Получение чужого номера телефона (все цифры) через форму восстановления пароля
https://hackerone.com/reports/350939
null
namthar
$300
Unauthorized Use of Victim Credit Card
https://hackerone.com/reports/391385
3.5
hk755a
$400
GetReports works for hubs you don't have access to
https://hackerone.com/reports/350937
5
milkgames
$750
Private target account appears in search results
https://hackerone.com/reports/708696
null
magic_spell
null
[IRCCloud Android] Theft of arbitrary files leading to token leakage
https://hackerone.com/reports/288955
null
bagipro
$500
Email PII disclosure due to Insecure Password Reset field
https://hackerone.com/reports/520842
null
alyssa_herrera
null
Expired Available Domains in nordvpn.com website code
https://hackerone.com/reports/791674
null
khizer47
null
Узнаем новые email приглашенного нами пользователя после смены, и так же часть номера телефона
https://hackerone.com/reports/529367
null
povargek
$300
Tracking of users on third-party websites using the Twitter cookie, due to a flaw in authenticating image requests
https://hackerone.com/reports/329957
6.5
cris-staicu
$1,120
CRITICAL Insecure Direct Object Reference (I.D.O.R) - Link Other User's Credit Card
https://hackerone.com/reports/358143
7.2
hk755a
$2,000
Show hide privacy giving receiving on my website
https://hackerone.com/reports/262088
null
test99767
null
Captcha Bypass on SignUp Form
https://hackerone.com/reports/277300
null
apapedulimu
null
NordVPN Android Application privacy violation due to Google Advertising Identifier misuse
https://hackerone.com/reports/803941
null
tomtenisse
$200
[marketplace.informatica.com] - Sensitive Data Exposure
https://hackerone.com/reports/270695
null
shogunlab
null
[marketplace.informatica.com] User email disclosure
https://hackerone.com/reports/230608
null
shogunlab
null
A small set of users were assigned someone else's payout preference
https://hackerone.com/reports/498845
2.7
jobert
null
IP address can be leaked on Image preview in ICQ for Android chat
https://hackerone.com/reports/736800
3.4
rainbow_json
$150
Trusted daemon check fails when proxied through torsocks or proxychains
https://hackerone.com/reports/361269
null
equim
null
Physical Laptop Takeover
https://hackerone.com/reports/393615
null
glassofbeer
null
Просмотр привязного к странице email, всего лишь раз скомпрометировав письмо-уведомление
https://hackerone.com/reports/223172
null
povargek
$100
Any authenticated user can download full list of users, including email
https://hackerone.com/reports/228399
5
arkadiyt
$256
application/x-brave-tab should not be readable.
https://hackerone.com/reports/258578
null
qab
$250
Incorrect details on OAuth permissions screen allows DMs to be read without permission
https://hackerone.com/reports/434763
4.3
edent
$2,940
Unauthorized Access to Protected Tweets via niche.co API
https://hackerone.com/reports/273698
null
eidelweiss
null
Weak Password Policy on techsupport.teradici.com
https://hackerone.com/reports/228323
null
imxx
null
Detect Tor Browser's language
https://hackerone.com/reports/588239
0
ryotak
null
Раскрытие имени файла приватных документов
https://hackerone.com/reports/219715
null
zhumarin
$100
languagechange event fires simultaneously on all tabs
https://hackerone.com/reports/257942
null
tomvg
$100
Unauthorized User Can Delete Any User Account
https://hackerone.com/reports/803141
null
d4rk_g1rl
$100
Cross-domain linkability when system time changed in Tor Browser
https://hackerone.com/reports/282339
null
xiaoyinl
null
Detecting Tor Browser UI Language
https://hackerone.com/reports/282748
null
xiaoyinl
$200
Twitter ID exposure via error-based side-channel attack
https://hackerone.com/reports/505424
5.7
terjanq
$1,470
Privacy violation для аттачей в сообщениях.
https://hackerone.com/reports/377115
null
iframe
$500
Sensitive Email disclosure Due to Insecure Reactivate Account field
https://hackerone.com/reports/235041
null
alyssa_herrera
null
Nextcloud domain and name of every user leaked to lookup server
https://hackerone.com/reports/508490
6.8
leonklingele
$100
Email Not Completely Deleted after Deleting an account
https://hackerone.com/reports/386596
null
0xspade
$100
Gateway information leakage
https://hackerone.com/reports/258410
null
hackerfactor
null
Changing email address on Twitter for Android unsets "Protect your Tweets"
https://hackerone.com/reports/472013
null
nyuszika7h
$2,940
Вставляем свой код в мобильном приложении в разделе помощи сообществам
https://hackerone.com/reports/433904
null
catferq
$300
Confidential data of users and limited metadata of programs and reports accessible via GraphQL
https://hackerone.com/reports/489146
9.3
yashrs
$20,000
Connection informaton is sent to a third-party service
https://hackerone.com/reports/752402
null
martinbydefault
$7,777
User data not anonymized is sent to analytics server
https://hackerone.com/reports/781238
null
martinbydefault
$1,000
OS username disclosure
https://hackerone.com/reports/258585
null
qab
$100
User Profiles Leak PII in HTML Document for Mobile Browser User Agents
https://hackerone.com/reports/288596
5.3
chriszielinski
$500
Information Disclosure which violate program privacy
https://hackerone.com/reports/313075
null
eqbang
null
Corrupt RPC responses from remote daemon nodes can lead to transaction tracing
https://hackerone.com/reports/304770
null
monero-hax123
null
User sensitive information disclosure
https://hackerone.com/reports/975047
null
a_yang
$1,000
Account deletion requests not entirely honoured. Misinformation even after seeking clarification from customer support.
https://hackerone.com/reports/813421
null
keshavkejriwal
$100