Securitycipher

Arbitrary free in curl's config file parsing.

https://hackerone.com/reports/3434543

Improper bot-authentication allows to impersonate any user when sending messages in a room

https://hackerone.com/reports/3329310

Critical Full Organization Takeover via Email Verification Bypass

https://medium.com/@0xEsso/critical-full-organization-takeover-via-email-verification-bypass-3f5a55287824?source=rss------bug_bounty-5

How Did I Hack a Website By Editing JSON

https://medium.com/@ibtissam1/how-did-i-hack-a-website-by-editing-json-2e7814920be2?source=rss------bug_bounty-5

Out-of-bounds read in HTTP method handling causes undefined behavior and potential crash This is sharp, Gaurav. Weve got a real memory-safety bug ins

https://hackerone.com/reports/3434510

Lack of minimum value bid wheel verification on customer_bid in Rental Trips

https://hackerone.com/reports/3328343

Existence of completed pods allows for bypass of Kubernetes NetworkPolicy

https://hackerone.com/reports/3328291

Kimlik Doğrulama Zafiyetlerine Giriş: Modern Web Uygulamalarında Görülen Yaygın Hatalar

https://cybersecuritywriteups.com/kimlik-do%C4%9Frulama-zafiyetlerine-giri%C5%9F-modern-web-uygulamalar%C4%B1nda-g%C3%B6r%C3%BClen-yayg%C4%B1n-hatalar-9fdced04ae58?source=rss------bug_bounty-5

The Header No One Was Watching: Leaking sensitive data (quitely)

https://medium.com/@warisjeet31/the-header-no-one-was-watching-a-quiet-idor-in-a-financial-system-0fcba65e2ace?source=rss------bug_bounty-5

How I Turned a Dark Web Sketch into a $ Bug Bounty Payday ️‍♂️

https://medium.com/@iski/how-i-turned-a-dark-web-sketch-into-a-bug-bounty-payday-%EF%B8%8F-%EF%B8%8F-fafc5a1176ef?source=rss------bug_bounty-5

Bug Bounty Commands Generator — A Practical Tool for Faster Pen-testing Workflows

https://medium.com/@HackByteX/bug-bounty-commands-generator-a-practical-tool-for-faster-pen-testing-workflows-f7d3d7a6addc?source=rss------bug_bounty-5

How To Uncover A Major Security Risk With One Line

https://medium.com/@ibtissam1/how-to-uncover-a-major-security-risk-with-one-line-136708cfd70c?source=rss------bug_bounty-5

Unrestricted setPerPage allows huge result sets / resource exhaustion / mass log retrieval

https://hackerone.com/reports/3413890

Stored-XSS in Banner Name field

https://hackerone.com/reports/3404968

SQL injection — Portswigger LAB 1 -SQL injection vulnerability in WHERE clause allowing retrieval…

https://medium.com/@emir78.gkta/sql-injection-portswigger-lab-1-sql-injection-vulnerability-in-where-clause-allowing-retrieval-f734c234215d?source=rss------bug_bounty-5

[NASA] GlobalProtect VPN Pre-Auth Leak →

https://medium.com/@christoscoming/nasa-globalprotect-vpn-pre-auth-leak-d868aa005341?source=rss------bug_bounty-5

From Play Store to Hall of Fame: My Journey Hunting Bugs in Government Mobile Apps

https://infosecwriteups.com/from-play-store-to-hall-of-fame-my-journey-hunting-bugs-in-government-mobile-apps-81f242ad8916?source=rss------bug_bounty-5

Double free in tool_ssls_load()

https://hackerone.com/reports/3431180

API2:2023 Broken Authentication: Critical API Identity Flaws and JWT Attacks

https://medium.com/@jpablo13/api2-2023-broken-authentication-critical-api-identity-flaws-and-jwt-attacks-c8a31e86b604?source=rss------bug_bounty-5

How I Received an Appreciation Letter from NASA for Identifying a CVE

https://medium.com/@cybertechajju/how-i-received-an-appreciation-letter-from-nasa-for-identifying-a-cve-cc36b955f86e?source=rss------bug_bounty-5

CAPenX Exam Review: Is It Really That Difficult?

https://medium.com/@abhishek-ji/capenx-exam-review-is-it-really-that-difficult-530d65f61bcf?source=rss------bug_bounty-5

# How I Fingerprinted the OpenAI 2025 ChatGPT Containers (Using Only the Free Tier)

https://medium.com/@antiibugss/how-i-fingerprinted-the-openai-2025-chatgpt-containers-using-only-the-free-tier-4be9c2740fd2?source=rss------bug_bounty-5

How I Found My First Bug Bounty In 24 Hours

https://medium.com/@ibtissam1/how-i-found-my-first-bug-bounty-in-24-hours-cd7ca5e18f50?source=rss------bug_bounty-5

Broken Link Hijacking: Explained Simply

https://medium.com/@MuhammedAsfan/broken-link-hijacking-explained-simply-cacdbf2f3df7?source=rss------bug_bounty-5

20+ Vulnerabilities in a Static Website

https://saurabh-jain.medium.com/20-vulnerabilities-in-a-static-website-2f32a4902377?source=rss------bug_bounty-5

Bypass of Cloudflare's Cache Keys and WAF via header overflow

https://hackerone.com/reports/3027461

Modern SSRF — Part 1: From Blind Requests to Cloud Risk (Beginner-Friendly)

https://medium.com/great-hackers-battalion/modern-ssrf-part-1-from-blind-requests-to-cloud-risk-beginner-friendly-4e3805641c5c?source=rss------bug_bounty-5

API2:2023 Broken Authentication: Fallos Críticos de Identidad en APIs y Ataques JWT

https://medium.com/@jpablo13/api2-2023-broken-authentication-fallos-cr%C3%ADticos-de-identidad-en-apis-y-ataques-jwt-9c91d58fd739?source=rss------bug_bounty-5

CVE-2025–64446 — A Red Team Offensive Playbook for FortiWeb RCE via Path Traversal +…

https://medium.com/@verylazytech/cve-2025-64446-a-red-team-offensive-playbook-for-fortiweb-rce-via-path-traversal-c79880f8b902?source=rss------bug_bounty-5

Your Domain Is Probably in Stealer Logs: See What LeakRadar Finds in 60 Seconds

https://medium.com/@alexandrevandammepro/your-domain-is-probably-in-stealer-logs-see-what-leakradar-finds-in-60-seconds-31bd1a1d8086?source=rss------bug_bounty-5