← Find more feeds

rss.ricterz.me

HackerOne Hacker Activity

Get the latest updates from HackerOne Hacker Activity directly as they happen.

Follow now 100 followers

Latest posts

Last updated about 7 hours ago

[$2000] PortSwigger Web Security: DNS Rebinding SSRF in Burp Suite MCP Server Enables Internal Network Access via send_http1_request Tool

about 7 hours ago

[$2000] PortSwigger Web Security: DNS Rebinding SSRF in Burp Suite MCP Server...

Read full

curl: OpenSSL backend: X509 peer certificate not freed in ossl_get_channel_binding causes per-request memory leak (DoS risk for long-lived clients)

about 15 hours ago

curl: OpenSSL backend: X509 peer certificate not freed in ossl_get_channel_binding causes per-request...

Read full

Omise: Pending invites remain valid even after the inviter is removed.

about 19 hours ago

Omise: Pending invites remain valid even after the inviter is removed.

Read full

SingleStore: Exceeding the limit of Workspaces via Race Condition

3 days ago

SingleStore: Exceeding the limit of Workspaces via Race Condition

Read full

curl: Unsanitized IPFS CID Allows SSRF Against Configured Gateway

5 days ago

curl: Unsanitized IPFS CID Allows SSRF Against Configured Gateway

Read full

[$550] Rockstar Games: Access to the business emails of Rockstar Support agents through the support platform

6 days ago

[$550] Rockstar Games: Access to the business emails of Rockstar Support agents...

Read full

curl: AWS SigV4 Signature Disclosure via Verbose Logging in libcurl

8 days ago

curl: AWS SigV4 Signature Disclosure via Verbose Logging in libcurl

Read full

[$550] Cloudflare Public Bug Bounty: `use-mcp`'s oauth2 process uses a window.open call with untrusted mcp server provided data allowing for code execution under the page using it

9 days ago

[$550] Cloudflare Public Bug Bounty: `use-mcp`'s oauth2 process uses a window.open call...

Read full

Nextcloud: Email not verified when changing afterwards on apps.nextcloud.com

9 days ago

Nextcloud: Email not verified when changing afterwards on apps.nextcloud.com

Read full

Nextcloud: Information Exposure Through Directory Listing

9 days ago

Nextcloud: Information Exposure Through Directory Listing

Read full

Nextcloud: Exposing debug.log file leads to server full path disclosure

9 days ago

Nextcloud: Exposing debug.log file leads to server full path disclosure

Read full

curl: Inconsistent URL Parsing in curl Leading to Potential SSRF and Access Control Bypass

12 days ago

curl: Inconsistent URL Parsing in curl Leading to Potential SSRF and Access...

Read full

Or log in

Everything you care about in one place

HackerOne Hacker Activity

Latest posts

[$2000] PortSwigger Web Security: DNS Rebinding SSRF in Burp Suite MCP Server Enables Internal Network Access via send_http1_request Tool

curl: OpenSSL backend: X509 peer certificate not freed in ossl_get_channel_binding causes per-request memory leak (DoS risk for long-lived clients)

Omise: Pending invites remain valid even after the inviter is removed.

SingleStore: Exceeding the limit of Workspaces via Race Condition

curl: Unsanitized IPFS CID Allows SSRF Against Configured Gateway

[$550] Rockstar Games: Access to the business emails of Rockstar Support agents through the support platform

curl: AWS SigV4 Signature Disclosure via Verbose Logging in libcurl

[$550] Cloudflare Public Bug Bounty: `use-mcp`'s oauth2 process uses a window.open call with untrusted mcp server provided data allowing for code execution under the page using it

Nextcloud: Email not verified when changing afterwards on apps.nextcloud.com

Nextcloud: Information Exposure Through Directory Listing

Nextcloud: Exposing debug.log file leads to server full path disclosure

curl: Inconsistent URL Parsing in curl Leading to Potential SSRF and Access Control Bypass

Try Feeder for free