| 3636 | Discord embed spoofing |
Phishing |
Discord |
DarkMatterMatt |
Bug Bounty | 2020-03-02 | 2023-06-13 |
| 3277 | CVE-2020–9934: Bypassing the macOS Transparency, Consent, and Control (TCC) Framework for unauthorized access to sensitive user data |
MacOS
Local Privilege Escalation
Authorization flaw |
Apple |
Matt Shockley (@mattshockl) |
Bug Bounty | 2020-07-27 | 2023-06-13 |
| 2961 | Github Secrets exposed due to RCE in Formatter Action from pull_request_target event |
RCE |
Google |
Anthony Weems |
Bug Bounty | 2020-12-17 | 2023-06-13 |
| 2839 | Microsoft Remote Desktop Web Access Authentication Timing Attack |
Timing attack
Authentication flaw |
Microsoft |
Matt Dunn |
Bug Bounty | 2021-02-04 | 2023-06-13 |
| 2720 | How I Found Sql Injection on 8x8 , Cengage,Comodo,Automattic,20 company |
SQL injection |
Automattic
IBM
8x8 |
Ahmad A Abdulla (@lu3ky13) |
Bug Bounty | 2021-03-12 | 2023-06-13 |
| 2577 | How I Found Sql Injection on intensedebate.com (h1) in 5 minute $350 |
SQL injection |
Automattic |
Ahmad A Abdulla (@lu3ky13) |
Bug Bounty | 2021-05-05 | 2023-06-13 |
| 2383 | Mattermost Server v5.32 > v5.36 Reflected XSS in OAuth flow |
Reflected XSS
OAuth |
Mattermost |
zi0Black (@zi0Black) |
Bug Bounty | 2021-07-26 | 2023-06-13 |
| 2340 | Size Matters — CVE-2021–0485 (High) |
Local Privilege Escalation
Android |
Google |
Dimitrios Valsamaras (@Ch0pin) |
Bug Bounty | 2021-08-07 | 2023-06-13 |
| 1826 | "Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains |
Supply chain attack |
GitHub |
Matthew Bryant (@IAmMandatory) |
Bug Bounty | 2022-02-11 | 2023-06-13 |
| 1810 | CVE-2022-0478 - WooCommerce Event-Manager Plugin SQL Injection |
SQL injection
Security code review |
Automattic (WooCommerce) |
Castilho (@castilho101) |
Bug Bounty | 2022-02-16 | 2023-06-13 |
| 1064 | Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286) |
Local Privilege Escalation
Windows
Driver hacking |
Seagate |
x86matthew (@x86matthew) |
Bug Bounty | 2022-09-20 | 2023-06-13 |
| 689 | FlowscreenComponents Basepack, Version 3.0.7 Advisory |
XSS
Security code review |
UnofficialSF |
Matthew Rutledge |
Bug Bounty | 2022-12-15 | 2023-06-13 |
| 647 | Turning Google smart speakers into wiretaps for $100k |
IoT
Wifi hacking |
Google |
Matt |
Bug Bounty | 2022-12-26 | 2023-06-13 |
| 575 | Sudoedit bypass in Sudo <= 1.9.12p1 (CVE-2023-22809) |
Local Privilege Escalation |
Sudo |
Matthieu Barjole (@aevy__) |
Bug Bounty | 2023-01-18 | 2023-06-13 |
| 325 | Wait Time Bypass for fun and Profit |
Rate limiting bypass |
Automattic |
the_unluck_guy (@7he_unlucky_guy) |
Bug Bounty | 2023-03-10 | 2023-06-13 |
| 116 | Size matters! When capital letters introduce vulnerabilities |
XSS |
Microsoft |
Mario Stathakopoulos |
Bug Bounty | 2023-05-06 | 2023-06-13 |
| 110 | A deep-dive on Pluck CMS vulnerability CVE-2023-25828 |
Unrestricted file upload
RCE
Security code review |
Pluck CMS |
Matthew Hogg |
Bug Bounty | 2023-05-08 | 2023-06-13 |
