| 1583 | CVE-2022-25262 | JetBrains Hub single-click SAML response takeover |
Authorization flaw
SAML
OAuth |
JetBrains |
Yurii Sanin (@SaninYurii) |
Bug Bounty | 2022-05-03 | 2023-06-13 |
| 1577 | Samsung Flow - Any App Can Read The External Storage |
Android
Insecure intent |
Samsung |
Ken Gannon (@Yogehi) |
Bug Bounty | 2022-05-04 | 2023-06-13 |
| 1576 | Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store |
Android
Insecure intent |
Samsung |
Ken Gannon (@Yogehi) |
Bug Bounty | 2022-05-04 | 2023-06-13 |
| 1564 | RCE via Dependency Confusion |
Dependency confusion |
NA |
Samrat Gupta (@Sm4rty_) |
Bug Bounty | 2022-05-10 | 2023-06-13 |
| 1516 | Bygone Vulnerabilities - Remote Code Execution in IBM Lotus SameTime Clients (CVE-2013-0553) |
XSS
RCE |
IBM |
Brian (@hoyahaxa) |
Bug Bounty | 2022-05-27 | 2023-06-13 |
| 1509 | Bypass CSP Using WordPress By Abusing Same Origin Method Execution |
CSP bypass
Same Origin Method Execution |
WordPress |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2022-05-29 | 2023-06-13 |
| 1479 | Same bug different platform |
Logic flaw
Authorization flaw |
Meta / Facebook |
Prajwol Dhungana (@PrajwolDhunga14) |
Bug Bounty | 2022-06-11 | 2023-06-13 |
| 1407 | Two faces of a same PDF document |
PDF parser differential attack |
Mozilla
Google
Adobe |
Toni Huttunen |
Bug Bounty | 2022-07-01 | 2023-06-13 |
| 1348 | Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages |
Payment bypass |
Meta / Facebook |
Samip Aryal (@samiparyal_) |
Bug Bounty | 2022-07-18 | 2023-06-13 |
| 1344 | How i was able to bypass Open Redirect 3 times on same program. |
Open redirect |
NA |
himanshu pdy (@himanshu_pdy) |
Bug Bounty | 2022-07-19 | 2023-06-13 |
| 1261 | The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) |
Memory corruption
Race condition
Local Privilege Escalation
Android |
Linux Kernel Organization
Google
Samsung |
Xingyu Jin |
Bug Bounty | 2022-08-10 | 2023-06-13 |
| 1243 | Amazon Cognito misconfiguration lead to account takeover |
Account takeover |
NA |
Hossam Ahmed (@iknowhatodo0x01) |
Bug Bounty | 2022-08-12 | 2023-06-13 |
| 1213 | CSRF leads to Account Takeover | Samsung |
CSRF
Account takeover |
Samsung |
R ando (@Rando02355205) |
Bug Bounty | 2022-08-16 | 2023-06-13 |
| 1170 | My Hall of Fame at United Nations Success Story |
XSS |
United Nations |
Joshua Arulsamy (@Joshua_Arulsamy) |
Bug Bounty | 2022-08-27 | 2023-06-13 |
| 1052 | Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library |
Universal XSS
SSRF
Open redirect
Web cache poisoning |
Netlify
Gemini
PancakeSwap
Docusign
Moonpay
Celo |
Sam Curry (@samwcyo) |
Bug Bounty | 2022-09-21 | 2023-06-13 |
| 962 | Fall account takeover via Amazon Cognito misconfiguration |
IDOR
Account takeover |
NA |
Hossam Ahmed (@iknowhatodo0x01) |
Bug Bounty | 2022-10-13 | 2023-06-13 |
| 903 | SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction |
XSS |
Samsung |
- |
Bug Bounty | 2022-10-26 | 2023-06-13 |
| 873 | Gregor Samsa: Exploiting Java%27s XML Signature Verification |
Integer truncation
RCE
SAML |
OpenJDK
Apache Commons BCEL |
Felix Wilhelm (@_fel1x) |
Bug Bounty | 2022-11-02 | 2023-06-13 |
| 868 | Case of Admin Bypass for RCE, XSS, and Information Disclosure |
RCE
Unrestricted file upload
Stored XSS
Information disclosure |
NA |
Sam Paredes (@caffeinevulns) |
Bug Bounty | 2022-11-03 | 2023-06-13 |
| 843 | Discovering vendor-specific vulnerabilities in Android |
Android |
Samsung
Google |
Oversecured (@OversecuredInc) |
Bug Bounty | 2022-11-10 | 2023-06-13 |
| 822 | Chromium: Same Origin Policy bypass within a single site a.k.a. "Google Roulette" |
SOP bypass
Browser hacking |
Google (Chromium) |
Michał Bentkowski (@SecurityMB) |
Bug Bounty | 2022-11-16 | 2023-06-13 |
| 761 | Broken access control + misconfiguration = Beautiful privilege escalation |
Broken Access Control
Privilege escalation |
NA |
Hossam Mesbah (@m359ah) |
Bug Bounty | 2022-11-28 | 2023-06-13 |
| 684 | Simple CORS misconfig leads to disclose the sensitive token worth of $$$ |
CORS misconfiguration
Token leak |
Linear |
Ramalingasamy |
Bug Bounty | 2022-12-16 | 2023-06-13 |
| 621 | Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More |
Account takeover
SSO
RCE
Authorization bypass
SQL injection
Mass assignment
Information disclosure |
Kia
Honda
Infiniti
Nissan
Acura
Mercedes-Benz
Hyundai
Genesis
BMW
Rolls Royce
Ferrari
Spireon
Ford
Reviver
Porsche
Toyota
Jaguar
Land Rover
SiriusXM |
Sam Curry (@samwcyo) |
Bug Bounty | 2023-01-03 | 2023-06-13 |
| 588 | thisclosed_#2 - PostgreSQL Database Exfiltration through the abuse of PostgREST requests |
SQL injection |
NA |
Samuele Gugliotta (@indevi0us) |
Bug Bounty | 2023-01-16 | 2023-06-13 |
