HackerOne Report Search
Explore 10,000+ publicly disclosed vulnerability reports from HackerOne
| ID | Title | Severity | Disclosed | Actions |
|---|---|---|---|---|
3378540 |
Lack of Validation in Reward Redemption Allows Unlimited Burp Suite License Abuse | Low | 2026-03-18 12:47:07 | |
3609505 |
HSTS accepted from HTTP origin behind HTTPS proxy | Unknown | 2026-03-17 17:53:57 | |
3608522 |
Unescaped username in SASL DIGEST-MD5 response allows injection | Low | 2026-03-17 14:48:47 | |
3475626 |
Session Cookie Leakage via Static Header Field in WebViewerFragment | High | 2026-03-17 06:13:57 | |
3591764 |
Business Logic Bypass Allows Setting “Read Access” Role Without Pro Plan Subscription | Medium | 2026-03-16 12:00:45 | |
3603300 |
SMB READ_ANDX DataOffset not validated | High | 2026-03-16 07:31:08 | |
3467641 |
Unauthenticated access to private files on app.fizzy.do via Active Storage URLs leads to information disclosure | Low | 2026-03-16 04:36:39 | |
3507241 |
Authorization Bypass in Starknet Snap via enableAuthorize parameter leads to unauthorized transaction signing | Medium | 2026-03-13 01:42:13 | |
3578842 |
SQL Injection vulnerability found on ibm.com endpoint | Critical | 2026-03-12 18:54:29 | |
3598444 |
Curl_compareheader() fails to match multi-value HTTP headers | Medium | 2026-03-12 15:51:43 |
Page 1