gemini-bug-bounty

Gemini Bug Bounty Find security vulnerabilities, get paid...

Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw

It’s only on rare occasions that anyone pays attention to the acknowledgment section of a vulnerability disclosure. But for the person who found the bug, it's often the conclusion of hours of work, trial and error, searching for recognition, and finally seeing the vulnerability get patched. Bug...

WordPress Membership Plugin - Restrict Content plugin <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect vulnerability

WordPress Membership Plugin - Restrict Content plugin = 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcpredirect vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Restrict Content versions = 3.2.24...

PT-2026-25586

Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript...

WordPress Tribe theme <= 1.7.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Tribe versions = 1.7.3...

Exploit for CVE-2026-27574

CVE-2026-27574-OneUptime-RCE !Authorhttps://img.shields.io/...

From arcades to Azure: Felix’s security research journey

When you talk with Felix, you quickly get the sense that he has always been propelled by curiosity and by a need for something that truly challenges him. Today, he is a successful independent security researcher who uncovers vulnerabilities across Microsoft cloud services. However, his path into...

PT-2026-7584

Name of the Vulnerable Software and Affected Versions Pillow versions 10.3.0 through 12.1.0 Description Pillow is a Python imaging library. An out-of-bounds write issue can occur when loading a specially crafted PSD image. This flaw exists within Pillow’s Photoshop Document PSD handler. The issue...

From points to payouts: The evolution of the Microsoft security researcher leaderboard

The global security research community plays a critical role in helping Microsoft protect customers. Through their deep technical expertise, coordinated disclosure, and collaboration, researchers help identify and remediate vulnerabilities, and shape how our security programs evolve. Many of the...

WordPress AdminQuickbar plugin <= 1.9.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Lior Yeshayahu in WordPress Plugin AdminQuickbar versions = 1.9.3...

Researcher Wipes White Supremacist Dating Sites, Leaks Data on okstupid.lol

Security researcher in "Martha Root" in Pink Power Ranger deletes white supremacist dating sites live onstage, leaks 8,000 profiles and 100GB of data at Chaos Communication Congress CCC 2025...

WordPress Webba Booking plugin <= 6.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Webba Booking versions = 6.2.1...

Bill Largent: On epic reads, lifelong learning, and empathy

Welcome to another episode of Humans of Talos! This week, Amy sits down with William Bill Largent from the Strategic Planning and Communications team. Bill's role as Senior Security Researcher spans from threat research to communicating Talos's critical work to internal teams, partners, and...

OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically

OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model LLM and is programmed to emulate a human expert capable of scanning, understanding, and patching code. Called Aardvark , the artificial intelligence AI company said the autonomous...

EUVD-2021-21882

Malware in sbrugna...

EUVD-2021-21883

Malware in sbrugna...

CVE-Disclosures

CVE-Disclosures This repository, "CVE Disclosures", serves as...

WordPress ShieldGroup theme <= 2.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme ShieldGroup versions = 2.13...

financia-business-school.com Cross Site Scripting vulnerability OBB-4042996

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

How MSRC coordinates vulnerability research and disclosure while building community

In an era where discovering and rapidly mitigating security vulnerabilities is more important than ever before, the Microsoft Security Response Center MSRC is at the center of this work. MSRC focuses on investigating vulnerabilities, coordinating their disclosure, and releasing security updates t...