone.com/reports/374737 |  Blind SSRF on errors.hackerone.net due to Sentry misconfiguration
https://hackerone.com/reports/374907 |  Root user disclosure in data.gov domain though x-amz-meta-s3cmd-attrs header
https://hackerone.com/reports/374919 |  Content spoofing and potential Cross-Site Scripting vulnerability on www.hackerone.com
https://hackerone.com/reports/374969 |  Navigation to protocol handler URL from the opened page displayed as a request from this page.
https://hackerone.com/reports/375259 |  Cross-origin page stays focused before/after downloading + uninformative modal window for download
https://hackerone.com/reports/375329 |  Local files reading using `link[rel="import"]`
https://hackerone.com/reports/375352 |  Post Based XSS On Upload Via CK Editor [semrush.com]
https://hackerone.com/reports/378122 |  HackerOne customer submitted sensitive link to VirusTotal, exposing confidential information
https://hackerone.com/reports/378805 |  Navigation to `chrome-extension://` origin (internal pages) from the web
https://hackerone.com/reports/380045 |  Stored XSS in the guide's GameplayVersion (www.dota2.com)
https://hackerone.com/reports/380102 |  Missing memory corruption protection on Windows release built
https://hackerone.com/reports/380158 |  svcardproxydevus.starbucks.com Subdomain take over
https://hackerone.com/reports/380317 |  Team object exposes amount of participants in a private program to non-invited users
https://hackerone.com/reports/380354 |  Reflected XSS through multiple inputs in the issue collector on Jira
https://hackerone.com/reports/380413 |  Restricted user can bypass permissions restriction to create NR Alert policies
https://hackerone.com/reports/380873 |  Prototype pollution attack (lodash / constructor.prototype)
https://hackerone.com/reports/381129 |  SSRF in api.slack.com, using slash commands and bypassing the protections.
https://hackerone.com/reports/381192 |  Preview bar: Incomplete message origin validation results in XSS
https://hackerone.com/reports/381237 |  CSRF | Ban or unban users in broadcast's chat
https://hackerone.com/reports/381356 |  Client-Side Race Condition using Marketo, allows sending user to data-protocol in Safari when form without onSuccess is submitted on www.hackerone.com
https://hackerone.com/reports/382625 |  Stored XSS in '' Section and WAF Bypass
https://hackerone.com/reports/383564 |  Subdomain takeover on svcgatewaydevus.starbucks.com and svcgatewayloadus.starbucks.com
https://hackerone.com/reports/384101 |  Go.imgur.com can be used to phish for account information
https://hackerone.com/reports/384112 |  xss - reflected
https://hackerone.com/reports/384214 |  heap-buffer-overflow (READ of size 48) in exif_read_data()
https://hackerone.com/reports/384477 |  Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c
https://hackerone.com/reports/384569 |  Bypassing the Trusted Link Alert System
https://hackerone.com/reports/384719 |  linkinfo - openbasedir bypass on Windows PHP
https://hackerone.com/reports/384782 |  User Information Disclosure via the REST API - /?_method=GET
https://hackerone.com/reports/384839 |  DoS for HTTP/2 connections by crafted requests (CVE-2018-1333)
https://hackerone.com/reports/384905 |  F5 BigIP Backend Cookie Disclosure
https://hackerone.com/reports/384962 |  jsConnect Plugin: Takeover of existing account
https://hackerone.com/reports/385145 |  Homograph attack on redirect URL (https://chaturbate.com/external_link/?url)
https://hackerone.com/reports/385239 |  Add non-existent room moderator
https://hackerone.com/reports/385372 |  Homograph attack on redirect URL 
https://hackerone.com/reports/385381 |  Rate limit missing at room login
https://hackerone.com/reports/385407 |  store xss in calendar via upload filename
https://hackerone.com/reports/386112 |  [allhiphop.vanillacommunities.com] XSS Request-URI
https://hackerone.com/reports/386116 |  CSV Injection with the CSV export feature
https://hackerone.com/reports/386292 |  Bypass of the SSRF protection in Event Subscriptions parameter.
https://hackerone.com/reports/386334 |  CSS Injection on /embed/ via bgcolor parameter leaks user's CSRF token and allows for XSS 
https://hackerone.com/reports/386340 |  Reflected XSS on ssl-ccstatic.highwebmedia.com  via player.swf
https://hackerone.com/reports/386556 |  [NR Alerts] Internal API exposes Synthetics monitor details to a restricted user without view monitor permissions
https://hackerone.com/reports/386596 |  Email Not Completely Deleted after Deleting an account
https://hackerone.com/reports/386735 |  Login form on non-HTTPS page on http://stream.highwebmedia.com/auth/login/
https://hackerone.com/reports/386997 |  Private program policy page still accessible after user left the program
https://hackerone.com/reports/387007 |  [idp.fr.cloud.gov] Open Redirect
https://hackerone.com/reports/387250 |  OpenSSL::X509::Name Equality Check Does Not Work, Patch included
https://hackerone.com/reports/387279 |  App messaging can be hijacked by third-party websites
https://hackerone.com/reports/387544 |  Admin bar: Incomplete message origin validation results in XSS
https://hackerone.com/reports/388506 |  Stored XSS in Email attachment file name
https://hackerone.com/reports/388622 |  Subdomain takeover on wfmnarptpc.starbucks.com
https://hackerone.com/reports/388743 |  [NR Insights] Data app permissions setting does not fully prevent other users from modifying/changing changing data related to your data app 
https://hackerone.com/reports/389076 |  `open-url` command allows opening unlimited number of tabs pointing to arbitrary URLs
https://hackerone.com/reports/389108 |  Handling of `tracking` command allows making arbitrary blind requests with user's cookies from Grammarly Extension's origin
https://hackerone.com/reports/389454 |  Backup Source Code Detected
https://hackerone.com/reports/389592 |  [theacademy.upserve.com] Reflected XSS Query-String
https://hackerone.com/reports/389600 |  TeamProfile exposes partially sensitive information through GraphQL
https://hackerone.com/reports/390013 |  Local files reading from the web using `brave://`
https://hackerone.com/reports/390362 |  Local files reading from the "file://" origin through `brave://`
https://hackerone.com/reports/390429 |  Reflected XSS on help.steampowered.com
https://hackerone.com/reports/391385 |  Unauthorized Use of Victim Credit Card
https://hackerone.com/reports/391390 |  Stored XSS on activity
https://hackerone.com/reports/392728 |  Possibility to freeze/crash the host system of all Slack Desktop users easily
https://hackerone.com/reports/394016 |  Web Cache Deception Attack (XSS)
https://hackerone.com/reports/394253 |  Validation bypass for queries generated for PostgreSQL
https://hackerone.com/reports/395729 |  `socket` command allows sending data over WebSockets to arbitrary origins from Grammarly Extension
https://hackerone.com/reports/395737 |  `chrome://brave` available for navigation in Release build [-> RCE] + navigation to `chrome://*` using tab_helper ["Open in new tab"]
https://hackerone.com/reports/396370 |  XSS: Group search terms
https://hackerone.com/reports/396467 |  Github Token Leaked publicly for https://github.sc-corp.net
https://hackerone.com/reports/396493 |  Reflected DOM XSS on www.starbucks.co.uk
https://hackerone.com/reports/396954 |  Attacker can add arbitrary data to the blockchain without paying gas
https://hackerone.com/reports/397031 |  Disclosure of top 10 vulnerability types for programs that haven't enabled the Insights feature
https://hackerone.com/reports/397088 |  Stored XSS on buy button
https://hackerone.com/reports/397130 |  Unauthenticated access to Zendesk tickets through athena-flex-production.shopifycloud.com Okta bypass
https://hackerone.com/reports/397478 |  Privilege Escalation via Keybase Helper
https://hackerone.com/reports/397483 |  [NR Infrastructure] Restricted user can update integration provider account name via integrations API
https://hackerone.com/reports/397508 |  Web cache deception attack - expose token information
https://hackerone.com/reports/397527 |  Leaking sensitive information on Github lead full access to all Grab Slack channels 
https://hackerone.com/reports/397545 |  Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection
https://hackerone.com/reports/398054 |  DOM Based XSS in www.hackerone.com via PostMessage
https://hackerone.com/reports/398316 |  CSRF combined with IDOR within Document Converter exposes files
https://hackerone.com/reports/398797 |  DVR default username and password
https://hackerone.com/reports/398799 |  Unauthenticated blind SSRF in OAuth Jira authorization controller
https://hackerone.com/reports/399174 |  Access MoPub Reports Data even after Company removed you from their MoPub Account.
https://hackerone.com/reports/399382 |  XSS in e.mail.ru
https://hackerone.com/reports/400982 |  Open redirect in securegatewayaccess.com / secure.chaturbate.com via prejoin_data parameter
https://hackerone.com/reports/401483 |  [chaturbate.com] - CSRF Vulnerability on image upload
https://hackerone.com/reports/402362 |  RCE due to ImageTragick v2
https://hackerone.com/reports/402410 |  Ğ Ğ°ÑÑˆĞ¸Ñ„Ñ€Ğ¾Ğ²ĞºĞ° Ğ²ÑĞµÑ… Ñ‚Ğ¸Ğ¿Ğ¾Ğ² ÑˆĞ¸Ñ„Ñ€Ğ¾Ğ²Ğ°Ğ½Ğ½Ñ‹Ñ… ID
https://hackerone.com/reports/402473 |  Arbitrary File Download as Shopmanager
https://hackerone.com/reports/402753 |  Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors
https://hackerone.com/reports/403039 |  WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers
https://hackerone.com/reports/403083 |  Authenticated Code Execution through Phar deserialization in CSV Importer as Shop manager in WooCommerce
https://hackerone.com/reports/403402 |  Public Jenkins instance with /script enabled
https://hackerone.com/reports/403417 |  Remote Code Execution on www.semrush.com/my_reports on Logo upload
https://hackerone.com/reports/403602 |  Attachments may be hijacked via AppCache+CookieBombing trick (bc3_production_blobs bucket)
https://hackerone.com/reports/403783 |  [www.zomato.com] Tampering with Order Quantity and paying less amount then actual amount, leads to business loss
https://hackerone.com/reports/404797 |  IDOR to delete images from other stores
https://hackerone.com/reports/405342 |  Clickjacking at ylands.com
https://hackerone.com/reports/406289 |  Stored XSS on Broken Themes via filename
https://hackerone.com/reports/406614 |  Resource Consumption DOS on Edgemax v1.10.6
https://hackerone.com/reports/406704 |  XSS @ store.steampowered.com via agecheck path name
https://hackerone.com/reports/407355 |  Subdomain Takeover on demo.greenhouse.io pointing to unbouncepages
https://hackerone.com/reports/407552 |  Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability
https://hackerone.com/reports/409370 |  Denial of service via cache poisoning
https://hackerone.com/reports/409395 |  Bypass of GitLab CI runner slash fix in YAML validation
https://hackerone.com/reports/409512 |  mod_userdir CRLF injection (CVE-2016-4975)
https://hackerone.com/reports/409518 |  "More on Wikipedia" link disclose "Referrer" and leak `window.opener` reference for arbitrary websites
https://hackerone.com/reports/409701 |  SSRF in hatchful.shopify.com
https://hackerone.com/reports/409850 |  XSS in steam react chat client
https://hackerone.com/reports/409973 |  Some store settings/data are accessible to "No Access" permission users on GraphQL LiveView operation
https://hackerone.com/reports/409986 |  Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS
https://hackerone.com/reports/410015 |  Discrepancy in hacker profile report count may reveal existence of a private program by publishing a report
https://hackerone.com/reports/410212 |  Vanilla Forums Xenforo password splitHash Unserialize Remote Code Execution Vulnerability
https://hackerone.com/reports/410237 |  Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability
https://hackerone.com/reports/410451 |  User login page doesn't implement any form of rate limiting
https://hackerone.com/reports/410882 |  Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability (critical)
https://hackerone.com/reports/411075 |  Abusing "Report as abuse" functionality to delete any user's post.
https://hackerone.com/reports/411140 |  Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability
https://hackerone.com/reports/411329 |  code injection, steam chat client
https://hackerone.com/reports/411337 |  Forget password link not expiring after email change.
https://hackerone.com/reports/411519 |  DNS SRV lookup of file:// sources enables local hijacking of gems
https://hackerone.com/reports/411679 |  View Failed Approval and Pending videos other users
https://hackerone.com/reports/411690 |  Stored xss in address field in billing activity at https://shop.aaf.com/Order/step1/index.cfm
https://hackerone.com/reports/411723 |  Open redirection at https://chaturbate.com/auth/login/
https://hackerone.com/reports/411822 |  Password protected rooms total number of viewers disclosure to unauthorized members
https://hackerone.com/reports/411865 |  Blind SSRF at https://chaturbate.com/notifications/update_push/
https://hackerone.com/reports/411930 |  User with privilege to maintain External Programs can update certain churned HackerOne programs
https://hackerone.com/reports/412526 |  No rate limit in stats api token endpoint
https://hackerone.com/reports/412988 |  Hacker can request mediation for published reports
https://hackerone.com/reports/413426 |  Open redirect on chaturbate.com (tipping/purchase_success)
https://hackerone.com/reports/413442 |  [chatws25.stream.highwebmedia.com] - Reflected XSS in c parameter
https://hackerone.com/reports/413505 |  No rate limit in affiliate statsapi endpoint
https://hackerone.com/reports/413759 |  Race condition at create new Location
https://hackerone.com/reports/413828 |  Persistent XSS via Signatures
https://hackerone.com/reports/415139 |  Reflected xss on theacademy.upserve.com
https://hackerone.com/reports/415178 |  chrome://brave can still be navigated to, leading to RCE
https://hackerone.com/reports/415238 |  [Admin Panel] CSRF to resume/pause runner
https://hackerone.com/reports/415258 |  RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context
https://hackerone.com/reports/415272 |  Linux Desktop application slack executable does not use pie / no ASLR
https://hackerone.com/reports/415398 |  Chaturbate "/chat_ignore_list/" endpoint does not check for Account status: Disabled  before adding Ignore via POST
https://hackerone.com/reports/415484 |  Stored xss
https://hackerone.com/reports/415622 |  PII disclosure -- Past team members & their email ID(personal email) can be viewed by Staff member with no permissions on Partner Dashboard
https://hackerone.com/reports/415967 |  chrome://brave navigation from web
https://hackerone.com/reports/416040 |  Field Day With Protocol Handlers
https://hackerone.com/reports/416682 |  CSRF on change video thumbnail at https://chaturbate.com
https://hackerone.com/reports/416906 |  Missing Rate Limitation at /apps/upload_app/ 
https://hackerone.com/reports/416978 |  H1514 CSRF in Domain transfer allows adding your domain to other user's account
https://hackerone.com/reports/416983 |  H1514 Removed Staff members who had "Apps" permission can still modify flow app connections
https://hackerone.com/reports/417170 |  Using GraphQL, STAFF with NO explicit permissions on Store can retrieve Shopify Payments Balance.
https://hackerone.com/reports/417382 |  Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session
https://hackerone.com/reports/417839 |  H1514 Lack of access control on edit packing slip template
https://hackerone.com/reports/418145 |  No rate limiting in changing room subject.
https://hackerone.com/reports/418151 |  No rate limiting in starting up a bot.
https://hackerone.com/reports/418254 |  Unrestricted POST request size on roomlogin endpoint
https://hackerone.com/reports/418474 |  Disclosing a private program in an external link if program is paused
https://hackerone.com/reports/418767 |  Hacker can bypass 2FA requirement and reporter blacklist through embedded submission form
https://hackerone.com/reports/418823 |  Reflected XSS on developers.zomato.com
https://hackerone.com/reports/419875 |  [NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users
https://hackerone.com/reports/419883 |  H1514 [beerify.shopifycloud.com] GraphQL discloses internal beer consumption
https://hackerone.com/reports/420115 |  Crash in mrb_ary_push
https://hackerone.com/reports/420459 |  H1514 Stored XSS in Return Magic App portal content
https://hackerone.com/reports/421009 |  H1514 Deanonymizing Exchange Marketplace private listings  
https://hackerone.com/reports/421859 |  H1514 [*.(my)shopify.com] - Viewing Password Protected Content
https://hackerone.com/reports/422043 |  H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing
https://hackerone.com/reports/422279 |  H1514 Simple phishing using auto-created modal with weak URL-pattern check in incontext_app_link
https://hackerone.com/reports/422331 |  attacker can book unlimited tickets in free at https://aaf.com/checkout/order-received/21237/?key=wc_order_5bbef48fa35b2
https://hackerone.com/reports/422698 |  Update Chat Allowed By Option ( without age verification )
https://hackerone.com/reports/422707 |  Reflected XSS on $Any$.myshopify.com/admin
https://hackerone.com/reports/422944 |  H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products
https://hackerone.com/reports/423022 |  Account takeover at https://try.discourse.org due to no CSRF protection in connecting Yahoo account
https://hackerone.com/reports/423073 |  Improper UUID validation results in bypass of #419896
https://hackerone.com/reports/423136 |  H1514 Session Fixation on multiple shopify-built apps on *.shopifycloud.com and *.shopifyapps.com
https://hackerone.com/reports/423198 |  H1514 Ability to Edit Packaging Slip Templates and View Product & Shipping Information by a low privileged staff in a Sandbox Store
https://hackerone.com/reports/423218 |  H1514 DOM XSS on checkout.shopify.com via postMessage handler on /:id/sandbox/google_maps
https://hackerone.com/reports/423388 |  H1514 Get access to non public information by pivoting with graphql queries
https://hackerone.com/reports/423454 |  H1514 Stored XSS on Wholesale sales channel allows cross-organization data leakage
https://hackerone.com/reports/423467 |  H1514 Ability to MiTM Shopify PoS Session to Takeover Communications
https://hackerone.com/reports/423496 |  H1514 Bypass Wholesale account signup restrictions
https://hackerone.com/reports/423506 |  H1514 Extract information about other sites (new sites) through Affiliate/Referral pages
https://hackerone.com/reports/423541 |  H1514 Server Side Template Injection in Return Magic email templates?
https://hackerone.com/reports/423546 |  H1514 Wholesale customer without checkout permission can complete purchases
https://hackerone.com/reports/424447 |  Integer overflow leading to buffer overflow
https://hackerone.com/reports/424669 |  Subdomain Takeover Via unclaimed Heroku Instance tim-exclusive.shopify.com
https://hackerone.com/reports/425048 |  Stored XSS on chaturbate.com (wish list)
https://hackerone.com/reports/425200 |  XSS [flow] - on www.paypal.com/paypalme/my/landing (requires user interaction)
https://hackerone.com/reports/425314 |  API request signature can be reused with other parameters/data than the original in certain cases
https://hackerone.com/reports/425719 |  Disclosure of Github Issues
https://hackerone.com/reports/426165 |  [www.zomato.com] CORS Misconfiguration, could lead to disclosure of sensitive information
https://hackerone.com/reports/426547 |  Missing Rate Limitation at /photo_videos/photoset/create
https://hackerone.com/reports/426944 |  Linux privilege escalation via trusted $PATH in keybase-redirector 
https://hackerone.com/reports/427502 |  Proper verification is not done before sending invitations to researchers for certain private programs with rules e.g. "Participants must be US-based"
https://hackerone.com/reports/427835 |  Server-Side request forgery in New-Subscription feature of the calendar app
https://hackerone.com/reports/428010 |  Talk / spreed: Disclosure of Room names and participants for password protected rooms
https://hackerone.com/reports/428660 |  Gallery: No feedback for invalid password
https://hackerone.com/reports/429026 |  Race condition in performing retest allows duplicated payments
https://hackerone.com/reports/429298 |  Stored XSS in chat topic due to insecure emoticon parsing on any message type
https://hackerone.com/reports/429617 |  Reverse Proxy misroute leading to steal X-Shopify-Access-Token header
https://hackerone.com/reports/429679 |  POST-based XSS on apps.shopify.com
https://hackerone.com/reports/430463 |  Keybase client: downloaded executables lack "com.apple.quarantine" meta-attribute [macOS]
https://hackerone.com/reports/430854 |  Kaspersky Password Manager allows websites to access user's address data
https://hackerone.com/reports/431561 |  Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS
https://hackerone.com/reports/431633 |  Order Creation Webhooks can be edited/deleted by STAFF with `Settings` only permission
https://hackerone.com/reports/434116 |  Exposing voting results on the Slowvote application without actually voting
https://hackerone.com/reports/434715 |  No session expiry after log-out and session id exposed in URL
https://hackerone.com/reports/434763 |  Incorrect details on OAuth permissions screen allows DMs to be read without permission
https://hackerone.com/reports/435457 |  Ability to login to the Nexus Repo Manager from https://nexus.imgur.com/ 
https://hackerone.com/reports/435618 |  Kaspersky Password Manager is vulnerable to HTML injection in the browser action pop-up via user name
https://hackerone.com/reports/435648 |  TOTP Key is shorter than RFC 4226 recommended minimum
https://hackerone.com/reports/436928 |  RCE as Admin defeats WordPress hardening and file permissions
https://hackerone.com/reports/437142 |  Instant open redirect on Live preview WEB Ide opening
https://hackerone.com/reports/437800 |  Passive mixed content issues on the site https://*.fanduel.com
https://hackerone.com/reports/438240 |  Reflected Cross site Scripting (XSS) on www.starbucks.com
https://hackerone.com/reports/439729 |  Add and Access to Labels of any Private Projects/Groups of Gitlab(IDOR)
https://hackerone.com/reports/439828 |  Event privacy level does not work in Thunderbird
https://hackerone.com/reports/439912 |  Stored XSS on demo app link 
https://hackerone.com/reports/440749 |  [Mail.Ru Android] Typo in permission name allows to write contacts without user knowledge
https://hackerone.com/reports/442843 |  Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report
https://hackerone.com/reports/446238 |  EXIF metadata not stripped from JPG group logos
https://hackerone.com/reports/446271 |  CRLF injection
https://hackerone.com/reports/446585 |  Exfiltrate and mutate repository and project data through injected templated service
https://hackerone.com/reports/446593 |  GitLab's GitHub integration is vulnerable to SSRF vulnerability
https://hackerone.com/reports/447494 |  Share recipient can modify a share's expiration date
https://hackerone.com/reports/447975 |  Upgrade menu exposes the mobile application token meant to only be visible to administrators 
https://hackerone.com/reports/448078 |  A user can request a report to be retested even though the program has not been verified by HackerOne
https://hackerone.com/reports/449351 |  IE only: stored Cross-Site Scripting (XSS) vulnerability through Program Asset identifier
https://hackerone.com/reports/449482 |  Command injection in Pathname
https://hackerone.com/reports/449617 |  Null character at fnmatch
https://hackerone.com/reports/452959 |  A user can bypass approval step in Hacker Publishing feature, allowing them to publish reports immediately
https://hackerone.com/reports/452973 |  Inline banner on Report page discloses whether organization runs a private program
https://hackerone.com/reports/454949 |  Race Condition in Flag Submission
https://hackerone.com/reports/455858 |  [p2p.qiwi.com] nginx alias traversal
https://hackerone.com/reports/456333 |  [auth2.zomato.com] Reflected XSS at `oauth2/fallbacks/error` | ORY Hydra an OAuth 2.0 and OpenID Connect Provider
https://hackerone.com/reports/456727 |  null pointer dereference in imap_mail
https://hackerone.com/reports/458842 |  Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games.
https://hackerone.com/reports/459286 |  protocol & Ports are not shown in third-party site redirect warning page 
https://hackerone.com/reports/459443 |  [NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through internal_api endpoint
https://hackerone.com/reports/460428 |  The impossibility of inclusion of the trial (BROWSER)
https://hackerone.com/reports/460815 |  Milestones leaked via search API
https://hackerone.com/reports/460911 |  [FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II
https://hackerone.com/reports/460920 |  Response program can create bounty table
https://hackerone.com/reports/461272 |  [www.zomato.com] Blind XSS in one of the admin dashboard
https://hackerone.com/reports/461308 |  Remote attacker can impersonate Social users via ActivityPub API
https://hackerone.com/reports/462321 |  Ability to view monitor names of other NR accounts through internal API (v3) via "monitor_id" parameter 
https://hackerone.com/reports/462503 |  Claiming package names in GitLab's automatic package referencer.
https://hackerone.com/reports/463828 |  Submitting report through Embedded Submission form gives user indefinite access to a profile
https://hackerone.com/reports/463915 |  URL Advisor component in KIS products family is vulnerable to Universal XSS
https://hackerone.com/reports/464426 |  account takeover https://idea.qiwi.com/ 
https://hackerone.com/reports/469372 |  Web protection component in Anti-Virus products family uses predictable links for certificate warnings
https://hackerone.com/reports/469803 |  Open redirect at https://inventory.upserve.com/http://google.com/
https://hackerone.com/reports/470003 |  Privilege Escalation via Keybase Helper (incomplete security fix)
https://hackerone.com/reports/470067 |  DoS on the Issue page by exploiting Mermaid.
https://hackerone.com/reports/470206 |  Reflected XSS in *.myshopify.com/account/register
https://hackerone.com/reports/470398 |  Local privilege escalation bug using Keybase redirector on macOS
https://hackerone.com/reports/470519 |  Kaspersky Protection extension for Google Chrome is vulnerable to abuse its features
https://hackerone.com/reports/470520 |  RCE on Steam Client via buffer overflow in Server Info
https://hackerone.com/reports/470544 |  Unauthorized command execution in Web protection component of Anti-Virus products family
https://hackerone.com/reports/470547 |  Unauthorized command execution in Web protection component of Anti-Virus products family [IE]
https://hackerone.com/reports/470553 |  Unauthorized command execution in Web protection component of Anti-Virus products family [FF, Chrome]
https://hackerone.com/reports/470637 |  User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files
https://hackerone.com/reports/471265 |  unuse domain still in using at wechat by Starbucks East China
https://hackerone.com/reports/471739 |  macOS privilege escalation via keybase install
https://hackerone.com/reports/472013 |  Changing email address on Twitter for Android unsets "Protect your Tweets"
https://hackerone.com/reports/472026 |  The auto login link does not expire on changing email id
https://hackerone.com/reports/472651 |  Private key "tron" leaked via Travis CI Log
https://hackerone.com/reports/473252 |  Privilege Escalation through Keybase Installer via Helper
https://hackerone.com/reports/473888 |  RCE which may occur due to `ActiveSupport::MessageVerifier` or `ActiveSupport::MessageEncryptor` (especially Active storage)
https://hackerone.com/reports/473950 |  XSS on Desktop Client
https://hackerone.com/reports/474262 |  XSS due to incomplete JS escaping
https://hackerone.com/reports/474656 |  Cross-site Scripting (XSS) on HackerOne careers page
https://hackerone.com/reports/475499 |  heap buffer overflow in phar_detect_phar_fname_ext
https://hackerone.com/reports/475660 |  Response program can display "eligible for bounty" in scope area in program policy
https://hackerone.com/reports/476168 |  Heap overflow in utf32be_mbc_to_code
https://hackerone.com/reports/476178 |  Negative size parameter in mb_split
https://hackerone.com/reports/476179 |  Buffer over-write in finfo_open with malformed magic file.
https://hackerone.com/reports/476958 |  IDOR allows accounts to view full name of other accounts based on email through share notes feature
https://hackerone.com/reports/477073 |  ZeroMQ libzmq remote code execution
https://hackerone.com/reports/477222 |  Last build status and coverage leaked to unauthorized users
https://hackerone.com/reports/477344 |  Heap Buffer Overflow (READ: 4) in phar_parse_pharfile
https://hackerone.com/reports/477896 |  Use after free and out of bounds read in xmlrpc_decode()
https://hackerone.com/reports/477897 |  buffer overread in base64 code of the xmlrpc module
https://hackerone.com/reports/478367 |  efree() on uninitialized Heap data in imagescale leads to use-after-free
https://hackerone.com/reports/478368 |  imagecolormatch Out Of Bounds Write on Heap 
https://hackerone.com/reports/478957 |  Stored XSS/HTML injection in autocomplete suggestions for sharing
https://hackerone.com/reports/479135 |  GET request to accounts.json on support site leaks the root account license key and the browser license key to a restricted user
https://hackerone.com/reports/479139 |  Bypass of #447975 - view mobile application token though "Application Information" sidebar on Installation page 
https://hackerone.com/reports/480778 |  Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak
https://hackerone.com/reports/480883 |  Stack overflow in XML Parsing
https://hackerone.com/reports/480928 |  Username restriction bypass with SSL client authentication
https://hackerone.com/reports/480984 |  Stack overflow affecting "ext" field on stylers.xml configuration file
https://hackerone.com/reports/481335 |  Security check failure or stack buffer overrun (crash)
https://hackerone.com/reports/481360 |  Stored XSS in vanilla
https://hackerone.com/reports/481472 |  URL link spoofing
https://hackerone.com/reports/481532 |  heap-use-after-free (READ of size 8) in main()
https://hackerone.com/reports/482200 |  puttygen: heap-buffer-overflow in mp_get_decimal()
https://hackerone.com/reports/483572 |  [FG-VD-19-009] Intel(R) Trace Analyzer and Collector 2019 Memory Corruption Vulnerability Notification
https://hackerone.com/reports/484398 |  Buffer overflow in libavi_plugin memmove() call
https://hackerone.com/reports/484434 |  Stored XSS on imgur profile
https://hackerone.com/reports/484615 |  Unsanitized user photo paths allow local file read
https://hackerone.com/reports/484664 |  ICQ for macOS: lack of `com.apple.quarantine` meta-attribute on downloaded files leads to GateKeeper/Quarantine bypass for downloaded executables
https://hackerone.com/reports/484930 |  puttygen: 160MB memory leak while trying to extract openssh public key from crafted key file
https://hackerone.com/reports/485407 |  From nobody to somebody
https://hackerone.com/reports/485748 |  Stored XSS on reports.
https://hackerone.com/reports/486629 |  Improper validation allows user to unlock Zomato Gold multiple times at the same restaurant within one day
https://hackerone.com/reports/487008 |  Arbitrary file read via ffmpeg HLS parser at https://www.flickr.com/photos/upload
https://hackerone.com/reports/487081 |  Stored XSS in Private Message component (BuddyPress)
https://hackerone.com/reports/488643 |  Disclosure of h1 challenges name through the calendar
https://hackerone.com/reports/488923 |  No Rate Limit on CrowdSignal Polls when Adding Comment
https://hackerone.com/reports/488985 |  Race condition in claiming program credentials 
https://hackerone.com/reports/489102 |  VLC 4.0.0 - Stack Buffer Overflow (SEH)
https://hackerone.com/reports/489146 |  Confidential data of users and limited metadata of programs and reports accessible via GraphQL
https://hackerone.com/reports/489284 |  Access to Employee calendar disclosing internal presentation and meetings
https://hackerone.com/reports/490782 |  Mssing Authorization on Private Message replies (BuddyPress)
https://hackerone.com/reports/490946 |  Bypassing lock protection
https://hackerone.com/reports/490960 |  macOS privilege escalation
https://hackerone.com/reports/491023 |  XSS Reflected on my_report
https://hackerone.com/reports/491473 |  Protected tweets exposure through the URL
https://hackerone.com/reports/491753 |  DMARC RECORD MISSING
https://hackerone.com/reports/492512 |  [bower] Arbitrary File Write through improper validation of symlinks while package extraction
https://hackerone.com/reports/492841 |  Web cache poisoning attack leads to user information and more
https://hackerone.com/reports/493324 |  Privilege escalation from any user (including external) to gitlab admin when admin impersonates you
https://hackerone.com/reports/494979 |  Insufficient sanitizing can lead to arbitrary commands execution
https://hackerone.com/reports/495382 |  No SearchEngine sanatizing can lead to command injection
https://hackerone.com/reports/495495 |  CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host
https://hackerone.com/reports/495497 |  Know whether private project name exists or not within a group using link comments
https://hackerone.com/reports/495508 |   Assertion `len == 1' failed, process aborted while streaming ouput from remote server
https://hackerone.com/reports/495515 |  Reflected XSS: Taxonomy Converter via tax parameter
https://hackerone.com/reports/495525 |  XSSI: Quick Navigation Interface - leak of private page/post titles
https://hackerone.com/reports/495583 |  [FG-VD-19-022] Wordpress WooCommerce Cross-Site Scripting Vulnerability Notification
https://hackerone.com/reports/495793 |  Malformed .MDL triggers an Access Violation on GoldSRC (hl.exe)
https://hackerone.com/reports/496113 |  Crash
https://hackerone.com/reports/496285 |  Ubuntu Linux privilege escalation (dirty_sock)
https://hackerone.com/reports/496375 |  Reflected XSS in https://www.starbucks.co.jp/store/search/
https://hackerone.com/reports/496405 |  Stored XSS in vanilla
https://hackerone.com/reports/496973 |  Persistent XSS via e-mail when creating merge requests
https://hackerone.com/reports/497047 |  Blocked user Git access through CI/CD token
https://hackerone.com/reports/497255 |  A stack buffer overflow in BabyGrid.cpp can lead to program crashes via a malicious localization file
https://hackerone.com/reports/497312 |  Command injection by setting a custom search engine
https://hackerone.com/reports/497724 |  Stored XSS in Post Preview as Contributor
https://hackerone.com/reports/498052 |  Password theft login.newrelic.com via Request Smuggling
https://hackerone.com/reports/498964 |  Full access to internal Gitlab instances at redash.gitlab.com, dashboards.gitlab.com, prometheus.gitlab.com
https://hackerone.com/reports/499030 |  DOM Based XSS in www.hackerone.com via PostMessage (bypass of #398054)
https://hackerone.com/reports/499348 |  Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect 
https://hackerone.com/reports/500348 |  URL filter bypass in Enterprise Grid
https://hackerone.com/reports/500436 |  DOM based CSS Injection on grammarly.com
https://hackerone.com/reports/500515 |  XXE at ecjobs.starbucks.com.cn/retail/hxpublic_v6/hxdynamicpage6.aspx
https://hackerone.com/reports/500686 |  url that twitter mobile site can not load
https://hackerone.com/reports/501672 |  Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints
https://hackerone.com/reports/502593 |  Attacker is able to access commit title and team member comments which are supposed to be private
https://hackerone.com/reports/502816 |  Access Violation Reading in libfaad_plugin
https://hackerone.com/reports/503208 |  Access Violation Reading EXPLOITABLE_0228
https://hackerone.com/reports/503283 |  Real Time Error Logs Through Debug Information
https://hackerone.com/reports/503298 |  Multiple XSS on account settings that can hijack any users in the company. 
https://hackerone.com/reports/503300 |  â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ on CRM server without authorization
https://hackerone.com/reports/503804 |  Path Disclosure Vulnerability http://crm.******.com
https://hackerone.com/reports/503821 |  Assertion `col >= 0 && col < line->cols' failed, process aborted while streaming ouput from remote server
https://hackerone.com/reports/504751 |  Open Redirect
https://hackerone.com/reports/504759 |  Uploading large avatar images cause excessive CPU usage
https://hackerone.com/reports/504761 |  phar_tar_writeheaders_int() buffer overflow
https://hackerone.com/reports/504782 |  CSRF at adding new role (user-management.service.newrelic.com)
https://hackerone.com/reports/504951 |  Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution
https://hackerone.com/reports/505007 |  [Twitter Open Source] Releases were & are built/executed/tested/released in the context of insecure/untrusted code
https://hackerone.com/reports/505173 |  Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution
https://hackerone.com/reports/505278 |  DOS in stream filters
https://hackerone.com/reports/505424 |  Twitter ID exposure via error-based side-channel attack
https://hackerone.com/reports/506040 |  ChaCha20-Poly1305 with long nonces
https://hackerone.com/reports/506161 |  Build fetches jars over HTTP
https://hackerone.com/reports/506646 |  Webshell via File Upload on ecjobs.starbucks.com.cn
https://hackerone.com/reports/507012 |  bypass Claudflare access crm.mautic.com
https://hackerone.com/reports/507097 |  Open AWS S3 bucket leaks all Images uploaded to Zomato chat
https://hackerone.com/reports/507132 |  Stored XSS in notes (charts) because of insecure chart data JSON generation
https://hackerone.com/reports/507139 |  DOM based XSS in the WooCommerce plugin
https://hackerone.com/reports/507172 |  Able to bypass "Device credentials" Lock
https://hackerone.com/reports/507525 |  DoS attacks utilizing camo.stream.highwebmedia.com
https://hackerone.com/reports/507957 |  Stored XSS on www.starbucks.com.sg/careers/career-center/career-landing-*
https://hackerone.com/reports/508184 |  Persistent XSS in Note objects
https://hackerone.com/reports/508459 |  SSRF in webhooks leads to AWS private keys disclosure
https://hackerone.com/reports/508490 |  Nextcloud domain and name of every user leaked to lookup server
https://hackerone.com/reports/508493 |  Group admins can remove arbitrary data from "data" directory (including admin data)
https://hackerone.com/reports/509574 |  Invited team member can disclosure slack channels
https://hackerone.com/reports/509924 |  JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions
https://hackerone.com/reports/509930 |  Potential unprivileged Stored XSS through wp_targeted_link_rel
https://hackerone.com/reports/510025 |  Invalid Read on exif_process_SOFn
https://hackerone.com/reports/510336 |  Uninitialized read in exif_process_IFD_in_TIFF
https://hackerone.com/reports/510887 |  [CVE-2018-18312] regcomp: heap-buffer-overflow write / reg_node overrun
https://hackerone.com/reports/510888 |  [CVE-2018-18313] regcomp: heap-buffer-overflow read in S_grok_bslash_N
https://hackerone.com/reports/511044 |  [www.zomato.com] Availing Zomato Gold membership for free by tampering plan id(s) 
https://hackerone.com/reports/511381 |  All functions that allow users to specify color code are vulnerable to ReDoS
https://hackerone.com/reports/511440 |   credentials leakage in public lead to view dev websites 
https://hackerone.com/reports/512102 |  CSRF at acknowledging an incident
https://hackerone.com/reports/513154 |  Unchecked weapon id in WeaponList message parser on client leads to RCE
https://hackerone.com/reports/514224 |  SSRF in Search.gov via ?url= parameter
https://hackerone.com/reports/514451 |  Deprecated Hacker101 coursework repository mentions Heroku App that is susceptible to takeover
https://hackerone.com/reports/514897 |  Possible to enumerate Addresses of users using AddressId and guessing the delivery_subzone
https://hackerone.com/reports/515484 |  [Reflected XSS] In Request URL
https://hackerone.com/reports/515574 |  Unclaimed Github Repository Takeover on https://www.data.gov/labs
https://hackerone.com/reports/516237 |  Uninitialized read in exif_process_IFD_in_MAKERNOTE
https://hackerone.com/reports/518669 |  SQLi allow query restriction bypass on exposed FileContentProvider
https://hackerone.com/reports/519059 |  Protected Tweets setting overridden by Android app
https://hackerone.com/reports/519220 |  File writing by Directory traversal at actionpack-page_caching and RCE by it
https://hackerone.com/reports/519367 |  Attacker can read password from log data
https://hackerone.com/reports/520518 |  Full name of other accounts exposed through NR API Explorer (another workaround of #476958)
https://hackerone.com/reports/520630 |  (Prerelease UI) Stored XSS via role name in JSON chart
https://hackerone.com/reports/520717 |  Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE
https://hackerone.com/reports/520903 |  Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation
https://hackerone.com/reports/526265 |  DOM XSS on app.starbucks.com via ReturnUrl
https://hackerone.com/reports/526325 |  Stored XSS in Wiki pages
https://hackerone.com/reports/526570 |  Bypassing push rules via MRs created by Email
https://hackerone.com/reports/527042 |  CVE-2019-0196: mod_http2 with scoreboard Use-After-Free (Read)
https://hackerone.com/reports/528940 |  STAFF member with NO Explicit permissions can view `ActivityFeed` via GraphQL
https://hackerone.com/reports/530458 |  Stored XSS in Rich editor via Embed datetime
https://hackerone.com/reports/530464 |  Stored XSS in Profile Comments
https://hackerone.com/reports/530499 |  WooCommerce: Persistent XSS via customer address (state/county)
https://hackerone.com/reports/530511 |  Stored XSS at APM applications listing
https://hackerone.com/reports/530853 |  Stored XSS in embedded posts containing images
https://hackerone.com/reports/530871 |  Stored XSS firing if the error occurs when trying to delete the APM app
https://hackerone.com/reports/530881 |  Hidden Stored XSS in nested post embeds
https://hackerone.com/reports/530974 |  Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
https://hackerone.com/reports/531032 |  Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack
https://hackerone.com/reports/531042 |  Reflected XSS in https://www.starbucks.com/account/create/redeem/MCP131XSR via xtl_amount, xtl_coupon_code, xtl_amount_type parameters
https://hackerone.com/reports/532667 |  Server Side JavaScript Code Injection
https://hackerone.com/reports/534450 |  Account takeover through the combination of cookie manipulation and XSS
https://hackerone.com/reports/534541 |  Combination of content provider allows private data disclosure
https://hackerone.com/reports/534554 |  Unpublished Product Images can be disclosed
https://hackerone.com/reports/534711 |  Stored XSS at APM apps labels autocomplete dropdown (apps listing)
https://hackerone.com/reports/534794 |  Importing GitLab project archives can replace uploads of other users
https://hackerone.com/reports/534908 |  CSRF at https://chatstory.pixiv.net/imported
https://hackerone.com/reports/535827 |  Buffer overflow in yywarning_s
https://hackerone.com/reports/536669 |  "Test target" of the "HTTP target" extension can unintentionally send username and password in the Authorization header
https://hackerone.com/reports/536853 |  Unreleased CTF Levels are Revealed on /group/user/ID1?user=USERID endpoint
https://hackerone.com/reports/537550 |  Memory corruption in imap-parser.c
https://hackerone.com/reports/538008 |  Add users to groups who have restricted group invites
https://hackerone.com/reports/540301 |  Wordpress VIP leaks email of the test a/c
https://hackerone.com/reports/540711 |  Access Projects And create projects in gitlab pre production server
https://hackerone.com/reports/541020 |  GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame
https://hackerone.com/reports/541169 |  GitLab::UrlBlocker validation bypass leading to full Server Side Request Forgery
https://hackerone.com/reports/541606 |  [Privilege Escalation] Shopify Admin -- Permission from Settings to Customer
https://hackerone.com/reports/541862 |  Open redirect protection (https://www.pixiv.net/jump.php) is broken for novels
https://hackerone.com/reports/542180 |  Malformed NAV file leads to buffer overflow and code execution in Left4Dead2.exe
https://hackerone.com/reports/544329 |  IDOR and statistics leakage in Orders 
https://hackerone.com/reports/544928 |  Privilege Escalation From user to SYSTEM via unauthenticated command execution 
https://hackerone.com/reports/546644 |  Two heap use-after-free errors in IMAP operations
https://hackerone.com/reports/547630 |  An integer overflow found in /lib/urlapi.c
https://hackerone.com/reports/549040 |  Clientside resource Exhausting by exploiting gitlab math rendering 
https://hackerone.com/reports/549084 |  Stored XSS firing at transaction map (applicationName field)
https://hackerone.com/reports/549364 |  Account recovery text message is sending a wrong domain to users.
https://hackerone.com/reports/549831 |  External Storage - WebDAV - New user has access to storage from deleted user (same user-ID)
https://hackerone.com/reports/550696 |  Heap Buffer Overflow at lib/tftp.c
https://hackerone.com/reports/550937 |  Insufficient DKIM record with RSA 512-bit key used on WordPress.com
https://hackerone.com/reports/557154 |  DoS attack via comment on Issue
https://hackerone.com/reports/563268 |  Spoofing the redirect process using RTLO
https://hackerone.com/reports/564196 |  help.shopify.com Cross Site Scripting
https://hackerone.com/reports/565736 |  View HackerOne challenge scope before challenge begins
https://hackerone.com/reports/565883 |  Bypass Email Verification -- Able to Access Internal Gitlab Services that use Login with Gitlab and Perform Check on email domain
https://hackerone.com/reports/566400 |  Stored XSS firing at the "Add chart to note" popup
https://hackerone.com/reports/567468 |  Stored XSS at APM key transactions list
https://hackerone.com/reports/568832 |  No rate limit on app.crowdsignal.com (Finish quiz)
https://hackerone.com/reports/574639 |  Reports Modal in app.mopub.com Disclose by any user
https://hackerone.com/reports/574962 |  Verify any unused email address
https://hackerone.com/reports/575562 |  Blind Stored XSS on iOS App due to Unsanitized Webview
https://hackerone.com/reports/576288 |  Testnet address being sent in cleartext as http://rinkeby.chain.link/ is missing SSL certificate
https://hackerone.com/reports/576532 |  DOM XSS via Shopify.API.remoteRedirect
https://hackerone.com/reports/577920 |  login csrf in analytics.mopub.com
https://hackerone.com/reports/578119 |  Privilege escalation due to insecure use of logrotate
https://hackerone.com/reports/582349 |  Last pipeline status for MR leaked 
https://hackerone.com/reports/583819 |  cookie injection allow dos attack to periscope.tv
https://hackerone.com/reports/583987 |  Periscope android app deeplink leads to CSRF in follow action
https://hackerone.com/reports/587829 |  CSTI at Plugin page leading to active stored XSS (Publisher name)
https://hackerone.com/reports/587854 |  Local files could be overwritten in GitLab, leading to remote command execution
https://hackerone.com/reports/587910 |  Password not checked when disabling 2FA on HackerOne
https://hackerone.com/reports/588562 |  Memory Leak in OCUtil.dll library in Desktop client can lead to DoS
https://hackerone.com/reports/590020 |  CRLF Injection in urllib
https://hackerone.com/reports/590319 |  Linux client is vulnerable to directory traversal when downloading files
https://hackerone.com/reports/591295 |  Potential pre-auth RCE on Twitter VPN
https://hackerone.com/reports/591302 |  Denial of service to WP-JSON API by cache poisoning the CORS allow origin header
https://hackerone.com/reports/591432 |  Twitter Periscope Clickjacking Vulnerability
https://hackerone.com/reports/591786 |  XSS on services.shopify.com
https://hackerone.com/reports/592090 |  IDOR in sending support email upon Verifying user business domain
https://hackerone.com/reports/592316 |  Stored XSS on byddypress Plug-in via groups name
https://hackerone.com/reports/592803 |  Gaining unlimited bonus points on websites with WooCommerce Points and Rewards
https://hackerone.com/reports/592885 |  multiple vulnerabilities on your mautic server
https://hackerone.com/reports/593229 |  Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow
https://hackerone.com/reports/593712 |  Web cache deception attack on https://open.vanillaforums.com/messages/all
https://hackerone.com/reports/593893 |  CSRF in generating developer api_key
https://hackerone.com/reports/602527 |  Urgent! Stored XSS at plugin's violations leading to account takeover
https://hackerone.com/reports/602767 |  DOM XSS via Shopify.API.Modal.initialize
https://hackerone.com/reports/603764 |  DOM Based XSS via postMessage at https://inventory.upserve.com/login/
https://hackerone.com/reports/604534 |  Race Condition leads to undeletable group member
https://hackerone.com/reports/604560 |  ĞĞ±Ñ…Ğ¾Ğ´ ĞºĞ¾Ğ¼Ğ¸ÑÑĞ¸Ğ¸ Ğ½Ğ° Ğ¿ĞµÑ€ĞµĞ²Ğ¾Ğ´Ñ‹
https://hackerone.com/reports/605608 |  [information disclosure] Validate existence of a private project.
https://hackerone.com/reports/605720 |  Team member with Program permission only can escalate to Admin permission
https://hackerone.com/reports/605845 |  Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin
https://hackerone.com/reports/605915 |  Reflected XSS / Markup Injection in `index.php/svg/core/logo/logo` parameter `color`
https://hackerone.com/reports/608577 |  Windows Privilege Escalation: Malicious OpenSSL Engine
https://hackerone.com/reports/608656 |  Disabled account can still use GraphQL endpoint
https://hackerone.com/reports/612231 |  Github Token Leaked publicly for https://github.com/mopub
https://hackerone.com/reports/614355 |  GraphQL query "namespace" leaks data
https://hackerone.com/reports/614947 |  Site-wide clickjacking at IE11
https://hackerone.com/reports/615840 |  Blind Stored XSS In  "Report a Problem" on www.data.gov/issue/
https://hackerone.com/reports/617896 |  Bypass Email Verification using Salesforce -- Reproducible in gitlab.com
https://hackerone.com/reports/618031 |  Stored XSS in Discounts section
https://hackerone.com/reports/619484 |  User with read-only access to a share can gain write access to sub-folders in the share
https://hackerone.com/reports/621308 |  NULL pointer dereference in `mrb_check_frozen`
https://hackerone.com/reports/622170 |  Arbitrary code execution in desktop client via OpenSSL config
https://hackerone.com/reports/623588 |  Uninitialized read in gdImageCreateFromXbm
https://hackerone.com/reports/625546 |  Open Redirection leads to redirect Users to malicious website
https://hackerone.com/reports/626082 |  Stored XSS via "my recent queries" selector in NRQL dashboard builder
https://hackerone.com/reports/629087 |  No Valid SPF Records.
https://hackerone.com/reports/629745 |  Reflected cross-site scripting on multiple Starbucks assets.
https://hackerone.com/reports/629892 |  Lack of CSRF header validation at https://g-mail.grammarly.com/profile
https://hackerone.com/reports/630462 |  Heap overflow happen when receiving short length key from ssh server using ssh protocol 1
https://hackerone.com/reports/631227 |  Some HTML Tags are Getting Executed in com.nextcloud.client
https://hackerone.com/reports/631956 |  Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message
https://hackerone.com/reports/632017 |  Self-Stored XSS - Chained with login/logout CSRF
https://hackerone.com/reports/632101 |  Server Side Request Forgery mitigation bypass
https://hackerone.com/reports/633001 |  Private System Note Disclosure using GraphQL
https://hackerone.com/reports/633231 |  pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment
https://hackerone.com/reports/633245 |  Delete permission can be added on reshare
https://hackerone.com/reports/633266 |  Code injection in macOS Desktop Client 
https://hackerone.com/reports/633607 |  Invalid read in `str_replace_partial`
https://hackerone.com/reports/634488 |  Broken Authentication and Session Management Flaw After Change Password and Logout
https://hackerone.com/reports/634692 |  Stored XSS Via NRQL chartbuilder JSON view 
https://hackerone.com/reports/635597 |  Wrong Interpretation of URL encoded characters, showing different punny code leads to redirection on different domain
https://hackerone.com/reports/636560 |  Project Milestones Disclosed Via Groups When the Victim disabled milestones access in project settings
https://hackerone.com/reports/637194 |  Bypass of biometrics security functionality is possible in Android application (com.shopify.mobile)
https://hackerone.com/reports/638401 |  Private Key exposed in Travis Log can Compromise all the test servers.
https://hackerone.com/reports/638685 |  Restricted user can add and delete tags of APM key transactions 
https://hackerone.com/reports/640488 |  Total bounties paid amount is disclosed because of redesign of the Program Profiles
https://hackerone.com/reports/642281 |  Stored XSS in https://app.mopub.com
https://hackerone.com/reports/642515 |  User can delete data in shared folders he's not autorized to access
https://hackerone.com/reports/643274 |  Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App
https://hackerone.com/reports/643622 |  SSRF In Get Video Contents
https://hackerone.com/reports/643882 |  Developper's websites are easily accessibles leading to massive information disclosure
https://hackerone.com/reports/643908 |  Stored XSS Vulnerability
https://hackerone.com/reports/645264 |  Program Email Nofication settings ignored when being added as an external contributor
https://hackerone.com/reports/646505 |  â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ DOM XSS via Shopify.API.remoteRedirect
https://hackerone.com/reports/647130 |  Stored XSS in "Create Groups"
https://hackerone.com/reports/649533 |  Enable 2FA without verifying the email
https://hackerone.com/reports/651518 |  OS Command Injection via egrep in Rake::FileList
https://hackerone.com/reports/653125 |  Git flag injection leading to file overwrite and potential remote code execution
https://hackerone.com/reports/654198 |  Manipulate hacker profile and private program hacktivity to expose your name as researchers who is actively submitting reports with resolve status
https://hackerone.com/reports/658013 |  Git flag injection - local file overwrite to remote code execution
https://hackerone.com/reports/659419 |  Reflected XSS on https://make.wordpress.org via 'channel' parameter
https://hackerone.com/reports/661051 |  Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file
https://hackerone.com/reports/661722 |  WEBrick::HTTPAuth::DigestAuth authentication is vulnerable to regular expression denial of service (ReDoS)
https://hackerone.com/reports/661751 |  Subdomain takeover of d02-1-ag.productioncontroller.starbucks.com
https://hackerone.com/reports/661978 |  IDOR bug to See hidden slowvote of any user even when you dont have access right
https://hackerone.com/reports/662083 |  Inject page in admin panel via Shopify.API.pushState
https://hackerone.com/reports/662204 |  Persistent XSS via filename in projects
https://hackerone.com/reports/662218 |  Talk - Leak of password-protected room name via already existent resource addition
https://hackerone.com/reports/662287 |  Cross-site Scripting (XSS) - Stored in RDoc wiki pages
https://hackerone.com/reports/663729 |  [Brave browser] WebTorrent has DNS rebinding vulnerability
https://hackerone.com/reports/664038 |  protected Tweet settings overwritten by other settings
https://hackerone.com/reports/665330 |  Out of Bounds Memory Read in php_jpg_get16
https://hackerone.com/reports/665398 |  Subdomain takeover of datacafe-cert.starbucks.com
https://hackerone.com/reports/665651 |  Stealing Users OAuth Tokens through redirect_uri parameter
https://hackerone.com/reports/665722 |  â€œemailâ€ MFA mode allows bypassing MFA from victimâ€™s device when the device trust is not expired
https://hackerone.com/reports/665798 |  Earn free DAI interest (inflation) through instant CDP+DSR in one tx
https://hackerone.com/reports/666632 |  Delete direct message history without access the proper conversation_id
https://hackerone.com/reports/666722 |  Email enumeration at SignUp page
https://hackerone.com/reports/667188 |  Stored Self XSS on https://app.crowdsignal.com (in Photo Insert App) + Stored XSS on https://*your-subdomain*.survey.fm
https://hackerone.com/reports/667408 |  Head pipeline leaked to unauthorized users via blocking merge request feature
https://hackerone.com/reports/667739 |  Previously created sessions continue being valid after MFA activation
https://hackerone.com/reports/667770 |  Stored XSS at APM transaction map (transactionName field)
https://hackerone.com/reports/668439 |  IDOR leading to downloading of any attachment
https://hackerone.com/reports/669438 |  [Bypass #645264] Report title disclosure despite the program settings for email notification is set to "No Content"
https://hackerone.com/reports/669776 |  Disclosure of Program email Title Report when being removed as contributor. Bypass for Report #645264
https://hackerone.com/reports/670572 |  Uncontrolled Resource Consumption in any Markdown field using Mermaid
https://hackerone.com/reports/672245 |  Use After Free in GC with Certain Destructors
https://hackerone.com/reports/672487 |  Business Logic Flaw - A non premium user can change/update retailers to get cashback on all the retailers associated with Curve
https://hackerone.com/reports/672623 |  Username and Access Token Disclousure
https://hackerone.com/reports/672664 |  Steal collateral during `end` process, by earning DSR interest after `flow`.
https://hackerone.com/reports/673724 |  Circle email-members have still access to a shared folder/file after they are removed from the circle
https://hackerone.com/reports/674195 |  Stealing data from customers.gitlab.com without user interaction
https://hackerone.com/reports/674426 |  XSS For Profile Name
https://hackerone.com/reports/674540 |  mod_remoteip stack buffer overflow and NULL pointer dereference
https://hackerone.com/reports/674757 |  Total Paid Bounty Paid can be disclose
https://hackerone.com/reports/674774 |  AppLovin API Key hardcoded in a Github repo
https://hackerone.com/reports/674866 |  Conversation API Leaks Details Of UnAuthorized Conversations
https://hackerone.com/reports/675578 |  Out of Bounds Memory Read in exif_scan_thumbnail
https://hackerone.com/reports/675580 |  Out of Bounds Memory Read in exif_process_user_comment
https://hackerone.com/reports/676581 |  Use Github pack with Coda employee github account (search code of Coda's private repositories)
https://hackerone.com/reports/676976 |  Container scanning and Dependency scanning report leaked to unauthorized users
https://hackerone.com/reports/677557 |  mod_http2, memory corruption on early pushes (CVE-2019-10081)
https://hackerone.com/reports/679907 |  Malformed string sent through FireServer leads to server freezing/hanging
https://hackerone.com/reports/679969 |  CSS Injection to disable app & potential message exfil
https://hackerone.com/reports/680240 |  Stored XSS at Synthetics private locations (planted through location label or description)
https://hackerone.com/reports/680415 |  mod_http2, read-after-free in h2 connection shutdown (CVE-2019-10082)
https://hackerone.com/reports/682442 |  Git flag injection - Search API with scope 'blobs' 
https://hackerone.com/reports/682774 |  Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client
https://hackerone.com/reports/683298 |  XSS and Open Redirect on MoPub Login
https://hackerone.com/reports/683318 |  Windows builds with insecure path defaults (CVE-2019-1552)
https://hackerone.com/reports/683792 |   XSS through chat messages
https://hackerone.com/reports/684092 |  Steal ALL collateral during liquidation by exploiting lack of validation in `flip.kick`
https://hackerone.com/reports/684099 |  Periscope-all Firebase database takeover
https://hackerone.com/reports/684152 |  Steal all MKR from `flap` during liquidation by exploiting lack of validation in `flap.kick`
https://hackerone.com/reports/684603 |  Heap buffer overflow in TFTP when using small blksize
https://hackerone.com/reports/685007 |  Password Reset Link not expiring after changing the email Leads To Account Takeover
https://hackerone.com/reports/685552 |  XSS in desktop client via invalid server address on login form
https://hackerone.com/reports/685909 |  Searching from Hacktivity returns hits for words in limited disclosure reports that are not visible
https://hackerone.com/reports/686823 |  krb5: double-free in read_data() after realloc() fail
https://hackerone.com/reports/687908 |  Found Origin IP's Lead To Access To [ Grafana Instance , PgHero Instance [ Can SQL Injection ]  
https://hackerone.com/reports/689245 |  SSRF In plantuml (on plantuml.pre.gitlab.com)
https://hackerone.com/reports/689314 |  Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests
https://hackerone.com/reports/689997 |  Disclosure of Email title report in quick award paypout email (no content mode)
https://hackerone.com/reports/690536 |  Passive stored XSS at Synthetics job result page (View resource)
https://hackerone.com/reports/691611 |  XSS while logging using Google
https://hackerone.com/reports/692040 |  PHP 7.3.3: Heap-use-after-free (READ of size 8) in match_at()
https://hackerone.com/reports/692252 |  Group search leaks private MRs, code, commits
https://hackerone.com/reports/692352 |  XSS on https://app.mopub.com/reports/custom/add/ [new-d1]
https://hackerone.com/reports/692603 |  Privilege escalation in workers container 
https://hackerone.com/reports/694181 |  Worker container escape lead to arbitrary file reading in host machine
https://hackerone.com/reports/694604 |  HTTP Request Smuggling on vpn.lob.com
https://hackerone.com/reports/696266 |  "Bounties paid in the last 90 days" discloses the undisclosed bounty amount in program statistics
https://hackerone.com/reports/697055 |  Worker container escape lead to arbitrary file reading in host machine [again]
https://hackerone.com/reports/697512 |  Information Disclosure through Sentry Instance â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ
https://hackerone.com/reports/697959 |  Only the file extensions are checked, not the MIME types as configured
https://hackerone.com/reports/698416 |  Host Header Injection
https://hackerone.com/reports/698708 |  Bypass report #416983 - Removed Staff members who had "Apps" permission can still modify flow app connections
https://hackerone.com/reports/700051 |  Misconfigured s3 Bucket exposure
https://hackerone.com/reports/700831 |  Unauthenticated read and write access to ALL endpoints of a store is possible for removed staff members who had "Apps" permission
https://hackerone.com/reports/700833 |  Race condition Ğ½Ğ° Ğ¿Ğ¾ĞºÑƒĞ¿ĞºĞµ Ğ¿Ñ€Ğ¸Ğ·Ğ¾Ğ² Ğ·Ğ° Ğ±Ğ°Ğ»Ğ»Ñ‹
https://hackerone.com/reports/701901 |  2FA doesn't work in "https://insider.razer.com"
https://hackerone.com/reports/702981 |  DOM XSS at https://www.thx.com in IE/Edge browser
https://hackerone.com/reports/702987 |  No redirect_uri in the db for web-internal clientKey leads to one-click DoS on gitter.im
https://hackerone.com/reports/703058 |  Insecure redirect rule results in bypassing ban redirect on certain pages
https://hackerone.com/reports/703759 |  SSO through odnoklassniki uses http rather than https
https://hackerone.com/reports/703894 |  View the Starred Projects in a Private Profile
https://hackerone.com/reports/704266 |  DOM XSS at www.forescout.com in Microsoft Edge and IE Browser
https://hackerone.com/reports/705420 |  A reflected XSS in python/Lib/DocXMLRPCServer.py
https://hackerone.com/reports/706533 |  Stored XSS at Mobile (Versions tab)
https://hackerone.com/reports/706934 |  Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON)
https://hackerone.com/reports/707406 |  Team object in GraphQL disclosed of private programs via the industry
https://hackerone.com/reports/707433 |  Disclosure of `payment_transactions` for programs via GraphQL query
https://hackerone.com/reports/707720 |  Stored XSS vulnerability in comments on *.wordpress.com
https://hackerone.com/reports/708013 |  StoreFront API allows for a brute force attack on customer login by not timing out ALL attempts
https://hackerone.com/reports/708589 |  Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF
https://hackerone.com/reports/708820 |  Group search with Elastic search enable leaks unrelated data
https://hackerone.com/reports/708917 |  Rate Limit Misconfiguration on tumblr login .
https://hackerone.com/reports/709336 |  Reflective Cross-site Scripting via Newsletter Form
https://hackerone.com/reports/709883 |  Cross-account stored XSS at embedded charts
https://hackerone.com/reports/710006 |  Elasticsearch leaks data through the notes scope
https://hackerone.com/reports/710535 |  Cross-account stored XSS at notes (through "swf" note parameter)
https://hackerone.com/reports/712065 |  Prototype pollution attack (lodash)
https://hackerone.com/reports/712979 |  Creating malformed URLs via new line character in-between two URLs leads to misrepresented hyperlinks in Tweets/DMs
https://hackerone.com/reports/713006 |  Keybase client (Windows 10): Write files anywhere in userland using relative path in "download attachement" feature
https://hackerone.com/reports/713285 |  http request smuggling in pscp.tv and periscope.tv
https://hackerone.com/reports/713407 |  ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages
https://hackerone.com/reports/715192 |  Private program disclosure via `vpn_suspended` GraphQL query
https://hackerone.com/reports/716292 |  JumpCloud API Key leaked via Open Github Repository.
https://hackerone.com/reports/716761 |  WAF bypass via double encoded non standard ASCII chars permitted a reflected XSS on response page not found pages - (629745 bypass)
https://hackerone.com/reports/716976 |  Open redirect in semrush.com
https://hackerone.com/reports/719426 |  File-drop content is visible through the gallery app
https://hackerone.com/reports/720306 |  Docker image with FPM is vulnerable to CVE-2019-11043
https://hackerone.com/reports/722327 |  CVE-2019-11043: a buffer underflow in fpm_main.c can lead to RCE in php-fpm
https://hackerone.com/reports/723060 |  Reflected XSS at https://pay.gold.razer.com escalated to account takeover
https://hackerone.com/reports/723118 |  [IDOR] API endpoint leaking sensitive user information
https://hackerone.com/reports/723175 |  De-anonymization Attack: Cross Site Information Leakage
https://hackerone.com/reports/723707 |  Code injection in https://www.semrush.com
https://hackerone.com/reports/724217 |  tcpdump: CVE-2018-14879 - buffer overflow in tcpdump.c:get_next_file()
https://hackerone.com/reports/724243 |  Tcpdump before 4.9.3 has a buffer over-read in print-802_11.c (CVE-2018-16227)
https://hackerone.com/reports/724253 |  Tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option() (CVE-2018-16229)
https://hackerone.com/reports/724944 |  latest_activity_id and latest_activity_at may disclose information about internal activities to unauthorized users
https://hackerone.com/reports/725307 |  Unchecked URL in attachment datasource
https://hackerone.com/reports/725569 |  [IDOR] Attacker user can Approve/Decline AFK on the behalf of other users
https://hackerone.com/reports/726117 |  SMB access smuggling via FILE URL on Windows
https://hackerone.com/reports/726773 |  HTTP Request Smuggling on https://labs.data.gov
https://hackerone.com/reports/727870 |  [www.yoti.com] Wordpress user admin information discloure
https://hackerone.com/reports/728664 |  Cache poisoning DoS to various TTS assets
https://hackerone.com/reports/729040 |  Shopify's SF and LA offices Dashboard Information disclosed via Public Gist
https://hackerone.com/reports/729424 |  Stored XSS in private message
https://hackerone.com/reports/730779 |  HTTP header values do not have trailing OWS trimmed
https://hackerone.com/reports/731878 |  An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing
https://hackerone.com/reports/732415 |  The authenticity_token can be reversed and used to forge valid per_form_csrf_tokens for arbitrary routes
https://hackerone.com/reports/733248 |  Stored XSS in wordpress.com
https://hackerone.com/reports/735748 |  HTTP request smuggling using malformed Transfer-Encoding header
https://hackerone.com/reports/736800 |  IP address can be leaked on Image preview in ICQ for Android chat
https://hackerone.com/reports/736867 |  SSRF protection bypass
https://hackerone.com/reports/737140 |  Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies
https://hackerone.com/reports/737161 |  SSRF - URL Attachments - 725307 bypass
https://hackerone.com/reports/737163 |  SSRF - Image Sources in HTML Snippets - 727234 bypass
https://hackerone.com/reports/737315 |  'X-Forwarded-Host' key used in input without sanitation - possible cache poisoning
https://hackerone.com/reports/738015 |  SSRF - Office Documents - Image URL
https://hackerone.com/reports/738072 |  XSS on product comments in transfers
https://hackerone.com/reports/743545 |  Bruteforce password recovery code
https://hackerone.com/reports/744692 |  The login of Hotor Not is Vulnerable to bruteforce.
https://hackerone.com/reports/745276 |  Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd
https://hackerone.com/reports/745324 |  Account takeover via leaked session cookie
https://hackerone.com/reports/745495 |  Unauthenticated users can access all food.grammarly.io user's data
https://hackerone.com/reports/745953 |  Camo Image Proxy Bypass with CSS Escape Sequences
https://hackerone.com/reports/746000 |  Subdomain Takeover Via via Dangling NS records on Amazon Route 53 http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io
https://hackerone.com/reports/746733 |  Remotely trigger an assertion on a TLS server with a malformed certificate string
https://hackerone.com/reports/746786 |  Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration
https://hackerone.com/reports/748375 |  Transferring a public group to a private group doesn't remove code from the Elastichsearch API search result
https://hackerone.com/reports/751577 |  IDOR allow access to payments data of any user
https://hackerone.com/reports/751604 |  No Rate Limit On Forgot Password Page Of NordVPN
https://hackerone.com/reports/751699 |  NR-wide cross account access through misconfigured CORS-policy of multiple endpoints
https://hackerone.com/reports/751729 |  THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com
https://hackerone.com/reports/751876 |  Version problem in wordpress leads to the many vulnearability
https://hackerone.com/reports/752010 |  DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation
https://hackerone.com/reports/752073 |  xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)
https://hackerone.com/reports/753399 |  Open redirect
https://hackerone.com/reports/753491 |  DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389
https://hackerone.com/reports/753602 |  Staging Rabbitmq instance is exposed to the internet with default credentials
https://hackerone.com/reports/753725 |  Disclosure of User Information
https://hackerone.com/reports/753868 |  Insecure Storage and Overly Permissive  API Keys in Android App
https://hackerone.com/reports/753939 |  HTTP SMUGGLING EXPOSED HMAC/DOS 
https://hackerone.com/reports/755679 |  Timeline Editor Self-XSS (Previous Fix #738072 Incomplete)
https://hackerone.com/reports/756149 |  Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance
https://hackerone.com/reports/756182 |  Potential leak of server side software at repogohi.nordvpn.com
https://hackerone.com/reports/756729 |  Stored XSS in Shopify Chat 
https://hackerone.com/reports/757957 |  Restricted user can manage the NerdGraph entities' tags
https://hackerone.com/reports/758002 |  Markdown parsing issue enables insertion of malicious tags
https://hackerone.com/reports/759247 |  Race Condition allows to redeem multiple times gift cards which leads to free "money"
https://hackerone.com/reports/759454 |  Helpdesk Takeover at dmc.datastax.com
https://hackerone.com/reports/761218 |  Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET
https://hackerone.com/reports/761219 |  CodeQL query to detect pages with validationRequest disabled
https://hackerone.com/reports/761220 |  CodeQL query to detect insecure MaxLengthRequest values in ASP.NET applications
https://hackerone.com/reports/761222 |  Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation
https://hackerone.com/reports/761480 |  User password left in memory in plain text after GUI launch
https://hackerone.com/reports/761726 |  SOP bypass using browser cache
https://hackerone.com/reports/761975 |  Keychain data persistence may lead to account takeover
https://hackerone.com/reports/762271 |  Guest users can change the confidentiality attribute on those issues that have been assigned to them
https://hackerone.com/reports/763994 |  Disclose Any Store products, Files, Purchase Orders Via Email through Shopify Stocky APP 
https://hackerone.com/reports/764243 |  API - Amazon S3 bucket misconfiguration
https://hackerone.com/reports/764434 |  profile-picture name parameter with large value lead to DoS for other users and programs on the platform
https://hackerone.com/reports/765355 |  Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com
https://hackerone.com/reports/765955 |  Clickjacking at join.nordvpn.com
https://hackerone.com/reports/766145 |  Restricted user can remove NerdStorage documents/collections scoped to ACCOUNT or ENTITY
https://hackerone.com/reports/766578 |  Absence of Token expiry leads to Unauthorized login Access
https://hackerone.com/reports/766633 |  XSS reflected on [https://www.pixiv.net]
https://hackerone.com/reports/767348 |  Java (Maven): Use of insecure protocol to download/upload artifacts
https://hackerone.com/reports/767458 |  User input validation can lead to DOS
https://hackerone.com/reports/768110 |  Race condition (TOCTOU) in NordVPN can result in local privilege escalation
https://hackerone.com/reports/768677 |  lack of input validation that can lead Denial of Service (DOS)
https://hackerone.com/reports/769058 |  CORS misconfiguration which leads to the disclosure of certain data concerning the user.
https://hackerone.com/reports/770209 |  Unauthorized user can obtain `report_sources` attribute through Team GraphQL object
https://hackerone.com/reports/770349 |  Reflected XSS in twitterflightschool.com
https://hackerone.com/reports/770504 |  Bypass Password Authentication for updating email and phone number - Security Vulnerability
https://hackerone.com/reports/771666 |  Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on api.zomato.com
https://hackerone.com/reports/771694 |  An attacker can buy marketplace articles for lower prices as it allows for negative quantity values leading to business loss
https://hackerone.com/reports/772886 |  Password Reset Link Works Multiple Times
https://hackerone.com/reports/774050 |  No rate limiting for confirmation email lead to email flooding
https://hackerone.com/reports/774896 |  Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests
https://hackerone.com/reports/776017 |  Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service.
https://hackerone.com/reports/776449 |  Restricted user can update Apdex target for applications by leveraging the GraphQL mutation
https://hackerone.com/reports/776634 |  [H1-415 2020] CTF Writeup
https://hackerone.com/reports/777942 |  Unrestricted access to any "connected pack" on docs
https://hackerone.com/reports/777984 |  Denial of Service with Cookie Bomb
https://hackerone.com/reports/778803 |  Compromise of auth via subset/superset namespace names.
https://hackerone.com/reports/778834 |  OOB read in php_strip_tags_ex
https://hackerone.com/reports/779442 |  Subdomain takeover of storybook.lystit.com
https://hackerone.com/reports/780632 |  Html Injection and Possible XSS in main nordvpn.com domain
https://hackerone.com/reports/781325 |  Out-of-bounds Read in php_strip_tags_ex
https://hackerone.com/reports/781673 |  Accepting error message on twitter sends you to attacker site
https://hackerone.com/reports/781880 |  CodeQL query to detect weak (duplicated) encryption keys for ASP.NET Telerik Upload 
https://hackerone.com/reports/782703 |  Account owner/admin can't actually delete personal users' API keys
https://hackerone.com/reports/783258 |  2-factor authentication can be disabled when logged in without confirming account password
https://hackerone.com/reports/783356 |  The password limit is not set, [DoS].
https://hackerone.com/reports/783688 |  Ability to buy PRO subscriptions by arbitrary reduced prices
https://hackerone.com/reports/783708 |  IDOR in semrush academy
https://hackerone.com/reports/783877 |  Remote Code Execution in Slack desktop apps + bonus
https://hackerone.com/reports/784186 |  napi_get_value_string_X allow various kinds of memory corruption
https://hackerone.com/reports/784676 |  iOS app crashed by specially crafted direct message reactions
https://hackerone.com/reports/784714 |  Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation
https://hackerone.com/reports/785120 |  CodeQL query for finding CSRF vulnerabilities in Spring applications
https://hackerone.com/reports/785243 |  Twitter Source Label allow 'mongolian vowel separator' U+180E (app name)
https://hackerone.com/reports/785785 |  [Web ICQ Client] XSS-inj in polls
https://hackerone.com/reports/786044 |  [windows10.hi-tech.mail.ru]  Blind SQL Injection 
https://hackerone.com/reports/786301 |  Stored XSS in Name of Team Member Invitation
https://hackerone.com/reports/786745 |  [API] ICQ user's avatar can be manipulated remotely
https://hackerone.com/reports/786822 |  [Web ICQ Client] XSS ÑƒÑĞ·Ğ²Ğ¸Ğ¼Ğ¾ÑÑ‚ÑŒ Ğ² Ğ¸Ğ¼ĞµĞ½Ğ¸ Ğ¿Ğ¾Ğ»ÑŒĞ·Ğ¾Ğ²Ğ°Ñ‚ĞµĞ»Ñ
https://hackerone.com/reports/787113 |  CodeQL query for finding LDAP Injection (CWE-90) vulnerabilities in Java
https://hackerone.com/reports/788257 |  "Secure View" aka "Hide Download" can be bypassed easily
https://hackerone.com/reports/788691 |  XSS - Guard - Insufficient escaping of User-IDs from PGP Keys
https://hackerone.com/reports/789260 |  Past payments using the Direct Debit method keep subscriptions active even if payments fail
https://hackerone.com/reports/789579 |  ActiveStorage direct upload fails to sign content-length header for S3 service
https://hackerone.com/reports/790005 |  3igames.mail.ru SQL Injection 
https://hackerone.com/reports/790786 |  Members from parent group keep their access level on a subgroup transfer and are invisible
https://hackerone.com/reports/790854 |  NO username used in authenthication to www.mopub.com leading to direct password submission which  has unlimited submission rate.
https://hackerone.com/reports/790876 |  Dynamic reflection class
https://hackerone.com/reports/791775 |  Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO
https://hackerone.com/reports/792295 |  On Singing up with a Phone number , The 4 digit OTP does not expires for a long time leading to an easy attack and make a verified account easilty
https://hackerone.com/reports/792927 |  Email address of any user can be queried on Report Invitation GraphQL type when username is known
https://hackerone.com/reports/792953 |  SSRF - Guard - Unchecked HKP servers
https://hackerone.com/reports/792960 |  SSRF - Guard - Unchecked WKS servers
https://hackerone.com/reports/792998 |  404-response contains debug-information with all headers
https://hackerone.com/reports/796808 |  [Part II] Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation
https://hackerone.com/reports/796956 |  Able to Takeover Merchants Accounts Even They Have Already Setup SSO, After Bypassing the Email Confirmation
https://hackerone.com/reports/797159 |  PHP builded for Windows with TS support does not resolve relalative paths with drive letter correctly
https://hackerone.com/reports/797685 |  IDOR in marketing calendar tool
https://hackerone.com/reports/798301 |  FileZilla 3.46.3 - 'Scale factor' Buffer Overflow
https://hackerone.com/reports/798599 |  xss stored
https://hackerone.com/reports/798686 |  x-request-id header reflected in server response without sanitization
https://hackerone.com/reports/798742 |  open redirect in eb9f.pivcac.prod.login.gov
https://hackerone.com/reports/798744 |  Null Pointer Dereference in PHP Session Upload Progress
https://hackerone.com/reports/799072 |  Slowloris, body parsing
https://hackerone.com/reports/800109 |  An invite-only's program submission state is accessible to users no longer part of the program
https://hackerone.com/reports/800140 |  Malformed HTTP/2 SETTINGS frame leads to reachable assert
https://hackerone.com/reports/801230 |  CodeQL query for finding ReDoS and Regex Injection vulnerabilities in Java
https://hackerone.com/reports/802011 |  Grafana Improper authorization 
https://hackerone.com/reports/803141 |  Unauthorized User Can Delete Any User Account
https://hackerone.com/reports/805010 |  PHP link() silently truncates after a null byte on Windows
https://hackerone.com/reports/805013 |  DirectoryIterator class silently truncates after a null byte
https://hackerone.com/reports/805073 |  Periscope iOS app CSRF in follow action due to deeplink
https://hackerone.com/reports/806571 |  Stored XSS in blob viewer
https://hackerone.com/reports/806577 |  Arbitrary Set-Cookie via "?coupon=" due to semi-colon not encoded
https://hackerone.com/reports/807440 |  Java (Maven): Actually fix the use of insecure protocol to download/upload artifacts
https://hackerone.com/reports/807448 |  Customer private program can disclose email any users through invited via username
https://hackerone.com/reports/807924 |  CSRF on connecting Paypal as Payment Provider
https://hackerone.com/reports/808287 |  Unrestricted file upload on the image of contacts
https://hackerone.com/reports/808762 |  Exposed Slinky Instance Admin Panel
https://hackerone.com/reports/809248 |  SSRF into Shared Runner, by replacing dockerd with malicious server in Executor
https://hackerone.com/reports/809816 |  Organization Takeover
https://hackerone.com/reports/810320 |  Read-only user can delete higher privileged members using open DELETE /api/memberships/<membershipID> endpoint
https://hackerone.com/reports/810880 |  Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify
https://hackerone.com/reports/811502 |  Node.js: TLS session reuse can lead to hostname verification bypass
https://hackerone.com/reports/812754 |  Denial of Service by requesting to reset a password
https://hackerone.com/reports/813159 |  Cleartext Transmission of Sensitive Information Leads to administrator access
https://hackerone.com/reports/813421 |  Account deletion requests not entirely honoured. Misinformation even after seeking clarification from customer support.
https://hackerone.com/reports/816086 |  Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"
https://hackerone.com/reports/816254 |  SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution
https://hackerone.com/reports/816560 |  SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution
https://hackerone.com/reports/819088 |  character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error
https://hackerone.com/reports/819278 |  Open S3 Bucket Accessible by any Aws User
https://hackerone.com/reports/819807 |  Missing ownership check on remote wipe endpoint
https://hackerone.com/reports/819821 |  Initial mirror user can be assigned by other user even if the mirror was removed
https://hackerone.com/reports/819863 |  XSS in PDF Viewer
https://hackerone.com/reports/819930 |  Ability to bruteforce mopub accountâ€™s password due to lack of rate limitation protection using {ip rotation techniques}
https://hackerone.com/reports/820146 |  PHPUnit is included in groupfolders release package potentially causing RCE
https://hackerone.com/reports/824689 |  Send arbitrary PUT requests when user clicks on a link
https://hackerone.com/reports/824909 |  Subdomain Takeover uptime
https://hackerone.com/reports/824925 |  XPath Injection query in java
https://hackerone.com/reports/824926 |  CWE-094 ScriptEngine in java
https://hackerone.com/reports/826026 |  Use-After-Free In IPV6_2292PKTOPTIONS leading To Arbitrary Kernel R/W Primitives
https://hackerone.com/reports/826176 |  program_analytics_benchmarks query shows information not visible in public
https://hackerone.com/reports/826361 |  SSRF on project import via the remote_attachment_url on a Note
https://hackerone.com/reports/827051 |  Use after free in smtp_server_connection_handle_command
https://hackerone.com/reports/827052 |  Arbitrary file read via the UploadsRewriter when moving and issue
https://hackerone.com/reports/827484 |  Missing rate limit for current password field (Password Change) Account Takeover
https://hackerone.com/reports/827729 |  Null pointer dereference in SMTP server function smtp_string_parse
https://hackerone.com/reports/827816 |  Missing server side controls when editing the boardâ€™s sharing permissions per user
https://hackerone.com/reports/831290 |   Null pointer dereference in SMTP server function smtp_command_parse_data_with_size
https://hackerone.com/reports/831962 |  XSS on Issue reference numbers
https://hackerone.com/reports/832227 |  Buffer over-reads in i_stream_zlib_read
https://hackerone.com/reports/832858 |  SSRF via 3d.cs.money/pasteLinkToImage
https://hackerone.com/reports/833080 |  Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users
https://hackerone.com/reports/833782 |  Allow authenticated users can edit, trash,and add new in BuddyPress Emails function
https://hackerone.com/reports/833856 |  DoS for GCSArtifact.RealAll
https://hackerone.com/reports/834366 |  Login CSRF vulnerability on hackerone.com
https://hackerone.com/reports/835005 |  Organization Takeover via invitation API
https://hackerone.com/reports/836036 |  Multiple buffer over reads in mbox_from_parse
https://hackerone.com/reports/836045 |  Buffer overread in parse_angle_addr called from message_address_parse_path 
https://hackerone.com/reports/836187 |  CSRF in Profile Fields allows deleting any field in BuddyPress
https://hackerone.com/reports/836649 |  Stored XSS in markdown when redacting references
https://hackerone.com/reports/837018 |  Privilege Escalation in BuddyPress core allows Moderate to Administrator 
https://hackerone.com/reports/837256 |  Improper Access Control in Buddypress core allows reply,delete any user's activity
https://hackerone.com/reports/837729 |  Session works after logout from Shopify account and password of online store is displayed
https://hackerone.com/reports/838127 |  mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full (CVE-2020-7065)
https://hackerone.com/reports/838685 |  Use of uninitialized value in ftp_getrc_msg method of mod_proxy_ftp.c
https://hackerone.com/reports/838855 |  [www.zomato.com] Blind SQL Injection in /php/geto2banner
https://hackerone.com/reports/840598 |  Possible denial of service when entering a loooong password
https://hackerone.com/reports/840759 |  Reflected XSS on www.hackerone.com and resources.hackerone.com
https://hackerone.com/reports/843421 |  Hyperlink Injection on Email Invitation
https://hackerone.com/reports/844327 |  Java/CWE-036: Calling openStream on URLs created from remote source can lead to file disclosure
https://hackerone.com/reports/844428 |  [www.zomato.com] Abusing LocalParams (city) to Inject SOLR query
https://hackerone.com/reports/845677 |  Sourcemaps and Unminified Source Code Exposed on Pages
https://hackerone.com/reports/845729 |  CPP: Out of order Linux permission dropping without checking return codes
https://hackerone.com/reports/846338 |  Reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/
https://hackerone.com/reports/848625 |  None permission staff member can identify installed application and products attached to it
https://hackerone.com/reports/850022 |  CSRF on launchpad.37signals.com OAuth2 authorization endpoint
https://hackerone.com/reports/850114 |  SSRF in notifications.server configuration
https://hackerone.com/reports/850447 |  gitlab-workhorse bypass in Gitlab::Middleware::Multipart allowing files in `allowed_paths` to be read
https://hackerone.com/reports/851807 |  Code injection possible with malformed Nextcloud Talk chat commands
https://hackerone.com/reports/852103 |  Out-of-Bound Read in urldecode() [CVE-2020-7067]
https://hackerone.com/reports/852316 |  Go/CWE-643: XPath Injection Query in Go
https://hackerone.com/reports/852349 |  CPP: Out of order Linux permission dropping without checking return codes
https://hackerone.com/reports/852841 |  Reduced purmations on encryption
https://hackerone.com/reports/853130 |  IDOR on stocky application-Low Stock-Varient-Settings-Columns
https://hackerone.com/reports/853355 |  Unauthorized access to private project security dashboard
https://hackerone.com/reports/854299 |  Self XSS in Timeline 
https://hackerone.com/reports/854424 |  æš´åŠ›ç ´è§£ç”¨æˆ·å¯†ç æ²¡æœ‰é€Ÿç‡æ§åˆ¶
https://hackerone.com/reports/854439 |  Initial websocket support for Javascript (SockJS)
https://hackerone.com/reports/854793 |  No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org
https://hackerone.com/reports/855276 |  Injection of `http.<url>.*` git config settings leading to SSRF
https://hackerone.com/reports/855618 |  Account takeover intercepting magic link for Arrive app
https://hackerone.com/reports/856554 |  Stored XSS on the job page
https://hackerone.com/reports/856836 |  Stored XSS on PyPi simple API endpoint
https://hackerone.com/reports/858650 |  CRLF injection on www.starbucks.com
https://hackerone.com/reports/858671 |  Insufficient Type Check on GraphQL leading to Maintainer delete repository
https://hackerone.com/reports/858854 |  Recursor accepts unsigned, empty NXDOMAINs in secure zones
https://hackerone.com/reports/858915 |  CircleCI token in github repo allows for access to sensitive build information
https://hackerone.com/reports/859333 |  Stored XSS in group issue list
https://hackerone.com/reports/860197 |  A staff without export customers permissions can still export customers CSV file
https://hackerone.com/reports/860348 |  Staff member with no permission can delete POS staff from account settings
https://hackerone.com/reports/861170 |  Attacker with an Old account might still be able to DoS ctf.hacker101.com by sending a Crafted request 
https://hackerone.com/reports/861521 |  Cookie injection leads to complete DoS over whole domain *.mackeeper.com. Injection point accountstage.mackeeper.com/
https://hackerone.com/reports/861940 |  OAuth `redirect_uri` bypass using IDN homograph attack resulting in user's access token leakage
https://hackerone.com/reports/863551 |  Subdomain takeover of resources.hackerone.com
https://hackerone.com/reports/863553 |  SSRF protection bypass in /appsuite/api/oxodocumentfilter addfile action
https://hackerone.com/reports/863979 |  Compromise of node can lead to compromise of pods on other nodes
https://hackerone.com/reports/864701 |  Prototype Pollution lodash 4.17.15
https://hackerone.com/reports/865115 |  unpermitted user can change the device name of admin account
https://hackerone.com/reports/865195 |  reading the stack data of the imap process
https://hackerone.com/reports/865652 |  Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile
https://hackerone.com/reports/866271 |  Lack of Input sanitization leads to database Character encoding configuration Disclosure
https://hackerone.com/reports/866597 |  Pre-auth buffer over-read in Dovecot NTLM implementation
https://hackerone.com/reports/866605 |  Pre-auth Denial-of-Service in Dovecot RPA implementation
https://hackerone.com/reports/867052 |  Access Control: Inject tasks into other users decks
https://hackerone.com/reports/867249 |  The hacker has access to the administrative part of the management reports in publish report
https://hackerone.com/reports/867513 |  Takeover an account that doesn't have a Shopify ID and more
https://hackerone.com/reports/867577 |  Unauthenticated request smuggling on launchpad.37signals.com
https://hackerone.com/reports/867699 |  Node disk DOS by writing to container /etc/hosts
https://hackerone.com/reports/867952 |  HTTP request Smuggling
https://hackerone.com/reports/868615 |  Inject page in admin panel via Shopify.API.pushState with protocol invalid
https://hackerone.com/reports/868834 |  Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests
https://hackerone.com/reports/869831 |  XSS within Shopify Email App - Admin
https://hackerone.com/reports/869888 |  Path Traversal in App Proxy
https://hackerone.com/reports/870001 |  access permission is not revoked even if the email has been deleted or changed on the partner account -partners.shopify-
https://hackerone.com/reports/871142 |  Disclosure of the name of a program that has a private part with an external link
https://hackerone.com/reports/871749 |  Unauthorized access to metadata of undisclosed reports that were retested
https://hackerone.com/reports/872094 |  CodeQL query to detect SSRF in Python
https://hackerone.com/reports/874574 |  Partner's non-verified business email change reflected into Shopify Collaborator Request
https://hackerone.com/reports/874778 |  Partial password leak over DNS on HTTP redirect
https://hackerone.com/reports/878779 |  Full Read SSRF on Gitlab's Internal Grafana
https://hackerone.com/reports/880089 |  Smartsheet employees email disclosure through enpoint after login.
https://hackerone.com/reports/880099 |  Unrestricted file upload leads to Stored XSS
https://hackerone.com/reports/880187 |  Near to Infinite loop when changing Group's name that has API token as Team Member
https://hackerone.com/reports/880863 |  Todos are not redacted when membership changes - Access to (confidential) issues and merge requests
https://hackerone.com/reports/881115 |  Cross-Site Scripting (XSS) on www.starbucks.com | .co.uk login pages
https://hackerone.com/reports/881855 |  Arbitrary change of blog's background image via CSRF
https://hackerone.com/reports/881918 |  Authenticated Stored Cross-site Scripting in bbPress
https://hackerone.com/reports/882412 |  OrderListInitial leaks order details
https://hackerone.com/reports/882546 |  DOM-Based XSS in tumblr.com
https://hackerone.com/reports/882848 |  Possibilty to purchase Ultimate - 1 Year (EDU or OSS)
https://hackerone.com/reports/882923 |  DoS for client-go jsonpath func
https://hackerone.com/reports/883867 |  Inject page in admin panel via Shopify.API.pushState [New Payload]
https://hackerone.com/reports/884159 |  Ability to generate shipping labels in another store orders
https://hackerone.com/reports/885539 |  Private list members disclosure via GraphQL
https://hackerone.com/reports/886287 |  Java: CWE-532 sensitive info logging
https://hackerone.com/reports/887462 |  curl overwrite local file with -J
https://hackerone.com/reports/887879 |  xss stored in https://your store.myshopify.com/admin/
https://hackerone.com/reports/888666 |  Add check for disabled HTTPOnly setting in Tomcat
https://hackerone.com/reports/888729 |  Read-Only user can delete users
https://hackerone.com/reports/888930 |  SAML Response Reuse on hackerone.com/users/saml/auth
https://hackerone.com/reports/888986 |  [CVE-2020-10543] Buffer overflow caused by a crafted regular expression
https://hackerone.com/reports/889243 |  Re-Sharing allows increase of privileges
https://hackerone.com/reports/890747 |  PIN OK attack
https://hackerone.com/reports/890793 |  Panic: Input stream data unexpectedly has references
https://hackerone.com/reports/890798 |  Panic in file smtp-address.c: line 684 (smtp_address_write): assertion failed: (smtp_char_is_qpair(*p))
https://hackerone.com/reports/891069 |  null dereference in `sieve_address_do_validate` (or redundant null check)
https://hackerone.com/reports/891080 |  Null pointer deference in call to `mail_get_flags`
https://hackerone.com/reports/891265 |  gagliardetto: Query to detect incorrect conversion between numeric types
https://hackerone.com/reports/891266 |  CodeQL query to detect open Spring Boot actuator endpoints
https://hackerone.com/reports/891267 |  CPP: Missing/incomplete TLS server certificate hostname validation
https://hackerone.com/reports/891268 |  [Java] CWE-939 - Address improper URL authorization
https://hackerone.com/reports/892289 |  self-xss with ClickJacking can leads to account takeover in Firefox
https://hackerone.com/reports/892465 |  CodeQL query to detect JNDI injections
https://hackerone.com/reports/892466 |  Golang : Add Email Content Injection query
https://hackerone.com/reports/892615 |  [www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service.
https://hackerone.com/reports/892904 |  Ability to link a Google account to another staff account/store owner that isn't linked yet
https://hackerone.com/reports/894446 |  Null dereference in mcht_relational_validate ext-relational-common.c:136
https://hackerone.com/reports/894569 |  An attacker can run pipeline jobs as arbitrary user
https://hackerone.com/reports/894870 |  CodeQL query for MVEL injections
https://hackerone.com/reports/894871 |  CodeQL query for unsafe TLS versions
https://hackerone.com/reports/894872 |  CodeQL query to detect Server-Side Template Injections (JavaScript)
https://hackerone.com/reports/894876 |  XSS through image upload of contacts using svg file
https://hackerone.com/reports/894915 |  XSS on opening a malicious OpenOffice text document
https://hackerone.com/reports/894918 |  XSS on opening malicious OpenOffice presentation document
https://hackerone.com/reports/894919 |  XSS on opening malicious OpenOffice presentation document
https://hackerone.com/reports/895696 |  Blind SSRF on https://labs.data.gov/dashboard/Campaign/json_status/ Endpoint
https://hackerone.com/reports/895972 |  Limited LFI
https://hackerone.com/reports/896298 |  CodeQL query for SpEL injections
https://hackerone.com/reports/896299 |  Java: CWE-297 Insecure JavaMail SSL configuration
https://hackerone.com/reports/896522 |  Reflected XSS when renaming a file with a vulnerable name which results in an error
https://hackerone.com/reports/897385 |  2FA bypass by sending blank code
https://hackerone.com/reports/898693 |  Out of memory with combination of `test_config_set` and `test_config_reload`
https://hackerone.com/reports/898841 |  Password reset link not expired at Stocky App
https://hackerone.com/reports/900548 |  Buffer over read from `smtp_command_parse_parameters`
https://hackerone.com/reports/901775 |  Get analytics token using only apps permission
https://hackerone.com/reports/902733 |  Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us
https://hackerone.com/reports/902970 |  [Java]: CWE-523 Insecure HSTS configuration 
https://hackerone.com/reports/903521 |  Fastify uses allErrors: true ajv configuration by default which is susceptible to DoS
https://hackerone.com/reports/903740 |  Denial of Service | twitter.com & mobile.twitter.com
https://hackerone.com/reports/904059 |  Open Redirect (6.0.0 < rails < 6.0.3.2)
https://hackerone.com/reports/905015 |  Long filenames cause OOM and temp files are not cleaned
https://hackerone.com/reports/905607 |  [cs.money] Open Redirect Leads to Account Takeover
https://hackerone.com/reports/905816 |  No Rate Limit when accessing "Password protection" enabled surveys leads to bypassing passwords via "pd-pass_surveyid" cookie
https://hackerone.com/reports/906201 |  XSS / SELF XSS
https://hackerone.com/reports/906433 |  Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506
https://hackerone.com/reports/906907 |  IDOR with Geolocation data not stripped from images
https://hackerone.com/reports/908162 |  Acronis True Image Local Privilege Escalation via insecure folder permissions
https://hackerone.com/reports/908894 |  Null dereference or redundant null check in `mail_crypt_load_global_private_key` for plugin mail-crypt
https://hackerone.com/reports/909374 |  Java : CWE-548 - J2EE server directory listing enabled
https://hackerone.com/reports/909375 |  Golang : Add MongoDb NoSQL injection sinks
https://hackerone.com/reports/909863 |  Low privileged user can create high privileged user's KITCRM authorization token and can read and write message to KIT
https://hackerone.com/reports/910300 |  Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation
https://hackerone.com/reports/911857 |  increased privileges on staff account
https://hackerone.com/reports/915110 |  No Email Checking at Invitation Confirmation Link leads to Account Takeover without User Interaction at CrowdSignal
https://hackerone.com/reports/915114 |  IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal
https://hackerone.com/reports/915127 |  IDOR when moving contents at CrowdSignal
https://hackerone.com/reports/915133 |  IDOR at 'media_code' when addings media to questions
https://hackerone.com/reports/915140 |  Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal
https://hackerone.com/reports/915756 |  [tumblr.com] 69< Firefox Only  XSS Reflected
https://hackerone.com/reports/915940 |  Script Editor preview token still working with uninstalled application, even for unpublished script
https://hackerone.com/reports/916704 |  Access control missing while viewing the attachments in the "All boards"
https://hackerone.com/reports/917250 |  Stored XSS on recruit.innogames.de
https://hackerone.com/reports/917453 |  CodeQL query for disabled revocation checking
https://hackerone.com/reports/917454 |  Java: CWE-273 Unsafe certificate trust
https://hackerone.com/reports/917455 |  CodeQL query to detect OGNL injections
https://hackerone.com/reports/917456 |  [Java] CWE-295 - Incorrect Hostname Verification - MitM
https://hackerone.com/reports/917875 |  STAFF "No-Permissions" on the Store can retrieve the details Order via exchangeReceiptSend
https://hackerone.com/reports/919175 |  HTTP request smuggling on Basecamp 2 allows web cache poisoning
https://hackerone.com/reports/920005 |  Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media
https://hackerone.com/reports/920285 |  [javascript] CWE-020: CodeQL query to detect missing origin validation in cross-origin communication via postMessage
https://hackerone.com/reports/920357 |  Captcha checker "pd-captcha_form_SURVEYID" cookie is accepting any value
https://hackerone.com/reports/921286 |  Denial of Service  [Chrome]
https://hackerone.com/reports/921704 |  Denial-of- service By Cache Poisoning The Cross-Origin Resource Sharing Misconfiguration Allow Origin Header
https://hackerone.com/reports/921709 |  Clickjacking on donation page
https://hackerone.com/reports/922456 |  Ability to bypass email verification for OAuth grants results in accounts takeovers on 3rd parties
https://hackerone.com/reports/922597 |  HTTP Request Smuggling due to CR-to-Hyphen conversion
https://hackerone.com/reports/926221 |  Improper use of "path" parameter can be used to trick testers into leaking their Front-End PoC
https://hackerone.com/reports/927567 |  Ability to publish a paid theme without purchasing it.
https://hackerone.com/reports/927661 |  Ability to manipulate price with a max threshold of `<1 Rupee` in support rider parameter
https://hackerone.com/reports/928255 |  Ability To Delete User(s) Account Without User Interaction
https://hackerone.com/reports/929288 |  Java: CWE-939 - Address improper URL authorization
https://hackerone.com/reports/942859 |  Stored XSS in Post title (PoC)
https://hackerone.com/reports/944359 |  Python : Add query to detect Server Side Template Injection
https://hackerone.com/reports/944735 |  Arbitrary DLL injection in mmsminisrv (Acronis Managed Machine Service Mini)
https://hackerone.com/reports/945122 |  Arbitrary file creation via symlink attack on syncagentsrv (Acronis Sync Agent Service)
https://hackerone.com/reports/945990 |  Safe Redirect Bypass 
https://hackerone.com/reports/946053 |  Stored XSS in my staff name fired in another your internal panel
https://hackerone.com/reports/946409 |  RCE on build server via misconfigured pip install
https://hackerone.com/reports/946728 |  SafeParamsHelper::safe_params is not so safe
https://hackerone.com/reports/947728 |  staff can able to extend shopify trial period without admin permission
https://hackerone.com/reports/947790 |  Reflected XSS on a Atavist theme
https://hackerone.com/reports/948876 |  Connect-only connections can use the wrong connection
https://hackerone.com/reports/948929 |  Blind Stored XSS Via Staff Name
https://hackerone.com/reports/949382 |  DOM-Based XSS in tumblr.com
https://hackerone.com/reports/949513 |  XSS by file (Active Storage `Proxying`)
https://hackerone.com/reports/949823 |  XSS DI BIODATA
https://hackerone.com/reports/950190 |  Store-XSS in error message of build-dependencies 
https://hackerone.com/reports/950299 |  Use after free vulnerability  in phar_parse_zipfile
https://hackerone.com/reports/950845 |  Reflected XSS at /category/ on a Atavis theme 
https://hackerone.com/reports/950881 |  IDOR when editing email leads to Account Takeover on Atavist
https://hackerone.com/reports/951230 |  Can buy Atavist Magazine subscription for free
https://hackerone.com/reports/951292 |  Site-wide CSRF at Atavist 
https://hackerone.com/reports/952035 |  Admin web sessions remain active after logout of Shopify ID
https://hackerone.com/reports/952771 |  CVE-2019-11250 remains in effect.
https://hackerone.com/reports/953083 |  Ability to publish a paid theme without purchasing it.
https://hackerone.com/reports/953219 |  SMTP interaction theft via MITM
https://hackerone.com/reports/953579 |  [api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS
https://hackerone.com/reports/955016 |  GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection
https://hackerone.com/reports/955286 |  Graphql: Sorting the reports by jira_status field resulted to different value
https://hackerone.com/reports/956295 |  LDAP injection vulnerability in Java
https://hackerone.com/reports/956296 |  Golang : Improvements to Golang SSRF query
https://hackerone.com/reports/956967 |  Java: CWE-798 - Hardcoded AWS credentials
https://hackerone.com/reports/957829 |  Sending thousands of notifications with single request
https://hackerone.com/reports/957874 |  Adding your account to victim's app via deeplink
https://hackerone.com/reports/958374 |  Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted
https://hackerone.com/reports/960244 |  Insufficient Type Check leading to Developer ability to delete Project, Repository, Group, ...
https://hackerone.com/reports/961757 |  Twitter Media Studio Source Information Disclosure With Analyst Role
https://hackerone.com/reports/961841 |  Recently added 'Country' field doesn't send email notification when changed
https://hackerone.com/reports/961929 |  Ability to see password protected content by bypassing the password page of shopify preview URL for new development stores (as of August 17, 2020)
https://hackerone.com/reports/962462 |  Unauthorized user is able to access schedule pipeline variables and values
https://hackerone.com/reports/962604 |  Revoked User can still view  the Merge Request  created by him via API
https://hackerone.com/reports/962895 |  Stocky App Administrator can create a backdoor admin account by using an existing POS User
https://hackerone.com/reports/963774 |  Premium Email Address Check Bypass - Hey
https://hackerone.com/reports/963815 |  Java: CWE-522 Insecure basic authentication
https://hackerone.com/reports/963816 |  [javascript] CWE-117: CodeQL query to detect Log Injection
https://hackerone.com/reports/965267 |  Potential HTTP Request Smuggling in ruby webrick
https://hackerone.com/reports/965510 |  Password protection can be removed for newly created development store 
https://hackerone.com/reports/965782 |  Failed assert in `mail_index_transaction_lookup`
https://hackerone.com/reports/965790 |  Assert failed in `edit_mail_istream_read`
https://hackerone.com/reports/965881 |  Null dereference in `cmd_denotify_operation_execute`
https://hackerone.com/reports/965914 |  `fs.realpath.native` on darwin may cause buffer overflow
https://hackerone.com/reports/966383 |  secret leaks in vsphere cloud controller manager log
https://hackerone.com/reports/966494 |  True Image 2021 - LPE via XPC service communication
https://hackerone.com/reports/966834 |  Incomplete fix for CVE-2020-12673 : Specially crafted NTML message leads to buffer over read
https://hackerone.com/reports/967457 |  Buffer overread off by one in `rpa_read_buffer`, incomplete fix for CVE-2020-12674
https://hackerone.com/reports/968690 |  DOM based XSS in store.acronis.com/<id>/purl-corporate-standard-IT [cfg parameter]
https://hackerone.com/reports/970157 |  Bypass Password Authentication to Update the Password
https://hackerone.com/reports/970760 |  Pixel Flood Attack leads to Application level DoS
https://hackerone.com/reports/972355 |  Able to leak private email of any user given his/her username via graphql
https://hackerone.com/reports/972561 |  kubeadm logs tokens before deleting them
https://hackerone.com/reports/972601 |  Open Redirect at https://oauth.secure.pixiv.net
https://hackerone.com/reports/974222 |  IDOR leads to Edit Anyone's Blogs / Websites
https://hackerone.com/reports/974271 |  Stored XSS on https://app.crowdsignal.com/surveys/[Survey-Id]/question - Bypass
https://hackerone.com/reports/974368 |  CodeQL query to detect XSLT injections
https://hackerone.com/reports/974369 |  Query to find TLS configurations supporting hardcoded insecure versions of the protocol and cipher suites
https://hackerone.com/reports/974370 |  [CATENACYBER]: [CPP] CWE-476 Null Pointer Dereference : Another query to either missing or redundant NULL check
https://hackerone.com/reports/974892 |  Race Condition of Transfer data Credits to Organization Leads to Add Extra free Data Credits to the Organization
https://hackerone.com/reports/975047 |  User sensitive information disclosure
https://hackerone.com/reports/975827 |  Permanent DoS with one click.
https://hackerone.com/reports/975983 |  Site-wide CSRF on Safari due to CORS misconfiguration (not localhost)
https://hackerone.com/reports/976657 |  Reflected XSS on a Atavist theme at external_import.php
https://hackerone.com/reports/977851 |  Cache poisoning via X-Forwarded-Host in www.shopify.com/partners/blog
https://hackerone.com/reports/978125 |  xss triggered in "myshopify.com/admin/product"
https://hackerone.com/reports/978143 |  Team object in GraphQL disclosed private_comment
https://hackerone.com/reports/978515 |  A specially crafted message sent to the local delivery agent (LMTP) causes the LMTP child process to issue a panic (call i_panic)
https://hackerone.com/reports/978680 |  GET based Open redirect on [streamlabs.com/content-hub/streamlabs-obs/search?query=]
https://hackerone.com/reports/979110 |  Internal Path Disclosure
https://hackerone.com/reports/980511 |  A staff member with no permissions can edit Store Customer Email
https://hackerone.com/reports/980856 |  https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529
https://hackerone.com/reports/981472 |  Undocumented `fileCopy` GraphQL API
https://hackerone.com/reports/981796 |  Information Disclosure of Garbage Collection Cycle
https://hackerone.com/reports/981824 |  DNS Setup allows sending mail on behalf of other customers
https://hackerone.com/reports/982291 |  HEY.com email stored XSS
https://hackerone.com/reports/982510 |  Self XSS
https://hackerone.com/reports/983070 |  IDOR when creating App on [platform.streamlabs.com/api/v1/store/whitelist] with user_id field
https://hackerone.com/reports/983867 |  Java : add MongoDB injection sinks
https://hackerone.com/reports/985150 |  Privilege Escalation in Point Of Sale Application from POS Manage Staff Role to potentially Store Owner
https://hackerone.com/reports/986386 |  Reflected XSS on www.hackerone.com via Wistia embed code
https://hackerone.com/reports/988103 |  Node.js: use-after-free in TLSWrap
https://hackerone.com/reports/988272 |  stored XSS in hey.com message content
https://hackerone.com/reports/989415 |  Bypass restrict of member subscription to use custom background in https://3d.cs.money without prime subscription
https://hackerone.com/reports/990838 |  Bypass Filter on link of build
https://hackerone.com/reports/990878 |  IDOR in https://3d.cs.money/
https://hackerone.com/reports/993005 |  Server-side denial of service via large payload sent to wiki.cs.money/graphql
https://hackerone.com/reports/993582 |  Application DOS via specially crafted payload on 3d.cs.money
https://hackerone.com/reports/994504 |  authenticity token not verfied leads to change business name
https://hackerone.com/reports/996899 |  LFI to steal  /etc/passwd - Bypass filter in the <meta property="og:image"> tag via redirect and much more
https://hackerone.com/reports/997198 |  Content Spoofing/Text Injection in https://support.cs.money and JS file not minified and uglyfied which makes it clearly readable 
https://hackerone.com/reports/999765 |  Ticket Trick at https://account.acronis.com
https://hackerone.com/reports/999789 |  Getting New Invitations without Leaving Programs
https://hackerone.com/reports/1000567 |  ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection)
https://hackerone.com/reports/1001255 |  Possible RCE through Windows Custom Protocol on Windows client
https://hackerone.com/reports/1002188 |  Potential HTTP Request Smuggling in nodejs