HackerOne Report Search
Explore 10,000+ publicly disclosed vulnerability reports from HackerOne
| ID | Title | Severity | Disclosed | Actions |
|---|---|---|---|---|
3511792 |
HashDoS in V8 | Medium | 2026-03-30 16:44:09 | |
3480841 |
Permission Model Bypass in realpathSync.native Allows File Existence Disclosure | Low | 2026-03-30 16:44:00 | |
3533945 |
Timing side-channel in HMAC verification via memcmp() in crypto_hmac.cc leads to potential MAC forgery | Medium | 2026-03-30 16:42:57 | |
3559715 |
Node.js Permission Model bypass: UDS server bind/listen works without `--allow-net` | Medium | 2026-03-30 16:42:22 | |
3560402 |
Denial of Service via `__proto__` header name in `req.headersDistinct` (Uncaught `TypeError` crashes Node.js process) | High | 2026-03-30 16:42:13 | |
3449392 |
CVE-2024-36137 Patch Bypass - FileHandle.chmod/chown | Low | 2026-03-30 16:42:05 | |
3531737 |
Memory leak in Node.js HTTP/2 server via WINDOW_UPDATE on stream 0 leads to resource exhaustion | Medium | 2026-03-30 16:41:57 | |
3633534 |
CRLF Injection in HAProxy PROXY Protocol via CURLOPT_HAPROXY_CLIENT_IP allows IP spoofing and protocol injection | Medium | 2026-03-30 04:04:58 | |
3630310 |
HTTP/2 server push accepts a non-authoritative :scheme=https over cleartext h2c, enabling HTTPS cache-key poisoning | High | 2026-03-29 16:44:13 | |
3523703 |
Password Strength Policy Bypass via Server-Side Validation Flaw | Low | 2026-03-27 19:49:57 |
Page 1