70 matches found
Exploit for CVE-2022-42005
Tesla Security Research Vulnerability research on the Tesla M...
claude-bug-bounty
Claude Bug Bounty Hunter The AI-native bug bounty framework...
POC-Generator-Burp_Suite_Extension
🎯 POC Generator - Burp Suite Extension From vulnerability...
PT-2025-32331 · Undefined · Undefined
@phisher305 @Bugcrowd after the CVE-2025-8673 😂...
GHSA-M454-3XV7-QJ85 CVE-2025-1386- Query smuggling in ch-go library
Impact When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream. Patches If you are using ch-go library, we...
CVE-2025-1386- Query smuggling in ch-go library
Impact When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream. Patches If you are using ch-go library, we...
Malicious code in bugcrowd-npm-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 46b2f058641ff9f8a06f7a20bd103fbfc37dc8ffcfc09d191ab7a8b9d0c35715 The OpenSSF Package Analysis project identified 'bugcrowd-npm-poc' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-1078 Malicious code in bugcrowd-npm-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 46b2f058641ff9f8a06f7a20bd103fbfc37dc8ffcfc09d191ab7a8b9d0c35715 The OpenSSF Package Analysis project identified 'bugcrowd-npm-poc' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
XSS sidekiq-unique-jobs UI server vulnerability
Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...
GHSA-CMH9-RX85-XJ38 XSS sidekiq-unique-jobs UI server vulnerability
Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...
Domain-Protect - OWASP Domain Protect - Prevent Subdomain Takeover
OWASP Global AppSec Dublin - talk and demo Features scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover scan Cloudflare for vulnerable DNS records take over vulnerable subdomains yourself before attackers and bug bounty researchers automatically create known...
Bullied by Bugcrowd over Kape CyberGhost disclosure
TL;DR The CyberGhost VPN client suffers from an elevation of privilege vulnerability and is filed under CVE-2023-30237. A specially crafted JSON payload sent to the CyberGhost RPC service can lead to command line injection when the OpenVPN process is launched, leading to full system compromise. T...
ChatGPT Security: OpenAI's Bug Bounty Program Offers Up to $20,000 Prizes
OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "safe and secure." To that end, it has partnered with the crowdsourced security platform Bugcrowd for independent researchers to report vulnerabilities...
Malicious Package
Overview twilio-bugcrowd-poc-twilio-flex-ui-sample is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...
Google Chrome Bug Actively Exploited as Zero-Day
Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that’s being actively exploited in the wild. The bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrom...
X (Formerly Twitter): Subdomain takeover of images.crossinstall.com
Summary images.crossinstall.com points to an AWS S3 bucket that no longer exists. I was able to take control of this bucket and put my own content onto it. I can now serve content on this domain, obtain a TLS certificate for this domain, etc. If any customers or servers are pointing to anything...
Bugs-feed - A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities...
Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities... It's implemented as a PWA application so you can get rid of the explorer and use it as a desktop application. Navigate through different tabs and take a look to the latest bugs or search...
[Security Nation] Jonathan Cran on demystifying startup funding for security companies
!\Security Nation\ Jonathan Cran on demystifying startup funding for security companieshttps://blog.rapid7.com/content/images/2021/07/securitynationlogo.jpg In this episode of Security Nation, we’re joined by Jonathan Cran. We wade into uncharted territory with Jonathan, as he claims the title of...
Bbscope - Scope Gathering Tool For HackerOne, Bugcrowd, And Intigriti!
The ultimate scope gathering tool for HackerOne, Bugcrowd, and Intigriti by sw33tLie. Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job. What about getting a list of android apps that you are allowed to test? We've got you...
Earn up to $10K from the Opera Bug Bounty program
Security Earn up to $10K from the Opera Bug Bounty program Share April 30th, 2021 Join the Opera Bug Bounty program, find vulnerabilities in scope, tell us how you did it, and collect rewards. We pay up to $10K for confirmed high-value submissions. Opera has two bug bounty programs operated by...