Staff picks
These reports got our attention recently.
All public reports
Learn and take inspiration from reports submitted by other researchers from our bug hunting community. See what areas others are focusing on, how they build their reports, and how they are being rewarded. Note that the following VRPs disclose bugs at alternative locations: Chrome VRP & ChromeOS VRP.
All
Report Image | Report Name | Author | Program | Submitted | Link |
---|---|---|---|---|---|
fix toJSON spelling in firestore sdk | Abhishek Mathur | Feb 12, 2024 | view | ||
Firestore private key leaked by using JSON.stringify on any firestore object in Node.JS | Abhishek Mathur | Nov 27, 2023 | view | ||
v8CTF submission 45ff096edfe1 | madStacks | Oct 26, 2023 | view | ||
Vulnerabilities in the algorithms used by Fuchsia/gVisor to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID | Oct 4, 2023 | view | |||
Auth Bypass in verily.com | Ayush Sahu | Jan 3, 2023 | view | ||
HTML INJECTION | Vaidik Pandya | Dec 8, 2022 | view |
Items per page:
6
1 – 6 of 70