hackerone.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-22.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-22 2026 | HackerOne: LLM01: Invisible Prompt InjectionAI | Program: HackerOne Severity: medium Weakness: LLM01: Prompt Injection ## Description Hey team, Hai is vulnerable to invisible prompt injection via Unicode tag characters. ## Reproduction steps 1. ... |
| 2026-04-22 2026 | Internet Bug Bounty: Argo CD CSRF leads to Kubernetes cluster compromiseCSRF | Program: Internet Bug Bounty Severity: high Weakness: Cross-Site Request Forgery (CSRF) GHSA: https://github.com/argoproj/argo-cd/security/advisories/GHSA-92mw-q256-5vwg It's been publicly known for... |
| 2026-04-19 2026 | Bykea: IDOR on In-App Hardcoded Zombie — HackerOneIDOR | Bykea: IDOR on In-App Hardcoded Zombie — HackerOne |
| 2026-04-19 2026 | IDOR Vulnerability — HackerOne Report 2633771IDOR | IDOR Vulnerability — HackerOne Report 2633771 |
| 2026-04-17 2026 | HackerOne #1210502: Jitsi Authentication Bypass (JWT)JWT | HackerOne #1210502: Jitsi Authentication Bypass (JWT) |
| 2026-04-17 2026 | HackerOne #2472798: Newspack Extended Access JWT bypassJWT | HackerOne #2472798: Newspack Extended Access JWT bypass |
| 2026-04-17 2026 | How an IDOR Vulnerability Led to User Profile Modification (HackerOne)IDOR | How an IDOR Vulnerability Led to User Profile Modification (HackerOne) |
| 2026-04-17 2026 | HackerOne Report #435066: SQL injection in GraphQL endpointGraphQL | HackerOne Report #435066: SQL injection in GraphQL endpoint |
| 2026-04-17 2026 | HackerOne Report #812064: SAML authentication bypass (Rocket.Chat)AuthN | HackerOne Report #812064: SAML authentication bypass (Rocket.Chat) |
| 2026-04-17 2026 | HackerOne Report #209008: Authentication Bypass - AutomatticAuthN | HackerOne Report #209008: Authentication Bypass - Automattic |
| 2026-04-17 2026 | HackerOne Report #423541: H1514 Server Side Template InjectionSSTI | HackerOne Report #423541: H1514 Server Side Template Injection |
| 2026-04-11 2026 | HackerOne #164224: SSTISSTI | HackerOne #164224: SSTI |
| 2026-04-11 2026 | HackerOne: Trint insecure client-side JWT generationJWT | HackerOne: Trint insecure client-side JWT generation |
| 2026-04-11 2026 | HackerOne: Linktree account takeover via improper JWT validationJWT | HackerOne: Linktree account takeover via improper JWT validation |
| 2026-04-11 2026 | HackerOne: Critical vulnerability in JWE SpecificationJWT | HackerOne: Critical vulnerability in JWE Specification |
| 2026-04-11 2026 | HackerOne: Argo CD JWT audience claim not verifiedJWT | HackerOne: Argo CD JWT audience claim not verified |
| 2026-04-11 2026 | Remitly: 0-Click Account Takeover (HackerOne)AuthN | Remitly: 0-Click Account Takeover (HackerOne) |
| 2026-04-10 2026 | Semrush OAuth redirect_uri bypass via IDN homograph — HackerOne #861940AuthN | Semrush OAuth redirect_uri bypass via IDN homograph — HackerOne #861940 |
| 2026-04-10 2026 | Slack OAuth2 redirect_uri bypass — HackerOne #2575AuthN | Slack OAuth2 redirect_uri bypass — HackerOne #2575 |
| 2026-04-10 2026 | HackerOne: SSRF in Exchange Leads to ROOT (Shopify)SSRF | HackerOne: SSRF in Exchange Leads to ROOT (Shopify) |
| 2026-04-10 2026 | HackerOne: SSRF Mitigation Bypass Using DNS Rebind AttackSSRF | HackerOne: SSRF Mitigation Bypass Using DNS Rebind Attack |
| 2026-04-10 2026 | HackerOne: SSRF in Search.gov via URL ParameterSSRF | HackerOne: SSRF in Search.gov via URL Parameter |
| 2026-04-10 2026 | HackerOne: SSRF via Analytics ReportsSSRF | HackerOne: SSRF via Analytics Reports |
| 2026-04-10 2026 | HackerOne Report: IDOR Allows ViewingIDOR | HackerOne Report: IDOR Allows Viewing |
| 2026-04-10 2026 | XXE Complete Guide: Impact, Examples, and PreventionXXE | XXE Complete Guide: Impact, Examples, and Prevention |
| 2026-04-10 2026 | How a GraphQL Bug Resulted in Authentication BypassGraphQL | How a GraphQL Bug Resulted in Authentication Bypass |
| 2026-04-10 2026 | How to Find XSS Vulnerabilities: Practical Security GuideXSS | How to Find XSS Vulnerabilities: Practical Security Guide |
| 2026-04-06 2026 | HackerOne HacktivityBug Bounty | HackerOne Hacktivity |
| 2026-04-03 2026 | How a Cross-Site Scripting Vulnerability Led to Account Takeover | HackerOneXSS | How a Cross-Site Scripting Vulnerability Led to Account Takeover | HackerOne |
| 2026-04-03 2026 | How To Find Broken Access Control Vulnerabilities in the Wild | HackerOneAuthZ | How To Find Broken Access Control Vulnerabilities in the Wild | HackerOne |
| 2025-08-14 2025 | SSRF in https://couriers.indrive.com/api/file-storageSSRF | Program: inDrive Severity: high Weakness: Server-Side Request Forgery (SSRF) ## Summary: SSRF in ` url ` parameter in https://couriers.indrive.com/api/file-storage ## Steps To Reproduce: I will tr... |
| 2025-08-14 2025 | Full Read SSRF on Gitlab's Internal GrafanaSSRF | Program: GitLab Severity: critical Weakness: Server-Side Request Forgery (SSRF) Apparently, Grafana is bundled with Gitlab by default. So the grafana instance that is accessible via `/-/grafana/`is v... |
| 2023-02-14 2023 | How To: Server-Side Request Forgery (SSRF)SSRF | The content discusses Server-Side Request Forgery (SSRF) and provides a guide on how to perform it. SSRF is a vulnerability that allows attackers to make requests from a server, potentially accessing sensitive information or executing malicious actions. The guide likely includes techniques and examples of exploiting SSRF vulnerabilities. It is crucial for developers and security professionals to understand SSRF to prevent and mitigate such attacks. |