OrchidMantis

Orchid Mantis A Framework for ZKPoX — Zero-Knowledge Proof...

CVE-2026-39367 WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

Earn up to $10K from the Opera Bug Bounty program

Security Earn up to $10K from the Opera Bug Bounty program Share April 30th, 2021 Join the Opera Bug Bounty program, find vulnerabilities in scope, tell us how you did it, and collect rewards. We pay up to $10K for confirmed high-value submissions. Opera has two bug bounty programs operated by...

Apple's Bug Bounty Opens for Business, $1M Payout Included

Apple has officially opened its historically private bug-bounty program to the public, while boosting its top payout to $1 million. Bounty hunters seeking that $1 million will need to provide a working exploit for a zero-click remote chain with full kernel execution and persistence on Apple’s...

socialsecurity.be Cross Site Scripting vulnerability

Security Researcher Implosion Helped patch 1641 vulnerabilities Received 7 Coordinated Disclosure badges Received 29 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting socialsecurity.be website and its users. Following...

HackerOne: User with privilege to maintain External Programs can update certain churned HackerOne programs

Summary: You wrote that some programs are behind, but you are trying to get them back sorry maybe bad translation Description: Apparently because of a system error, I have access to change information in the public program. This option is given only for external programs.But here is a public...

Pornhub: Stored XSS in galleries - https://www.redtube.com/gallery/[id] path

Researcher successfully closed the image 'alt' attribute and injected javascript by intercepting the album creation request and submitting an XSS payload as the album title. This led to stored cross-site scripting on the user's album page, executed against any users who visited the album. Stored...

Pornhub: Stored XSS on the https://www.redtube.com/users/[profile]/collections

Researcher successfully closed the image 'alt' attribute and injected javascript by submitting an XSS payload as the collection title. This led to stored cross-site scripting on the user's collections page, executed against any users who visited the user's collections. The user's favorites page w...

Yelp Launches Public Bug Bounty

For a long time, Yelp.com has been one of the Internet’s most-frequented resources for crowd-sourced local business, restaurant and hospitality reviews and tips. Starting today, the door will be open to researchers and bug-hunters who are invited to participate in Yelp’s public bug bounty. The...

Kaspersky Lab Bug Bounty Program Launches

LAS VEGAS – Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry. The bounty begins tomorrow on the HackerOne platform, and the first phase will run for six months. The company said tha...