Bug Bounty Channel
@bug_bounty_channelAll bug bounties here.
15 094 подписчиков
Посты канала (20)
- 🏦 AWS VDP Report ⚠️ Title: Command Injection via Unsanitized Bundling Options in \`aws-cdk-lib/aws-lambda-nodejs\` 🔍 … 11.06.2026
- 🏦 AWS VDP Report 📋 Title: Firecracker Out-of-bounds Read/Write Local Privilege Escalation Vulnerability 🔍 Reporter: … 11.06.2026
- 🏦 curl Report 📝 Title: heap-use-after-free in state.referer when CURLOPT\_REFERER replaced or cleared after perform �… 11.06.2026
- 🏦 curl Report 📋 Title: CRLF Injection via Custom HTTP Headers 🔍 Reporter: bugthiru (Thirubug) 📋 Details: └ 📊 Statu… 11.06.2026
- 🏦 DuckDuckGo Report 🔥 Title: RCE + Supply Chain Attack via pull\_request\_target in content-scope-scripts/semver-labe… 11.06.2026
- 🏦 DuckDuckGo Report 🔥 Title: RCE + PAT Exfiltration via pull\_request\_target in privacy-configuration/auto-respond-p… 11.06.2026
- 🏦 Rocket.Chat Report ⚠️ Title: SSRF via improper validation after DNS name resolution in the link-preview feature 🔍 R… 11.06.2026
- 🏦 Rocket.Chat Report ⚡ Title: SSRF via Improper Redirect Validation in Rocket.Chat oEmbed Function 🔍 Reporter: button… 11.06.2026
- 🏦 curl Report ⚡ Title: curl/libcurl vulnerable to TLS truncation attacks 🔍 Reporter: nyymi (nyymi) 📋 Details: └ 📊 S… 10.06.2026
- 🏦 curl Report ⚡ Title: Trailing-Dot Hostname in Redirect Silently Strips Client Certificate and Auth Credentials 🔍 Re… 10.06.2026
- 🏦 curl Report ⚡ Title: curl-ipv4-percent-normalization-SSRF 🔍 Reporter: monk17 (No name) 📋 Details: └ 📊 Status: inf… 10.06.2026
- 🏦 curl Report ⚡ Title: SOCKS5 no-auth accepted despite username/password-only authentication 🔍 Reporter: kalfkinen (S… 09.06.2026
- 🏦 curl Report ⚠️ Title: SSH/SFTP connection reuse can bypass SSH key identity after ssh\_config\_matches removal 🔍 Re… 09.06.2026
- 🏦 Ruby on Rails Report 📝 Title: Action Text ReDoS \(Ruby 3.1 or lower\) 🔍 Reporter: ooooooo_q (ooooooo_q) 📋 Details… 09.06.2026
- 🏦 curl Report 📝 Title: DNS domain search list followed for extant domain missing A or AAAA records 🔍 Reporter: maxhe… 08.06.2026
- 🏦 curl Report ⚠️ Title: libcurl: HTTP/1.x bare LF byte in response header value enables cookie jar pollution and POST … 08.06.2026
- 🏦 curl Report 📝 Title: curl External-Controlled Filename in \`--url @file\` Leads to Arbitrary File Overwrite 🔍 Repo… 07.06.2026
- 🏦 curl Report 📝 Title: curl cross-origin HTTPS redirect reuses TLS client certificate for unintended second-origin mT… 07.06.2026
- 🏦 curl Report ❓ Title: OpenSSL TLS 1.2 session resumption accepts expired server certificates in libcurl 🔍 Reporter: … 07.06.2026
- 🏦 Nextcloud Report ⚡ Title: Valid share tokens allow to access tempory upload files of share owner 🔍 Reporter: pirika… 07.06.2026