CVE-2023-6374

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote...

brandenburg.rz.htw-berlin.de Cross Site Scripting vulnerability OBB-2671646

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

genova.serviziobagnimobili.it Cross Site Scripting vulnerability OBB-2379020

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

drugdiscoveryonline.com Cross Site Scripting vulnerability OBB-2180058

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mcnex.co.kr Cross Site Scripting vulnerability OBB-2133179

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

HackerOne: Private program disclosure of `██████████` through notifications

Summary: Private program disclosure of ██████ through notifications Description: It looks like there is a private program called ████████ - https://hackerone.com/████████ which I'm not yet invited yet. However, I received a notification alert in my H1 account notification box indicating the priva...

HackerOne: Private program disclosure via `vpn_suspended` GraphQL query

Summary: vpnsuspended of Team object got exposed Description: An attacker can get vpnsuspended value of any program including external program which also have private program eg. █████ and external program which does not have private program What an attacker can do with this ? If an external...

canadahousetoronto.com XSS vulnerability

Open Bug Bounty ID: OBB-587386 Description| Value ---|--- Affected Website:| canadahousetoronto.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...