U.S. Dept Of Defense Bug Bounty Program Statistics

U.S. Dept Of Defense Program Statistics

710 total issues disclosed

$8,000 total paid publicly

Most disclosed (153 disclosures) — Cross-site Scripting (XSS) - Reflected

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
Debug Info disclose	Information Exposure Through Debug Information	saqib98	Low	2026-01-12
Reflected XSS Vulnerability in SSL VPN Endpoint — CVE-2025-0133	Cross-site Scripting (XSS) - Reflected	0xkarim_dix	Medium	2026-01-12
Reflected XSS via user Parameter in /ssl-vpn/getconfig.esp	Cross-site Scripting (XSS) - Reflected	aramx4	Medium	2026-01-12
Reflected XSS via user Parameter on getconfig.esp Endpoint	Cross-site Scripting (XSS) - Reflected	aramx4	Medium	2026-01-12
XSS on ███	Cross-site Scripting (XSS) - Reflected	bewgsy	Medium	2026-01-12
Cross-Site Scripting via URL on ████████	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting via 'currentImage' parameter	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting via 'wikitext' parameter	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ███████	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ███████	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ██████████	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting via URL on ███████	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting via URL on ███████	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting via 'RAISED_FUNDS_DESC' parameter	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting via 'autoPlay' parameter	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting via 'description_extra' parameter	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Reflected XSS in `Telerik.ReportViewer.axd` with F5 BIG-IP ASM Bypass on `████`	Cross-site Scripting (XSS) - Reflected	the_reinhardt	Medium	2026-01-12
Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ██████	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ████	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Cross-Site Scripting via 'EVENT_DESCRIPTION' parameter	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
exposed FOUO documents, including Passport information	Information Disclosure	aporia	Medium	2026-01-12
Cross-Site Scripting via 'return_link_url' parameter	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
POST XSS - data[account][id] parameter	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
POST XSS - data[type] parameter	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
POST XSS - fields[account][firstname] parameter	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Reflected Cross-Site Scripting (XSS)	Cross-site Scripting (XSS) - Reflected	maskedpersian	Medium	2026-01-12
Cross-Site Scripting via 'fname' parameter in ███	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Sensitive Images & Files Exposed Through Directory Listing	Information Exposure Through Directory Listing	dhan1sh	Medium	2026-01-12
Cross-Site Scripting (XSS) Vulnerability via parameter c0-id + Akamai Firewall Bypass	Cross-site Scripting (XSS) - DOM	jonasdiasrebelo	Medium	2026-01-12
POST XSS - fields[account][lastname] parameter	Cross-site Scripting (XSS) - Reflected	jonasdiasrebelo	Medium	2026-01-12
Reflected XSS via user parameter on getconfig.esp endpoint	Cross-site Scripting (XSS) - Reflected	aramx4	Medium	2026-01-12
Swagger UI Injection via Config URL - `███`	Resource Injection	0xzyo	Medium	2026-01-12
Exposed Sensitive PDF: Misconfigured Access Controls Leading to Information Disclosure	Information Disclosure	ziad616	Medium	2026-01-12
2FA Bypass via Response Manipulation on Login Page	Authentication Bypass	mikelly	Medium	2026-01-12
Error-based blind SQL injection	SQL Injection	leofmlopes	Medium	2026-01-12
Cross-Site Scripting (XSS) Vulnerability via POST Method + Akamai Firewall Bypass	Cross-site Scripting (XSS) - DOM	jonasdiasrebelo	Medium	2026-01-12
ASBS Analytics Dashboard	Improper Access Control - Generic	badlifeguard	Medium	2026-01-12
Improper Authentication Allows Making Requests as Other Users	Improper Authentication - Generic	tacnull	Medium	2026-01-12
Unauthenticated Users Can Access Other Users’ Bug Report Attachments via Broken Access Control	Insecure Direct Object Reference (IDOR)	azraeldeathangel	High	2026-01-12
CVE‑2025‑4123 — Grafana Open Redirect → Stored XSS → SSRF (Full Read) at ██████	Open Redirect	khoof	High	2026-01-12
Account Takeover via Unverified Email Change and Improper Session Handling	Violation of Secure Design Principles	0xoroot	High	2026-01-12
Exposed wp-config.php file in ███ National Guard website	Information Disclosure	jonasdiasrebelo	High	2026-01-12
Critical PII Data Exposure in ORDER_ERROR_LOG	Cleartext Storage of Sensitive Information	xenion_	High	2026-01-12
SQL Injection - entryid parameter in 'formbuilderv2-confirmation.php'	SQL Injection	jonasdiasrebelo	High	2026-01-12
IDOR Exposes PII of Tens of Thousands of Users and Supervisors	Insecure Direct Object Reference (IDOR)	tacnull	High	2026-01-12
Exposed wp-config.php file	Information Disclosure	jonasdiasrebelo	High	2026-01-12
SQLi in LASCO CME Query	SQL Injection	0daystolive	High	2026-01-12
[███] .NET Framework ObjRefs Disclosure (CVE-2024-29059)	Information Disclosure	xchopath	High	2026-01-12
ASP.NET Application Trace Enabled	Information Exposure Through Debug Information	jonasdiasrebelo	High	2026-01-12
Exposure of Sensitive Debug File Containing database dump with passwords in plain text	Information Disclosure	jonasdiasrebelo	High	2026-01-12
SQL Injection - JSON 'name' parameter	SQL Injection	jonasdiasrebelo	High	2026-01-12
XML E██████ternal Entity (XXE) Injection in ███	XML External Entities (XXE)	maskedpersian	High	2026-01-12
SQL Injection in URI Path Leading to Full Database Disclosure on ████████	SQL Injection	0x0sadat	High	2026-01-12
SQL Injection via URL	SQL Injection	jonasdiasrebelo	High	2026-01-12
SQL Injection - data[account][id] parameter	SQL Injection	jonasdiasrebelo	High	2026-01-12
Unauthenticated File Read Adobe ColdFusion	Improper Access Control - Generic	silentbreach	High	2026-01-12
Secret Access Key of AWS Firehose Disclosure	Information Disclosure	marucube35	High	2026-01-12
Exposed Extremely Sensitive Information in Public ZIP File	Insecure Storage of Sensitive Information	aldenpartridge	Critical	2026-01-12
Air Force candidate PII + recruitment chat logs accessible via BAC/IDOR on █████████ (very large/significant exposure)	Improper Access Control - Generic	oxylis	Critical	2026-01-12
ASBS viewing other soldiers PII/Board/Board Voters/ETC	Information Disclosure	badlifeguard	Critical	2026-01-12
[Critical Data Breach] Exposure of PII Data Leak via API Response	Cleartext Storage of Sensitive Information	rocky1696	Critical	2026-01-12
DNN - Unrestricted Arbitrary File Upload #████████	File Content Injection	0xr2r	Critical	2026-01-12
GlobalProtect - OS Command Injection #█████████	OS Command Injection	0xr2r	Critical	2026-01-12
Information Disclosure in API Endpoint /users	Information Disclosure	moha1sd	Low	2026-01-12
Publicly Accessible CDN Endpoint Exposing XML Metadata (including ETag)	Information Disclosure	l0rdv0ld3m0r7	Low	2026-01-12
Create account without auth via response manipulation	Business Logic Errors	exec_iq	Low	2026-01-12
Information Disclosure via Publicly Accessible Debug Log	Information Exposure Through Debug Information	xgoon	Low	2026-01-12
Applicant security exam Attachments/Documents accessible through an IDOR/BAC on the custom Apex controller on https://█████.mil	Improper Access Control - Generic	oxylis	Critical	2025-02-12
Improper Authentication Allows Making Appeals as Other Users	Improper Authentication - Generic	tacnull	Medium	2025-02-12
Publicly Editable U.S. Air Force Google Spreadsheet Exposing Student Leave Data	Improper Access Control - Generic	kolcyberdef	Medium	2025-02-12
Public google drive link Exposes Military Orders Containing PII (Name, SSN etc..) and Operational Details	Information Disclosure	entropydrifter	Critical	2025-01-24
Exposure of Private Personal Information to an Unauthorized Actor - PII and soldier data (mos, schools, and speciality training)	Violation of Secure Design Principles	hxhbrofessor	Critical	2025-01-24
Boolen Based Blind Sql Injection Via User Agent in ███.mil	SQL Injection	iamunixtz	Medium	2025-01-24
Time-based blind SQL injection	SQL Injection	leofmlopes	Medium	2025-01-24
XSS vulnerability found in javascript code of https://███.mil	Cross-site Scripting (XSS) - Reflected	thpless	Medium	2025-01-24
XSS found in https://www.████████.mil	Cross-site Scripting (XSS) - Reflected	thpless	Medium	2025-01-24
Remote Code Execution and AWS IAM Credentials Exfiltration in https://████████/	Command Injection - Generic	shuvam321	Critical	2024-12-18
CSRF leads to Account takeover	Cross-Site Request Forgery (CSRF)	br0x1337	High	2024-12-18
CSRF leads to Account takeover	Cross-Site Request Forgery (CSRF)	br0x1337	High	2024-12-18
Sensitive data exposure via /secure/███████ endpoint on ████████	Information Disclosure	njmulsqb	Medium	2024-12-18
Sensitive data exposure: █████████ candidate resumes/CVs available to download with no authentication through BAC/IDOR/Improper Salesforce config	Improper Access Control - Generic	oxylis	High	2024-12-18
CSRF Attack on changing security questions leads to full Account TakeOver	Cross-Site Request Forgery (CSRF)	prakhar0x01	High	2024-12-18
CSRF Attack leads to delete album at	Cross-Site Request Forgery (CSRF)	prakhar0x01	Medium	2024-12-18
[ CVE-2018-1000129 ] RXSS At `https://███████` via the URI	Cross-site Scripting (XSS) - Reflected	todayisnew-	Medium	2024-12-18
CSRF to XSS	Cross-Site Request Forgery (CSRF)	k0x	Medium	2024-12-18
XSS Reflected	Cross-site Scripting (XSS) - Reflected	k0x	Medium	2024-12-18
CSRF Attack leads to delete album at ████████	Cross-Site Request Forgery (CSRF)	prakhar0x01	Medium	2024-12-18
Unauthorized Access Exposing Sensitive Data	Improper Authentication - Generic	moha1sd	High	2024-12-18
Lack of rate limiting in https://███/PKI/PassReset.aspx leads to PII disclosure and potential account takeover	Information Exposure Through an Error Message	hypervis0r	Critical	2024-10-25
Unauthenticated LFI (Local File Inclusion) using the symbol `!` At the target `https://████/`	Path Traversal	todayisnew-	High	2024-10-25
SQL Injection	SQL Injection	k0x	High	2024-10-25
CVE-2020-7961 RCE Liferay Portal Unauthenticated via https://████████/	OS Command Injection	exploitmsf	Critical	2024-10-25
Pull Any Automated Record Brief	Information Disclosure	badlifeguard	Critical	2024-10-25
██████ SSN/EDPI	Privacy Violation	badlifeguard	High	2024-10-25
Blind Sql Injection in https://████	SQL Injection	iamunixtz	Medium	2024-08-29
XSS found for https://█████████	Cross-site Scripting (XSS) - Reflected	thpless	Medium	2024-08-29
XSS on ███████	Cross-site Scripting (XSS) - Reflected	0xelkot	Medium	2024-08-29
Cross Site Scripting	Cross-site Scripting (XSS) - Reflected	prakhar0x01	Medium	2024-08-16
Course Registration Form Allowing an attacker to dump all the candidate name who had enrolled for the course	Information Disclosure	steveflex	High	2024-08-16
DoD workstation exposed to internet via TinyPilot KVM with no authentication	Improper Access Control - Generic	socpuppet	Critical	2024-08-16
Blind Stored XSS on the internal host - █████████████	Cross-site Scripting (XSS) - Stored	sp1d3rs	High	2024-08-16
Unauthenticated arbitrary file upload on the https://█████/ (█████████)	Violation of Secure Design Principles	sp1d3rs	High	2024-08-16
Open Akamai ARL XSS on http://master-config-████████	Cross-site Scripting (XSS) - Reflected	renzi	Medium	2024-07-26
Open Akamai ARL XSS on http://media.████████	Cross-site Scripting (XSS) - Reflected	renzi	Medium	2024-07-26
█████████ (Android): Vulnerable to Javascript Injection and Open redirect	Open Redirect	cleanchain50	Medium	2024-07-26
Subdomain takeover ██████	Violation of Secure Design Principles	martinvw	Critical	2024-07-26
Authentication Bypass on https://███████/	Improper Authentication - Generic	bulldawg	Medium	2024-07-19
IDOR leads to PII Leak	Insecure Direct Object Reference (IDOR)	prakhar0x01	Medium	2024-07-19
IDOR leads to view other user Biographical details (Possible PII LEAK)	Insecure Direct Object Reference (IDOR)	prakhar0x01	Medium	2024-07-19
IDOR : Modify other users demographic details	Insecure Direct Object Reference (IDOR)	prakhar0x01	Medium	2024-07-19
Automatic Admin Access	Improper Access Control - Generic	bulldawg	Critical	2024-07-19
Endpoint Redirects to Admin Page and Provides Admin role	Improper Access Control - Generic	bulldawg	Critical	2024-07-19
Local File Inclusion in download.php	Improper Input Validation	tokyoenigma	Medium	2024-07-19
XML External Entity (XXE) Injection	XML External Entities (XXE)	maskedpersian	High	2024-07-19
Email Takeover leads to permanent account deletion	Insecure Direct Object Reference (IDOR)	prakhar0x01	High	2024-07-19
Restrict any user from Login to their account	Improper Authentication - Generic	prakhar0x01	High	2024-07-19
Missing Access Control Allows for User Creation and Privilege Escalation	Improper Access Control - Generic	bulldawg	High	2024-07-19
Unauthenticated arbitrary file upload on the https://█████/ (█████.mil)	Violation of Secure Design Principles	sp1d3rs	High	2024-07-19
Unauthenticated access to internal API at██████████.███.edu [HtUS]	Improper Authorization	matrixsoftsec	High	2024-07-19
XXE with RCE potential on the https://█████████ (CVE-2017-3548)	XML External Entities (XXE)	sp1d3rs	High	2024-07-19
Authentication bypass and potential RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials	Improper Authentication - Generic	sp1d3rs	High	2024-07-19
Unauth IDOR to mass account takeover without user interaction on the ███████ (https://███████.edu/)	Insecure Direct Object Reference (IDOR)	sp1d3rs	High	2024-07-19
Self XSS	Cross-site Scripting (XSS) - Generic	0xtrav	Medium	2024-07-19
[CVE-2018-0296] Cisco VPN path traversal on the https://███ (████████████████)	Path Traversal	sp1d3rs	Medium	2024-07-19
[CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (no hostname)	Path Traversal	sp1d3rs	Medium	2024-07-19
[CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (██████)	Path Traversal	sp1d3rs	Medium	2024-07-19
[CVE-2018-0296] Cisco VPN path traversal on the https://1████████ (https://████████.███.████████/)	Path Traversal	sp1d3rs	Medium	2024-07-19
HTML Injection into https://www.██████.mil	Command Injection - Generic	thpless	Low	2024-07-19
CVE-2023-26347 in https://████.mil/hax/..CFIDE/adminapi/administrator.cfc?method=getBuildNumber&_cfclient=true	Improper Access Control - Generic	traveler5260	High	2024-07-19
Subdomain takeover ████████.mil	Improper Access Control - Generic	martinvw	Critical	2024-06-27
Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak	Insecure Storage of Sensitive Information	sp1d3rs	Critical	2024-06-27
IDOR leading unauthenticated attacker to download documents discloses PII of users and soldiers via https://www.█████████/Download.aspx?id= [HtUS]	Insecure Direct Object Reference (IDOR)	berserker22	High	2024-06-27
[HTAF4-213] [Pre-submission] HTTPOnly session cookie exposure on the /csstest endpoint	Information Exposure Through Debug Information	sp1d3rs	Medium	2024-06-18
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███)	Path Traversal	sp1d3rs	High	2024-06-18
[CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (████.███.mil)	Path Traversal	sp1d3rs	Medium	2024-06-18
[HTAF4-213] [Pre-submission] Unsafe AMF deserialization (CVE-2017-5641) in Apache Flex BlazeDS at the https://www.███████/daip/messagebroker/amf	Deserialization of Untrusted Data	sp1d3rs	Critical	2024-06-18
[CVE-2018-0296] Cisco VPN path traversal on the https://██████████	Path Traversal	sp1d3rs	Medium	2024-06-18
[CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (█████████.mil)	Path Traversal	sp1d3rs	Medium	2024-06-18
Out-Of-Bounds Memory Read on ███	Out-of-bounds Read	maskedpersian	No rating	2024-06-18
Subdomain Takeover via Host Header Injection on www.█████	Violation of Secure Design Principles	ezequielpuig	Critical	2024-06-18
[HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2.██████/nssi/core/dot_stu_reg/Registration.aspx	Cross-site Scripting (XSS) - Reflected	sp1d3rs	Medium	2024-06-18
CVE-2021-39226 Discovered on endpoint https://██████/api/snapshots	Improper Access Control - Generic	adam_wallwork	High	2024-06-18
Reflected XSS via Keycloak on ███ [CVE-2021-20323]	Cross-site Scripting (XSS) - Reflected	maskedpersian	Medium	2024-05-03
reflected xss [CVE-2020-3580]	Cross-site Scripting (XSS) - Reflected	maskedpersian	Medium	2024-05-03
Reflected Cross-site Scripting via search query on ██████	Cross-site Scripting (XSS) - Reflected	neg0x	Medium	2024-05-03
Reflected XSS on error message on Login Page	Cross-site Scripting (XSS) - Reflected	kurogai	Medium	2024-05-03
Reflected XSS via Moodle on ███ [CVE-2022-35653]	Cross-site Scripting (XSS) - Reflected	maskedpersian	Medium	2024-05-03
SQL injection on ██████████ via 'where' parameter	SQL Injection	neg0x	Medium	2024-05-03
███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions	Cleartext Storage of Sensitive Information	oxylis	Critical	2024-03-22
Improper Authentication (Login without Registration with any user) at ████	Improper Authentication - Generic	archyxsec	High	2024-03-22
Xss - ███	Cross-site Scripting (XSS) - Reflected	chor4o	Medium	2024-03-22
Xss Parameter: /<s>/[*]/<s>.css ████████	Cross-site Scripting (XSS) - Reflected	chor4o	Medium	2024-03-22
Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████]	Improper Authentication - Generic	dishant_singh	Critical	2024-03-22
Parâmetro XSS: Nome de usuário - █████████	Cross-site Scripting (XSS) - Reflected	chor4o	Medium	2024-03-22
Resource Injection - [████████]	Resource Injection	geej	Medium	2024-03-22
Full Access to sonarQube and Docker	Information Disclosure	micro01	Critical	2024-03-22
Reflective Cross Site Scripting (XSS) on ███████/Pages	Cross-site Scripting (XSS) - Reflected	predatorsparrow	Medium	2024-03-22
DBMS information getting exposed publicly on -- [ ██████████ ]	Insecure Storage of Sensitive Information	dishant_singh	High	2024-03-22
Time based SQL injection at████████	SQL Injection	aziz0x48	High	2024-01-26
Unauthenticated Jenkins instance exposed information related to █████	Improper Authentication - Generic	ashutosh7	High	2024-01-26
RCE in ███ [CVE-2021-26084]	OS Command Injection	fdeleite	Critical	2023-12-21
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)	Code Injection	fdeleite	High	2023-12-21
RCE on ███████ [CVE-2021-26084]	OS Command Injection	fdeleite	Critical	2023-12-21
IDOR to delete profile images in https:███████	Insecure Direct Object Reference (IDOR)	maskedpersian	Medium	2023-12-21
RCE via File Upload with a Null Byte Truncated File Extension at https://██████/	Command Injection - Generic	pizzapower	Critical	2023-12-21
[████████] RXSS via "CurrentFolder" parameter	Cross-site Scripting (XSS) - Reflected	qu1nten	Medium	2023-12-21
Default Admin Username and Password on ███	Improper Access Control - Generic	maskedpersian	Critical	2023-12-21
Unauthorized access to Argo dashboard on █████	Improper Access Control - Generic	devdevrl	Medium	2023-12-21
Unauthenticated File Read Adobe ColdFusion	Improper Access Control - Generic	r00tdaddy	High	2023-12-21
Adobe ColdFusion Access Control Bypass - CVE-2023-38205	Improper Access Control - Generic	0r10nh4ck	High	2023-12-21
Elasticsearch is currently open without authentication on https://██████l	Information Disclosure	roland_hack	Medium	2023-12-21
Full account takeover of any user through reset password	Improper Authentication - Generic	maskedpersian	Medium	2023-11-17
XSS in Cisco Endpoint	Cross-site Scripting (XSS) - Generic	r00tdaddy	Medium	2023-11-17
Unathenticated file read (CVE-2020-3452)	Path Traversal	r00tdaddy	High	2023-11-17
[███████] Information disclosure due unauthenticated access to APIs and system browser functions	Information Disclosure	h0w	Medium	2023-11-03
User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx	Improper Access Control - Generic	mrr0b0t2324	Critical	2023-11-03
Information Disclosure FrontPage Configuration Information	Improper Access Control - Generic	gu4rdianbyte	Medium	2023-10-20
[█████████] Information disclosure due unauthenticated access to APIs and system browser functions	Information Disclosure	hackeronanywhere	Medium	2023-09-29
authentication bypass	Improper Authentication - Generic	xandsz	Medium	2023-09-29
Reflected XSS at https://██████/	Cross-site Scripting (XSS) - Reflected	testingforbugs	Medium	2023-09-29
[██████] Reflected XSS via Keycloak on ██████	Cross-site Scripting (XSS) - Reflected	hackeronanywhere	Medium	2023-09-29
CVE-2023-24488 xss on https://██████/	Cross-site Scripting (XSS) - Reflected	0xmaruf	Medium	2023-09-08
stored cross site scripting in https://████████.edu	Cross-site Scripting (XSS) - Stored	maskedpersian	Medium	2023-09-08
XSS Reflected	Cross-site Scripting (XSS) - Reflected	ferreiraklet_	Medium	2023-09-08
Blind Sql Injection in https://█████/qsSearch.aspx	SQL Injection	hack0neone	High	2023-09-08
Blind Sql Injection in https://████████/	SQL Injection	hack0neone	High	2023-09-08
LDAP Anonymous Login enabled in ████	Information Disclosure	shuvam321	High	2023-09-08
SqlInject at ██████	SQL Injection	appllite	Medium	2023-09-08
Adobe ColdFusion - Access Control Bypass [CVE-2023-38205] at ██████	Improper Access Control - Generic	hacker1_agent	High	2023-09-08
Blind Sql Injection https:/████████	SQL Injection	codeslayer1337	Medium	2023-06-30
External service interaction ( DNS and HTTP ) in www.████████	Server-Side Request Forgery (SSRF)	0xmzm	High	2023-06-23
Docker Registry without authentication leads to docker images download	Improper Access Control - Generic	samuelsiv	Medium	2023-06-23
CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman	Cross-site Scripting (XSS) - Reflected	rook1337	Medium	2023-06-09
Reflected xss on https://█████████	Cross-site Scripting (XSS) - Reflected	rektile404	Medium	2023-06-02
DOM-XSS	Cross-site Scripting (XSS) - DOM	medokll0011	Medium	2023-06-02
Leaks of username and password leads to CVE-2018-18862 exploitation	Improper Access Control - Generic	pll25	High	2023-06-02
Exposed GIT repo on ██████████[HtUS]	Cleartext Storage of Sensitive Information	nightm4re	Critical	2023-05-15
CSRF to delete accounts [HtUS]	Cross-Site Request Forgery (CSRF)	nightm4re	High	2023-05-15
XSS in ServiceNow logout https://████:443	Cross-site Scripting (XSS) - Reflected	colemanj	Medium	2023-05-15
[HTA2] XXE on https://███ via SpellCheck Endpoint.	XML External Entities (XXE)	cdl	Critical	2023-05-15
[hta3] Remote Code Execution on ████	Code Injection	cdl	Critical	2023-05-15
LDAP Server NULL Bind Connection Information Disclosure	Improper Access Control - Generic	0xmaruf	High	2023-05-15
AEM misconfiguration leads to Information disclosure	Information Disclosure	cametome006	Medium	2023-05-15
Sensitive Data Exposure via wp-config.php file	Information Disclosure	0r10nh4ck	Critical	2023-05-15
Default Credentials on Kinetic Core System Console - https://█████/kinetic/app/	Use of Default Credentials	waterlord7788	Critical	2023-05-15
[HTA2] Authorization Bypass on https://██████ leaks confidential aircraft/missile information	Improper Authorization	cdl	Critical	2023-04-14
Reflected XSS in ████████████	Cross-site Scripting (XSS) - Reflected	0xd3adc0de	Medium	2023-04-14
Email exploitation with web hosting services.	Information Disclosure	mdfarhanchowdhuryhasin	Medium	2023-04-14
WordPress application vulnerable to DoS attack via wp-cron.php	Uncontrolled Resource Consumption	0r10nh4ck	Critical	2023-04-14
Unauthenticated Blind SSRF at https://█████ via xmlrpc.php file	Server-Side Request Forgery (SSRF)	0r10nh4ck	High	2023-04-14
DoS at █████(CVE-2018-6389)	Uncontrolled Resource Consumption	a4hamkhan	Critical	2023-03-24
Improper Access Control on Media Wiki allows an attackers to restart installation on DoD asset	Improper Access Control - Generic	miguel_santareno	Medium	2023-03-24
Path traversal leads to reading of local files on ███████ and ████	Path Traversal	rodriguezjorgex	High	2023-03-24
Reflected XSS in ██████	Cross-site Scripting (XSS) - Reflected	0xd3adc0de	Medium	2023-03-24
xmlrpc.php file enabled at ██████.org	Violation of Secure Design Principles	iam_a_jinchuriki	Medium	2023-03-24
Client side authentication leads to Auth Bypass	Improper Authentication - Generic	kalkii	Medium	2023-03-24
Reflected XSS in ██████████	Cross-site Scripting (XSS) - Reflected	0xd3adc0de	Medium	2023-03-24
HAProxy stats panel exposed externally	Information Disclosure	kalkii	Medium	2023-03-24
Reflected XSS in ██████████	Cross-site Scripting (XSS) - Reflected	0xd3adc0de	Medium	2023-03-24
[█████] Bug Reports allow for Unrestricted File Upload	Violation of Secure Design Principles	b911bade858ce8e6a0f50f8	High	2023-02-24
Install.php File Exposure on Drupal	Information Exposure Through an Error Message	carpc	Medium	2023-02-24
[XSS] Reflected XSS via POST request	Cross-site Scripting (XSS) - Reflected	0xd3adc0de	Medium	2023-02-24
CORS Misconfiguration in https://████████/accounts/login/	Improper Access Control - Generic	deepvvm	Medium	2023-02-24
DoS at ████████ (CVE-2018-6389)	Uncontrolled Resource Consumption	raditz	Critical	2023-02-24
Sensitive Data Exposure at https://█████████	Information Disclosure	0r10nh4ck	High	2023-02-24
AWS Credentials Disclosure at ███	Improper Access Control - Generic	0r10nh4ck	Medium	2023-02-24
Upload and delete files in debug page without access control.	Improper Access Control - Generic	0r10nh4ck	High	2023-02-24
Reflected XSS at ████████	Cross-site Scripting (XSS) - Reflected	ohzo	Medium	2023-02-24
Authentication Bypass Using Default Credentials on █████	Improper Authentication - Generic	hack3ron___1	Critical	2023-02-24
Sensitive information disclosure [HtUS]	Information Disclosure	syarif07	High	2023-02-24
Splunk Sensitive Information Disclosure @████████	Insecure Storage of Sensitive Information	spell1	Medium	2023-02-13
[U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions	Violation of Secure Design Principles	hackeronanywhere	Medium	2023-01-27
Reflected XSS on ██████.mil	Cross-site Scripting (XSS) - Reflected	alishah	Medium	2023-01-27
reflected xss in www.████████.gov	Cross-site Scripting (XSS) - Reflected	maskedpersian	Medium	2023-01-27
XSS on ( █████████.gov ) Via URL path	Cross-site Scripting (XSS) - Reflected	notajax	Medium	2023-01-27
Critical sensitive information Disclosure. [HtUS]	Information Disclosure	ghostkernalbbt	High	2023-01-13
Wordpress Takeover using setup configuration at http://████.edu [HtUS]	Misconfiguration	ghostkernalbbt	Critical	2023-01-13
IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https://██████/	Insecure Direct Object Reference (IDOR)	696e746c6f6c	No rating	2023-01-06
Reflected XSS	Cross-site Scripting (XSS) - Reflected	f6x	Medium	2023-01-06
stored cross site scripting in https://███	Cross-site Scripting (XSS) - Stored	maskedpersian	Medium	2023-01-06
stored cross site scripting in https://███	Cross-site Scripting (XSS) - Stored	maskedpersian	Medium	2023-01-06
Unauthenticated phpinfo()files could lead to ability file read at █████████ [HtUS]	Missing Encryption of Sensitive Data	hackeronanywhere	Medium	2023-01-06
stored cross site scripting in https://███	Cross-site Scripting (XSS) - Stored	maskedpersian	Medium	2023-01-06
stored cross site scripting in https://█████████	Cross-site Scripting (XSS) - Stored	maskedpersian	Medium	2023-01-06
stored cross site scripting in https://███	Cross-site Scripting (XSS) - Stored	maskedpersian	Medium	2023-01-06
stored cross site scripting in https://██████████	Cross-site Scripting (XSS) - Stored	maskedpersian	Medium	2023-01-06
stored cross site scripting in https://███████	Cross-site Scripting (XSS) - Stored	maskedpersian	Medium	2023-01-06
stored cross site scripting in https://████	Cross-site Scripting (XSS) - Stored	maskedpersian	Medium	2023-01-06
stored cross site scripting in https://██████████	Cross-site Scripting (XSS) - Stored	maskedpersian	Medium	2023-01-06
Sql Injection At █████████	SQL Injection	w13d0m	Medium	2023-01-06
Local File Read vulnerability on ██████████ [HtUS]	PHP Local File Inclusion	demon1c	High	2023-01-06
[███████] Remote Code Execution at ██████ [CVE-2021-44529] [HtUS]	Code Injection	norwegianwood	Critical	2023-01-06
SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS]	SQL Injection	haxor31337	Critical	2023-01-06
CSRF to ATO at https://█████/user/account [HtUS]	Cross-Site Request Forgery (CSRF)	pwn33d	High	2023-01-06
xss on reset password page	Cross-site Scripting (XSS) - Generic	0x53_0x52_0x59	Medium	2023-01-06
XSS via Client Side Template Injection on www.███/News/Speeches	Cross-site Scripting (XSS) - Generic	chef_shell	Medium	2023-01-06
Open Redirect at █████	Open Redirect	angeltsvetkov	Medium	2022-11-18
IDOR on ███████ [HtUS]	Insecure Direct Object Reference (IDOR)	nightm4re	Medium	2022-11-18
Reflected XSS \| https://████	Cross-site Scripting (XSS) - Reflected	x3ph_	Medium	2022-11-18
Reflected XSS \| https://████████	Cross-site Scripting (XSS) - Reflected	x3ph_	Medium	2022-11-18
LOGJ4 VUlnerability [HtUS]	Command Injection - Generic	ferreiraklet_	Critical	2022-11-18
Host Header Injection on https://███/████████/Account/ForgotPassword	Business Logic Errors	696e746c6f6c	Medium	2022-10-14
Unauthenticated SQL Injection at █████████ [HtUS]	SQL Injection	0xd0ff9	Critical	2022-10-14
.git folder exposed [HtUS]	Information Disclosure	sudi	Critical	2022-10-14
Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS]	Information Disclosure	shreky	Medium	2022-10-14
Authentication bypass leads to Information Disclosure at U.S Air Force "https://███"	Improper Access Control - Generic	h41th3m	High	2022-10-14
SSRF to read AWS metaData at https://█████/ [HtUS]	Server-Side Request Forgery (SSRF)	rohsec	Critical	2022-10-14
Found Origin IP's Lead To Access ████	Violation of Secure Design Principles	ibrahim0936356	Low	2022-10-14
Broken access discloses users and PII at https://███████ [HtUS]	Improper Access Control - Generic	g4mb4	High	2022-10-14
Local file read at https://████/ [HtUS]	Path Traversal: '.../...//'	sudi	Critical	2022-10-14
[hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on [███]	Cross-site Scripting (XSS) - Reflected	jr0ch17	High	2022-10-14
[HTA2] Receiving████ access request on @wearehackerone.com email address	Information Disclosure	jr0ch17	Medium	2022-10-14
Blind SSRF via image upload URL downloader on https://██████/	Server-Side Request Forgery (SSRF)	696e746c6f6c	High	2022-10-14
Account Takeover and Information update due to cross site request forgery via POST █████████/registration/my-account.cfm	Cross-Site Request Forgery (CSRF)	snifyak	Medium	2022-10-14
IDOR leaking PII data via VendorId parameter	Insecure Direct Object Reference (IDOR)	696e746c6f6c	Medium	2022-10-14
Account takeover on ███████ [HtUS]	Improper Authentication - Generic	nightm4re	High	2022-10-14
insecure gitlab repositories at ████████ [HtUS]	Information Disclosure	thpless	High	2022-09-27
[hta3] Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import	Code Injection	cdl	Critical	2022-09-15
STORED XSS in █████████/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS]	Cross-site Scripting (XSS) - Stored	shreky	High	2022-09-14
time based SQL injection at [https://███] [HtUS]	SQL Injection	malcolmx	Critical	2022-09-14
SQL injection at [█████████] [HtUS]	SQL Injection	malcolmx	Critical	2022-09-14
SQL injection at [https://█████████] [HtUS]	SQL Injection	malcolmx	Critical	2022-09-14
SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS]	Server-Side Request Forgery (SSRF)	codeprivate	Critical	2022-09-14
an internel important paths disclosure [HtUS]	Information Disclosure	ahmed0x0mahmoud	Medium	2022-09-14
Full read SSRF at █████████ [HtUS]	Server-Side Request Forgery (SSRF)	sudi	High	2022-09-14
Unprotected ██████ and Test site API Exposes Documents, Credentials, and Emails in ██████████ Proposal System	Improper Access Control - Generic	byteone	High	2022-09-14
SSRF ACCESS AWS METADATA - █████	Server-Side Request Forgery (SSRF)	0xr3dhunt	Medium	2022-09-14
IDOR Lead To VIEW & DELETE & Create api_key [HtUS]	Insecure Direct Object Reference (IDOR)	bate5a	Medium	2022-09-14
XSS DUE TO CVE-2022-38463 in https://████████	Cross-site Scripting (XSS) - Reflected	shuvam321	Medium	2022-09-14
springboot actuator is leaking internals at ██████████	Information Disclosure	thpless	Critical	2022-09-14
Directory Traversal at █████	Path Traversal	0x45	High	2022-09-14
Reflected XSS [██████]	Cross-site Scripting (XSS) - Reflected	fdeleite	Medium	2022-09-14
Reflected Xss in [██████]	Cross-site Scripting (XSS) - Generic	medblgsec	Medium	2022-09-06
Reflected cross site scripting in https://███████	Cross-site Scripting (XSS) - Reflected	maskedpersian	Medium	2022-09-06
RXSS on █████████	Cross-site Scripting (XSS) - Reflected	tmz900	Medium	2022-09-06
solr_log4j - http://██████████	Code Injection	hachimanxienim	Critical	2022-09-06
██████_log4j - https://██████	Code Injection	hachimanxienim	Critical	2022-09-06
Stored XSS at https://█████	Cross-site Scripting (XSS) - Stored	r0x0rz	High	2022-09-06
RXSS on ███████	Cross-site Scripting (XSS) - Reflected	tmz900	Medium	2022-09-06
Access to admininstrative resources/account via path traversal	Path Traversal	j4k3d	Critical	2022-09-06
XSS DUE TO CVE-2020-3580	Cross-site Scripting (XSS) - Reflected	cruxn3t	Medium	2022-09-06
The dashboard is exposed in https://███	Information Disclosure	alitoni224	Critical	2022-09-06
Subdomain takeover of █████████	Security Through Obscurity	martinvw	Critical	2022-09-06
Unauthorized Access to Internal Server Panel without Authentication	Improper Access Control - Generic	ahmd_halabi	Medium	2022-06-27
Reflected XSS via `████████` parameter	Cross-site Scripting (XSS) - Reflected	mdakh404	Medium	2022-06-27
RXSS on █████████	Cross-site Scripting (XSS) - Reflected	tmz900	Medium	2022-06-10
[Urgent] Critical Vulnerability [RCE] on ███ vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635	Code Injection	ashutosh7	High	2022-05-26
[CVE-2020-3452] Unauthenticated file read in Cisco ASA	Path Traversal	b4dc4t	High	2022-05-12
[CVE-2020-3452] Unauthenticated file read in Cisco ASA	Path Traversal	b4dc4t	High	2022-05-12
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion	Path Traversal	b4dc4t	Critical	2022-05-12
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion	Path Traversal	b4dc4t	Critical	2022-05-12
SQL Injection on https://████████/	SQL Injection	cdl	High	2022-05-12
SQL Injection on █████	SQL Injection	cdl	High	2022-05-12
lfi in filePathDownload parameter via ███████	Path Traversal	exploitmsf	High	2022-04-29
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████	Information Disclosure	njmulsqb	Medium	2022-04-29
SSRF due to CVE-2021-27905 in www.████████	Server-Side Request Forgery (SSRF)	fdeleite	Medium	2022-04-29
██████████ vulnerable to CVE-2022-22954	Code Injection	v1ct0rv0nd00m	Critical	2022-04-29
Blind SQL Injection	SQL Injection	mido0x0x	Medium	2022-04-29
SQL INJECTION in https://████/██████████	SQL Injection	mido0x0x	Medium	2022-04-29
Reflected XSS [██████]	Cross-site Scripting (XSS) - Reflected	fdeleite	Medium	2022-04-29
Reflected XSS [███]	Cross-site Scripting (XSS) - Reflected	fdeleite	Medium	2022-04-29
Open Akamai ARL XSS at ████████	Cross-site Scripting (XSS) - Generic	whoisbinit	Medium	2022-04-20
Full account takeover in ███████ due lack of rate limiting in forgot password	Improper Restriction of Authentication Attempts	takester	High	2022-04-20
███ vulnerable to CVE-2022-22954	Code Injection	v1ct0rv0nd00m	Critical	2022-04-20
CORS Misconfiguration	Violation of Secure Design Principles	shirshak	Medium	2022-04-20
Reflected XSS on [█████████]	Cross-site Scripting (XSS) - Reflected	saajanbhujel	Medium	2022-04-07
[www.█████] Path-based reflected Cross Site Scripting	Cross-site Scripting (XSS) - Reflected	geeknik	Medium	2022-04-07
[CVE-2020-3452] on ███████	Path Traversal	splint3rsec	High	2022-04-07
username and password leaked via pptx for █████████ website	Cleartext Storage of Sensitive Information	ibrahimatix0x01	Medium	2022-04-07
Broken access control, can lead to legitimate user data loss	Improper Access Control - Generic	lubak	High	2022-04-07
Authorization bypass -> IDOR -> PII Leakage	Insecure Direct Object Reference (IDOR)	lubak	High	2022-04-07
Cross-site Scripting (XSS) - Reflected at https://██████████/	Cross-site Scripting (XSS) - Reflected	mamunwhh	Medium	2022-04-07
SQL Injection in █████	SQL Injection	lubak	Critical	2022-04-07
XSS on https://████████/████' parameter	Cross-site Scripting (XSS) - Reflected	homosec	Medium	2022-04-07
XSS on https://███████/██████████ parameter	Cross-site Scripting (XSS) - Reflected	homosec	Medium	2022-04-07
XSS on https://██████/███ via █████ parameter	Cross-site Scripting (XSS) - Reflected	homosec	Medium	2022-04-07
XSS on https://████/ via ███████ parameter	Cross-site Scripting (XSS) - Reflected	homosec	Medium	2022-04-07
Open Akamai ARL XSS at ████████	Cross-site Scripting (XSS) - Reflected	whoisbinit	Medium	2022-04-07
Bypassing CORS Misconfiguration Leads to Sensitive Exposure at https://███/	Violation of Secure Design Principles	whoisbinit	Medium	2022-04-07
XSS Reflected - ███	Cross-site Scripting (XSS) - Reflected	drauschkolb	Medium	2022-04-07
Military name,email,phone,address,certdata Disclosure	Insecure Storage of Sensitive Information	unknownsh	Critical	2022-03-18
CVE-2020-3452 on https://█████/	Path Traversal	pirneci	High	2022-03-18
Arbitrary File Deletion (CVE-2020-3187) on ████████	Path Traversal	pirneci	High	2022-03-18
CSRF - Modify User Settings with one click - Account TakeOver	Cross-Site Request Forgery (CSRF)	ahmd_halabi	Medium	2022-03-18
Reflected XSS - in Email Input	Cross-site Scripting (XSS) - Reflected	ahmd_halabi	Medium	2022-03-18
IDOR - Delete Users Saved Projects	Insecure Direct Object Reference (IDOR)	ahmd_halabi	Medium	2022-03-18
CSRF - Delete Account (Urgent)	Cross-Site Request Forgery (CSRF)	ahmd_halabi	Medium	2022-03-18
CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████	Cross-site Scripting (XSS) - Reflected	3th1c_yuk1	Medium	2022-03-18
XSS because of Akamai ARL misconfiguration on ████	Cross-site Scripting (XSS) - Reflected	pirneci	Medium	2022-03-18
Arbitrary File Read at ███ via filename parameter	Path Traversal	shiar	Critical	2022-02-14
Broken Authentication	Improper Access Control - Generic	websecnl	High	2022-02-14
IDOR	Insecure Direct Object Reference (IDOR)	websecnl	Medium	2022-02-14
CUI Labelled document out in the open	Information Disclosure	pll25	Medium	2022-02-14
EC2 subdomain takeover at http://████████/	Privilege Escalation	dreyand_	Critical	2022-02-14
XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags	Cross-site Scripting (XSS) - Generic	basant0x01	Medium	2022-02-14
Reflected XSS at https://█████████ via "███" parameter	Cross-site Scripting (XSS) - Reflected	pelegn	Medium	2022-02-14
Reflected XSS at https://█████ via "██████████" parameter	Cross-site Scripting (XSS) - Reflected	pelegn	Medium	2022-02-14
Reflected XSS at https://██████████/████████ via "███████" parameter	Cross-site Scripting (XSS) - Reflected	pelegn	Medium	2022-02-14
Reflected XSS at https://██████/██████ via "██████" parameter	Cross-site Scripting (XSS) - Reflected	pelegn	Medium	2022-02-14
Reflected XSS at https://██████/██████████ via "████████" parameter	Cross-site Scripting (XSS) - Reflected	pelegn	Medium	2022-02-14
(CORS) Cross-origin resource sharing misconfiguration on https://█████████	Business Logic Errors	fiveguyslover	Medium	2022-02-14
default ████ creds on https://████████	Information Disclosure	pirateducky	Critical	2022-02-14
Unauthorized access to PII leads to MASS account Takeover	Business Logic Errors	takester	Critical	2022-02-14
RXSS ON https://██████████	Cross-site Scripting (XSS) - Reflected	iam_a_jinchuriki	Medium	2022-02-14
[CVE-2020-3452] Unauthenticated file read in Cisco ASA	Path Traversal	b4dc4t	Critical	2022-02-14
███ ████████ running a vulnerable log4j	Use of Externally-Controlled Format String	alex_gaynor	Critical	2022-01-19
██████████ running a vulnerable log4j	Use of Externally-Controlled Format String	alex_gaynor	Critical	2022-01-19
Reflected XSS on https://███/████via hidden parameter "█████████"	Cross-site Scripting (XSS) - Reflected	supr4s	Medium	2022-01-19
Reflected XSS in https://███████ via hidden parameter "████████"	Cross-site Scripting (XSS) - Reflected	supr4s	Medium	2022-01-19
XSS Reflected - ██████████	Cross-site Scripting (XSS) - Reflected	drauschkolb	Medium	2022-01-19
Wrong settings in ADF Faces leads to information disclosure	Information Disclosure	h3xr	High	2022-01-19
Log4Shell: RCE 0-day exploit on █████████	Code Injection	mr_x_strange	Critical	2022-01-03
Rxss on █████████ via logout?service=javascript:alert(1)	Cross-site Scripting (XSS) - Reflected	m00n_knight	Medium	2021-12-22
Expired SSL Certificate allows credentials steal	Violation of Secure Design Principles	dmonsterrr	Medium	2021-11-29
Unauthenticated Access to Admin Panel Functions at https://███████/███	Improper Access Control - Generic	palaziv	Critical	2021-11-29
Unauthenticated Access to Admin Panel Functions at https://██████████/████████	Improper Access Control - Generic	palaziv	Critical	2021-11-29
Reflected XSS at ████ via ██████████= parameter	Cross-site Scripting (XSS) - Reflected	zhenwarx	Medium	2021-10-28
AWS subdomain takeover of www.███████	Improper Access Control - Generic	al-madjus	High	2021-10-28
RXSS Via URI Path - https://██████████/	Cross-site Scripting (XSS) - Reflected	0xelkomy	Medium	2021-10-18
RXSS - https://████████/	Cross-site Scripting (XSS) - Reflected	0xelkomy	Medium	2021-10-18
phpinfo() disclosure info	Information Disclosure	0xelkomy	Medium	2021-10-18
Reflected Xss https://██████/	Cross-site Scripting (XSS) - Reflected	0xelkomy	Medium	2021-10-18
RXSS - ████	Cross-site Scripting (XSS) - Reflected	0xelkomy	Medium	2021-10-18
DoD internal documents are leaked to the public	Information Disclosure	mrempy	Medium	2021-10-15
POST based RXSS on https://███████/ via ███ parameter	Cross-site Scripting (XSS) - Reflected	nagli	Medium	2021-10-13
Path traversal on [███]	Path Traversal	ozn3r	High	2021-10-13
Subdomain takeover [████████]	Privilege Escalation	fdeleite	Critical	2021-10-13
Cache Posioning leading to denial of service at `█████████` - Bypass fix from report #1198434	Denial of Service	brumens	High	2021-10-13
███████ - XSS - CVE-2020-3580	Cross-site Scripting (XSS) - Reflected	pr3r00t	Medium	2021-09-29
Information disclosure at '████████' --- CVE-2020-14179	Information Disclosure	0x3f	Medium	2021-09-29
SQL injection located in `███` in POST param `████████`	SQL Injection	brumens	High	2021-09-09
System Error Reveals SQL Information	Information Exposure Through Debug Information	miguel_santareno	Medium	2021-09-09
Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179	Information Disclosure	lu3ky-13	Medium	2021-09-09
XSS due to CVE-2020-3580 [███]	Cross-site Scripting (XSS) - Reflected	fdeleite	Medium	2021-09-09
XSS due to CVE-2020-3580 [██████]	Cross-site Scripting (XSS) - Reflected	fdeleite	Medium	2021-09-09
Subdomain takeover of ███	Privilege Escalation	simplyrishabh	Critical	2021-09-09
CUI labled and ████ Restricted pdf on █████	Insecure Storage of Sensitive Information	alyssa_herrera	Medium	2021-08-26
https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability)	Path Traversal	team_tsk	Medium	2021-08-26
Sensitive information on ██████████	Cleartext Storage of Sensitive Information	3mm3	Medium	2021-08-26
Sensitive information on '████████'	Cleartext Storage of Sensitive Information	3mm3	Medium	2021-08-26
[CVE-2021-29156] LDAP Injection at https://██████	LDAP Injection	whoisbinit	Medium	2021-08-26
XSS on ███	Cross-site Scripting (XSS) - Reflected	0xelkot	Medium	2021-08-19
S3 bucket listing/download	Improper Access Control - Generic	fdeleite	Medium	2021-08-19
[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!	LDAP Injection	whoisbinit	Medium	2021-08-19
CUI labled and ████ and ██████ Restricted ██████ intelligence	Information Disclosure	alyssa_herrera	Medium	2021-08-19
XSS due to CVE-2020-3580 [███.mil]	Cross-site Scripting (XSS) - Reflected	fdeleite	Medium	2021-08-19
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)	Code Injection	fdeleite	High	2021-07-29
XSS DUE TO CVE-2020-3580	Cross-site Scripting (XSS) - Reflected	vess_razz	Medium	2021-07-29
xss on https://███████(█████████ parameter)	Cross-site Scripting (XSS) - Reflected	fiveguyslover	Medium	2021-07-29
Cross site scripting	Cross-site Scripting (XSS) - Reflected	lu3ky-13	Medium	2021-07-29
[HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████	Cryptographic Issues - Generic	sp1d3rs	High	2021-07-29
Reflected XSS - https://███	Cross-site Scripting (XSS) - Reflected	fiveguyslover	Medium	2021-07-29
XSS Reflected on https://███ (███ parameter)	Cross-site Scripting (XSS) - Reflected	fiveguyslover	Medium	2021-07-29
xss reflected on https://███████- (███ parameters)	Cross-site Scripting (XSS) - Reflected	fiveguyslover	Medium	2021-07-29
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████	File and Directory Information Exposure	sp1d3rs	Critical	2021-07-29
SQL injection my method -1 OR 321=6 AND 000159=000159	Code Injection	lu3ky-13	Medium	2021-07-29
All private support requests to ███████ are being disclosed at https://███████	Information Disclosure	nagli	High	2021-07-29
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)	Code Injection	fdeleite	High	2021-07-29
SQLi on █████████	SQL Injection	hexagr	High	2021-07-29
XSS DUE TO CVE-2020-3580	Cross-site Scripting (XSS) - Reflected	veshrajghimire	Medium	2021-07-29
Cache Posioning leading do Denial of Service on `www.█████████`	Denial of Service	brumens	High	2021-07-09
Self stored Xss + Login Csrf	Cross-site Scripting (XSS) - Stored	biest	Medium	2021-06-30
IDOR while uploading ████ attachments at [█████████]	Insecure Direct Object Reference (IDOR)	prophet	High	2021-06-30
Reflected XSS at [████████]	Cross-site Scripting (XSS) - Reflected	prophet	Medium	2021-06-30
CSRF Based XSS @ https://██████████	Cross-site Scripting (XSS) - Reflected	nagli	Medium	2021-06-30
Unauthorized access to admin panel of the Questionmark Perception system at https://██████████	Improper Access Control - Generic	qdoan95	Critical	2021-06-30
[www.███] Reflected Cross-Site Scripting	Cross-site Scripting (XSS) - Reflected	celesian	Medium	2021-06-30
[█████████] Reflected Cross-Site Scripting Vulnerability	Cross-site Scripting (XSS) - Reflected	celesian	Medium	2021-06-30
Default Admin Username and Password on █████ Server at █████████mil	Improper Access Control - Generic	the_boschko	Critical	2021-06-15
Reflected XSS through ClickJacking	Cross-site Scripting (XSS) - Reflected	sazouki	Medium	2021-06-15
XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil	XML Injection	fiveguyslover	High	2021-06-15
Elmah.axd is publicly accessible leaking Error Log	Information Disclosure	fdeleite	Medium	2021-06-15
Reflected XSS	Cross-site Scripting (XSS) - Reflected	fdeleite	Medium	2021-06-03
Reflected XSS at www.███████ at /██████████ via the ████████ parameter	Cross-site Scripting (XSS) - Reflected	z32	Medium	2021-06-03
Reflected XSS through clickjacking at https://████	Cross-site Scripting (XSS) - Reflected	nagli	Medium	2021-06-03
Reflected XSS on https://██████	Cross-site Scripting (XSS) - Reflected	thiennv	Medium	2021-06-03
Web Cache Poisoning on █████	Violation of Secure Design Principles	fr1nge	High	2021-06-03
Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935)	Deserialization of Untrusted Data	un4gi	Critical	2021-06-03
Blind SQL iNJECTION	SQL Injection	1337n0x	Medium	2021-06-03
Insufficient Session Expiration on Adobe Connect \| https://█████████	Insufficient Session Expiration	x3ph_	Medium	2021-06-03
CVE-2019-3403 on https://████/rest/api/2/user/picker?query=	Information Disclosure	nagli	Medium	2021-06-03
███ on https://████ enable ███ scraping, injection, stored XSS	Leftover Debug Code (Backdoor)	skarsom	High	2021-05-11
XSS via X-Forwarded-Host header	Cross-site Scripting (XSS) - Reflected	geeknik	Medium	2021-05-11
https://████ is vulnerable to cve-2020-3452	Path Traversal	moon_shadow	Critical	2021-05-11
Path Traversal - [ CVE-2020-3452 ]	Path Traversal	kmxx	High	2021-05-11
DOM Based XSS on https://████ via backURL param	Cross-site Scripting (XSS) - Reflected	nagli	Medium	2021-05-11
Members Personal Information Leak Due to IDOR	Information Disclosure	r00tpgp	Medium	2021-05-11
CSRF in https://███	Cross-Site Request Forgery (CSRF)	blackangel11	Medium	2021-04-20
HTTP Request Smuggling	HTTP Request Smuggling	lu3ky-13	High	2021-04-20
Administration Authentication Bypass on https://█████	Improper Authentication - Generic	fiveguyslover	Critical	2021-04-20
████████ portal is open to enumeration once authenticated. Session ID's appear static. All PII available once a valid session ID is found.	Session Fixation	gentlemenhacker	Critical	2021-04-20
Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site	Business Logic Errors	skarsom	Medium	2021-04-08
RCE in ██████ subdomain via CVE-2017-1000486	Code Injection	skarsom	High	2021-04-08
IDOR on https://██████ via POST UID enables database scraping	Insecure Direct Object Reference (IDOR)	skarsom	Medium	2021-04-08
Website vulnerable to POODLE (SSLv3) with expired certificate	Inadequate Encryption Strength	fuomag9	Medium	2021-04-02
Password Reset link hijacking via Host Header Poisoning leads to account takeover	Privilege Escalation	hemantsolo	Critical	2021-04-02
Reflected XSS on █████████	Cross-site Scripting (XSS) - Reflected	ph0cu5	Medium	2021-04-02
Reflected XSS on ███████	Cross-site Scripting (XSS) - Reflected	ph0cu5	Medium	2021-04-02
Reflected XSS in https://██████████ via "████████" parameter	Cross-site Scripting (XSS) - Reflected	nirajgautamit	Medium	2021-04-02
Read-only path traversal (CVE-2020-3452) at https://████████	Path Traversal	raginalstorm	High	2021-04-02
Read-only path traversal (CVE-2020-3452) at https://█████	Path Traversal	raginalstorm	High	2021-04-02
Improper Access Control - Generic on https://████	Improper Access Control - Generic	fiveguyslover	High	2021-04-02
External Service Interaction (HTTP/DNS) on https://www.███ (██████████ parameter)	Server-Side Request Forgery (SSRF)	fiveguyslover	High	2021-04-02
XML Injection on https://www.█████████ (███ parameter)	XML Injection	fiveguyslover	High	2021-04-02
Read-only path traversal (CVE-2020-3452) at https://██████.mil	Path Traversal	raginalstorm	High	2021-04-02
Reflected XSS on ███	Cross-site Scripting (XSS) - Reflected	ph0cu5	Medium	2021-04-02
Reflected XSS at https://████████/███/...	Cross-site Scripting (XSS) - Reflected	pudsec	Medium	2021-03-24
Unauth RCE on Jenkins Instance at https://█████████/	OS Command Injection	brbsainath	Critical	2021-03-24
CVE-2021-26855 on ████████ resulting in SSRF	Server-Side Request Forgery (SSRF)	spongebhav	Critical	2021-03-24
SSRF due to CVE-2021-26855 on ████████	Server-Side Request Forgery (SSRF)	spongebhav	Critical	2021-03-24
Misconfigured AWS S3 bucket leaks senstive data such of admin, Prdouction,beta, localhost and many more directories....	Improper Authentication - Generic	i_am_no__one	Medium	2021-03-24
Self XSS + CSRF Leads to Reflected XSS in https://████/	Cross-site Scripting (XSS) - Reflected	sleepnotf0und	Medium	2021-03-24
Git repo on https://██████.mil/ discloses API password	Password in Configuration File	al-madjus	High	2021-03-24
Blind Stored XSS Payload fired at the backend on https://█████████/	Cross-site Scripting (XSS) - Stored	nagli	Critical	2021-03-24
CSRF to Cross-site Scripting (XSS)	Cross-Site Request Forgery (CSRF)	lu3ky-13	Medium	2021-03-24
CSRF to Cross-site Scripting (XSS)	Cross-Site Request Forgery (CSRF)	lu3ky-13	Medium	2021-03-24
[CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████	Command Injection - Generic	ph0cu5	High	2021-03-24
critical information disclosure	Information Disclosure	ba56adcb299ff13a87475bf	Critical	2021-03-11
critical information disclosure	Information Disclosure	ba56adcb299ff13a87475bf	Critical	2021-03-11
reflected xss @ www.█████████	Cross-site Scripting (XSS) - Reflected	geeknik	Medium	2021-03-11
param allows any external resource to be downloadable \| https://████████	Improper Access Control - Generic	x3ph_	High	2021-03-11
Blind Stored XSS on https://█████████ after filling a request at https://█████	Cross-site Scripting (XSS) - Stored	nagli	High	2021-03-11
Stored XSS through name / last name on https://██████████/	Cross-site Scripting (XSS) - Stored	nagli	High	2021-03-11
Reflected XSS on https://█████	Cross-site Scripting (XSS) - Reflected	ibring	Medium	2021-03-11
RXSS - https://███/	Cross-site Scripting (XSS) - Reflected	0xelkomy	Medium	2021-03-11
CRXDE Lite/CRX is on ██████ exposed that leads to PII disclosure	Information Disclosure	mit0z	High	2021-03-11
IDOR leads to Leakage an ██████████ Login Information	Insufficiently Protected Credentials	sleepnotf0und	Medium	2021-03-11
Blind Stored XSS on ███████ leads to takeover admin account	Cross-site Scripting (XSS) - Stored	hemantsolo	Critical	2021-03-11
Information Disclosure(PHPINFO/Credentials) on DoD Asset	Information Disclosure	atbabers	Critical	2021-03-11
HTML Injection + XSS Vulnerability - https://████████/ \| Proof of Concept [PoC]	Cross-site Scripting (XSS) - Reflected	ismailtsdelen	Medium	2021-03-11
SharePoint Web Services Exposed to Anonymous Access	Information Disclosure	balisong	Medium	2020-11-24
SharePoint Web Services Exposed to Anonymous Access	Improper Access Control - Generic	balisong	Medium	2020-11-24
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD	Improper Authentication - Generic	themastersunil	Critical	2020-11-23
[SQLI ]Time Bassed Injection at ██████████ via /██████/library.php?c=G14 parameter	SQL Injection	zinminphy00	High	2020-11-23
Reflected XSS on https://████/ (Bypass of #1002977)	Cross-site Scripting (XSS) - Reflected	nagli	Medium	2020-11-23
XSS Reflect to POST █████	Cross-site Scripting (XSS) - Reflected	ofjaaah1	Medium	2020-11-23
CORS misconfiguration which leads to the disclosure	Improper Access Control - Generic	ahmed12ossman	Medium	2020-11-23
Local File Inclusion In Registration Page	Path Traversal	moloshy	High	2020-11-23
Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in █████	Path Traversal	emad777	Critical	2020-11-23
{███} It is posible download all information and files via S3 Bucket Misconfiguration	Improper Access Control - Generic	z3ck3bug	Medium	2020-11-23
Apparent ██████████ website is publicly exposed, suggests default account details on page and has expired SSL/TLS cert	Improper Access Control - Generic	mcbazza	Low	2020-11-23
View another user information with IDOR vulnerability	Insecure Direct Object Reference (IDOR)	silentbreach	High	2020-11-23
IDOR + Account Takeover [UNAUTHENTICATED]	Insecure Direct Object Reference (IDOR)	silentbreach	Critical	2020-11-09
CSRF to account takeover in https://█████/	Cross-Site Request Forgery (CSRF)	i_hack_everyone	Critical	2020-11-09
403 Forbidden Bypass at www.██████.mil	Forced Browsing	soldawn	Medium	2020-11-02
hardcoded password stored in javascript of https://████.mil	Use of Hard-coded Password	x3ph_	High	2020-11-02
Reflected XSS in https://███████ via search parameter	Cross-site Scripting (XSS) - Reflected	kegn	Medium	2020-11-02
PII Leak (such as CAC User ID) at https://████████/pages/login.aspx	Insecure Storage of Sensitive Information	pi_hunter50	Medium	2020-11-02
[████] SQL Injections on Referer Header exploitable via Time-Based method	SQL Injection	polygon35	High	2020-11-02
Access to Unclassified / FOUO Advanced Motion Platform of █████████.mil	Improper Access Control - Generic	kaulse	Medium	2020-11-02
[SQLI ]Time Bassed Injection at ██████████ via referer header	SQL Injection	yassinek3ch	High	2020-10-16
CSRF to account takeover in https://███████.mil/	Cross-Site Request Forgery (CSRF)	dhakal_bibek	Critical	2020-10-16
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD	Array Index Underflow	hassanshahid	Critical	2020-10-16
[CVE-2020-3452] Unauthenticated file read in Cisco ASA	Path Traversal	mzfr	High	2020-10-16
[██████████.mil] Cisco VPN Service Path Traversal	Path Traversal	arm4nd0	High	2020-10-16
Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179	Information Disclosure	r4d1kal	Medium	2020-10-16
External Service Interaction \| https://█████████.mil	Information Disclosure	x3ph_	High	2020-10-16
Stored XSS via Comment Form at ████████	Cross-site Scripting (XSS) - Stored	un4gi	High	2020-09-29
Cross Site Scripting (XSS) – Reflected	Cross-site Scripting (XSS) - Reflected	jayhanspara	Medium	2020-09-29
Reflected XSS in https://www.██████/	Cross-site Scripting (XSS) - Reflected	nirajgautamit	Medium	2020-09-29
Reflected XSS in https://www.█████/	Cross-site Scripting (XSS) - Reflected	nirajgautamit	Medium	2020-09-29
IDOR to Account Takeover on https://████/index.html	Insecure Direct Object Reference (IDOR)	nagli	High	2020-09-29
SQLi in login form of █████	SQL Injection	erbbysam	Critical	2020-09-29
Unauthenticated Arbitrary File Deletion ("CVE-2020-3187") in ████████	Path Traversal	dwisiswant0	Critical	2020-09-29
DOM XSS on https://www.███████	Cross-site Scripting (XSS) - DOM	gamer7112	Medium	2020-09-29
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion	Path Traversal	oucast-	Critical	2020-09-21
Reflected Xss	Cross-site Scripting (XSS) - Reflected	0xelkomy	Medium	2020-09-21
Sensitive information about a ██████	Cleartext Storage of Sensitive Information	0x9747	High	2020-09-21
Remote Code Execution on █████████	Code Injection	hzllaga	Critical	2020-09-03
CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower.	Path Traversal	professor1	High	2020-09-03
Subdomain takeover due to an unclaimed Amazon S3 bucket on ███	Cross-site Scripting (XSS) - Generic	chron0x	Critical	2020-09-03
Subdomain takeover due to an unclaimed Amazon S3 bucket on ███	Cross-site Scripting (XSS) - Generic	chron0x	Critical	2020-09-03
███ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability	Path Traversal	secret_letters	High	2020-09-03
Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd	Information Disclosure	rudra_2000	Medium	2020-09-03
Сode injection host █████████	Code Injection	e3xpl0it	High	2020-09-03
Reflected XSS on ███████	Cross-site Scripting (XSS) - Reflected	nagli	Medium	2020-09-03
https://█████ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability	Path Traversal	they	High	2020-08-13
Path traversal on https://███ allows arbitrary file read (CVE-2020-3452)	Path Traversal	un4gi	High	2020-08-13
Remote Code Execution via CVE-2019-18935	Deserialization of Untrusted Data	un4gi	Critical	2020-08-13
HTML Injection leads to XSS on███	Cross-site Scripting (XSS) - Generic	lemonoftroy	Medium	2020-07-30
Exposed Docker Registry at https://████	Improper Authentication - Generic	chron0x	High	2020-07-30
Reflected XSS on https://███████/	Cross-site Scripting (XSS) - Reflected	the_unlucky_guy	Medium	2020-07-30
RCE (Remote code execution) in one of DoD's websites	Cryptographic Issues - Generic	ilyass01	Critical	2020-07-30
Reflected XSS on ███████ page	Cross-site Scripting (XSS) - Generic	scraps	Medium	2020-07-30
(CORS) Cross-origin resource sharing misconfiguration	Business Logic Errors	natanalves01001	Medium	2020-07-14
SharePoint Web Services Exposed to Anonymous Access Users	Improper Access Control - Generic	balisong	Medium	2020-07-14
CSRF Account Deletion on ███ Website	Cross-Site Request Forgery (CSRF)	notdeghost	Medium	2020-07-09
Subdomain takeover of ████	Privilege Escalation	flav_	Critical	2020-07-08
Stored XSS at ██████userprofile.aspx	Cross-site Scripting (XSS) - Stored	pi_hunter50	High	2020-07-08
Unrestricted File Upload Leads to XSS & Potential RCE	Unrestricted Upload of File with Dangerous Type	pi_hunter50	High	2020-07-08
SQL Injection in the `move_papers.php` on the https://██████████	SQL Injection	sp1d3rs	High	2020-06-25
PII/PHI data available on web https://████████Portals/22/Documents/Meetings	Cleartext Storage of Sensitive Information	pvm	High	2020-06-25
xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php	Denial of Service	dhakal_bibek	Medium	2020-06-25
[█████████] Administrative access to Oracle WebLogic Server using default credentials	Improper Access Control - Generic	arm4nd0	Critical	2020-06-25
Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform	Violation of Secure Design Principles	un4gi	High	2020-06-11
SSN is exposed on slides, previous critical report was not fixed in an appropriate way	Cleartext Storage of Sensitive Information	pvm	Critical	2020-06-11
CSRF - Modify Company Info	Cross-Site Request Forgery (CSRF)	ahmd_halabi	Medium	2020-06-11
Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE	Information Exposure Through an Error Message	pvm	Medium	2020-06-11
CSRF - Close Account	Cross-Site Request Forgery (CSRF)	ahmd_halabi	Medium	2020-06-11
Account takeover through CSRF in http://███████/██████████/default.asp	Cross-Site Request Forgery (CSRF)	dhakal_ananda	High	2020-06-11
Self XSS combine CSRF at https://████████/index.php	Cross-site Scripting (XSS) - Reflected	manshum12	Medium	2020-05-27
Previously Compromised PulseSSL VPN Hosts	Insecure Storage of Sensitive Information	r00tpgp	Critical	2020-05-27
No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service	Violation of Secure Design Principles	nagli	Medium	2020-05-27
Remote Code Execution through DNN Cookie Deserialization	OS Command Injection	droop3r	High	2020-05-27
Stored Xss Vulnerability on ████████	Cross-site Scripting (XSS) - Stored	mygf	High	2020-05-14
Bypassing CORS Misconfiguration Leads to Sensitive Exposure	Business Logic Errors	duckoverflow	Medium	2020-05-14
Reflected cross-site scripting vulnerability on a DoD website	Cross-site Scripting (XSS) - Reflected	realtess	High	2020-05-14
SQL Injection in Login Page: https://█████/█████████/login.php	SQL Injection	l00ph0le	High	2020-05-14
SSN leak due to editable slides	Insecure Storage of Sensitive Information	alyssa_herrera	Critical	2020-05-14
████ - Complete account takeover	Improper Authentication - Generic	cablej_dds	Critical	2020-05-11
Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604)	OS Command Injection	l00ph0le	High	2020-05-11
Remote Code Execution in ██████	OS Command Injection	s3cr3tsdn	Critical	2020-05-11
Command Injection (via CVE-2019-11510 and CVE-2019-11539)	Command Injection - Generic	l00ph0le	Critical	2020-05-07
Remote Code Execution via Insecure Deserialization in Telerik UI	Deserialization of Untrusted Data	sw33tlie	Critical	2020-05-07
Public instance of Jenkins on https://██████████/ with /script enabled	Code Injection	niteshsurana	Critical	2020-01-31
Information disclousure by clicking on the link shown in http://████████/	Information Disclosure	pirateducky	High	2019-12-02
SQL Injection on www.██████████ on countID parameter	SQL Injection	0_1vitthal	High	2019-10-08
XXE in DoD website that may lead to RCE	XML External Entities (XXE)	jin	Critical	2019-10-04
Remote Code Execution (RCE) in a DoD website	Code Injection	manoelt	Critical	2019-10-04
SQL Injection in ████	SQL Injection	arinerron2	High	2019-08-19
Remote Code Execution (RCE) in a DoD website	Deserialization of Untrusted Data	joaomatosf	Critical	2018-04-17
SQL injection	SQL Injection	alyssa_herrera	High	2018-04-17
SSRF+XSS	Information Disclosure	alyssa_herrera	Critical	2018-04-17
Information Disclosure	Information Disclosure	alyssa_herrera	Critical	2018-04-17
Remote Code Execution (RCE) in DoD Websites	Code Injection	joaomatosf	Critical	2018-04-17
X-XSS-Protection -> Misconfiguration	Violation of Secure Design Principles	bb343cc5cbd74210c09dafe	Low	2017-12-15
SQL Injection vulnerability in a DoD website	SQL Injection	eugui	Medium	2017-08-15
Cross-site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	guruprasadmullangi	Low	2017-08-15
Remote Code Execution (RCE) vulnerability in a DoD website	XML External Entities (XXE)	peuch	High	2017-08-15
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Reflected	guifre	Low	2017-08-15
Insecure Direct Object Reference (IDOR) vulnerability in a DoD website	Violation of Secure Design Principles	eugui	Medium	2017-08-15
SQL Injection vulnerability in a DoD website	SQL Injection	tcpiplab	Medium	2017-08-15
Cross-site scripting (XSS) vulnerability on a DoD website	CRLF Injection	sp1d3rs	Low	2017-08-15
Information disclosure vulnerability on a DoD website	Information Disclosure	reptou	Critical	2017-08-15
Cross-site scripting (XSS) on a DoD website	Cross-site Scripting (XSS) - Generic	reptou	Low	2017-08-15
Server Side Request Forgery (SSRF) vulnerability in a DoD website	Server-Side Request Forgery (SSRF)	korprit	Low	2017-08-15
SQL Injection vulnerability in a DoD website	SQL Injection	hassaan	Medium	2017-08-15
Information disclosure vulnerability on a DoD website	Information Disclosure	lalka	Low	2017-07-05
Remote code execution (RCE) in multiple DoD websites	Code Injection	joaomatosf	Critical	2017-07-05
Information disclosure vulnerability on a DoD website	Information Disclosure	twicedi	Medium	2017-07-05
Cross-site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Reflected	jin	Low	2017-07-05
Information disclosure vulnerability on a DoD website	Information Exposure Through Debug Information	sp1d3rs	Low	2017-07-05
Limited code execution vulnerability on a DoD website	Server-Side Request Forgery (SSRF)	sp1d3rs	High	2017-07-05
Violation of secure design principles on a DoD website	Violation of Secure Design Principles	spam404	Low	2017-07-05
Arbitary file download vulnerability on a DoD website	Insecure Direct Object Reference (IDOR)	alyssa_herrera	Medium	2017-07-05
Arbitary file download vulnerability on a DoD website	Insecure Direct Object Reference (IDOR)	alyssa_herrera	Medium	2017-07-05
Remote Code Execution (RCE) vulnerability in multiple DoD websites	Code Injection	joaomatosf	Critical	2017-07-05
Time Based SQL Injection vulnerability on a DoD website	SQL Injection	alyssa_herrera	Medium	2017-07-05
SQL Injection vulnerability in a DoD website	SQL Injection	albinowax	High	2017-07-05
Arbitary file download vulnerability on a DoD website	Information Disclosure	alyssa_herrera	Low	2017-07-05
SQL Injection vulnerability in a DoD website	SQL Injection	alyssa_herrera	Medium	2017-07-05
Reflected XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	mantis	Low	2017-07-05
SQL injection vulnerability on a DoD website	SQL Injection	0xd0m7	Medium	2017-07-05
Remote code execution vulnerability on a DoD website	Code Injection	cha5m	Critical	2017-07-03
Information disclosure on a DoD website	Information Disclosure	tsug0d	No rating	2017-07-03
Server-side include injection vulnerability in a DoD website	Code Injection	jutsuce	High	2017-07-03
Default credentials on a DoD website	Improper Authentication - Generic	korprit	High	2017-07-03
Stored cross site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	ahsan	Low	2017-06-23
Reflected cross-site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	ahsan	Low	2017-06-23
Information disclosure vulnerability on a DoD website	NULL Pointer Dereference	tcpiplab	Low	2017-06-23
Reflective XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	fantam1	Low	2017-06-23
SQL injection vulnerability in a DoD website	SQL Injection	shakaa1	Medium	2017-06-23
Remote code execution vulnerability on a DoD website	Code Injection	korprit	High	2017-06-23
SQL Injection vulnerability in a DoD website	SQL Injection	korprit	High	2017-06-23
Information disclosure vulnerability in a DoD website	Cryptographic Issues - Generic	r0p3	Low	2017-06-23
Reflected XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	r0p3	Low	2017-06-23
Remote code execution vulnerability on a DoD website	Code Injection	mantis	Low	2017-06-23
Cross-site request forgery (CSRF) vulnerability in a DoD website	Cross-site Scripting (XSS) - Generic	mantis	Low	2017-06-23
Open redirect vulnerability in a DoD website	Open Redirect	niwasaki	Low	2017-06-23
Information disclosure vulnerability on a DoD website	Improper Authentication - Generic	jon_bottarini	Medium	2017-06-16
Information disclosure vulnerability on a DoD website	Violation of Secure Design Principles	sp1d3rs	Low	2017-06-16
Information disclosure vulnerability on a DoD website	Information Disclosure	sp1d3rs	Low	2017-06-16
Information disclosure vulnerability on a DoD website	Information Disclosure	sp1d3rs	Low	2017-06-16
Reflected XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	korprit	Low	2017-06-16
Cross-site request forgery (CSRF) vulnerability on a DoD website	Cross-Site Request Forgery (CSRF)	korprit	Medium	2017-06-16
SQL injection vulnerability on a DoD website	SQL Injection	korprit	Medium	2017-06-16
Reflected XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Reflected	twicedi	Low	2017-06-16
Time Based SQL Injection vulnerability on a DoD website	SQL Injection	korprit	Medium	2017-06-16
DOM Based XSS on a DoD website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-06-16
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-06-16
Blind SQLi vulnerability in a DoD Website	Cross-site Scripting (XSS) - Generic	sp1d3rs	Medium	2017-06-16
Reflected XSS in a DoD Website	Cross-site Scripting (XSS) - Reflected	shogunlab	Low	2017-06-14
Blind SQLi in a DoD Website	SQL Injection	akaki	Medium	2017-06-14
Remote Code Execution (RCE) in a DoD website	Code Injection	joaomatosf	Critical	2017-06-14
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-06-01
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	ramsexy	Low	2017-06-01
Server side information disclosure on a DoD website	Information Disclosure	samhax	Low	2017-06-01
Information disclosure vulnerability on a DoD website	Information Disclosure	babayaga_	High	2017-06-01
Remote Code Execution (RCE) in a DoD website	Code Injection	0daystolive	Critical	2017-06-01
Insecure direct object reference vulnerability on a DoD website	Privilege Escalation	rijalrojan	Low	2017-06-01
SQL injection vulnerability on a DoD website	SQL Injection	mthirup	High	2017-05-31
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	eugui	Low	2017-05-31
Stored XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	rashedhasan007	No rating	2017-05-31
Information disclosure vulnerability on a DoD website	Information Disclosure	clizsec	Low	2017-04-27
Cross-Site Scripting (XSS) on a DoD website	Cross-site Scripting (XSS) - Generic	clizsec	No rating	2017-04-27
XSS on a DoD website	Cross-site Scripting (XSS) - Generic	ramsexy	Low	2017-04-27
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	korprit	Medium	2017-04-27
SQL injection vulnerability on a DoD website	SQL Injection	korprit	Medium	2017-04-27
HTML injection vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	kunal_khubchandani	Low	2017-04-27
Information disclosure vulnerability on a DoD website	Information Disclosure	joshualaurencio	Low	2017-04-27
Remote file inclusion vulnerability on a DoD website	Violation of Secure Design Principles	sp1d3rs	Medium	2017-04-27
Local file inclusion vulnerability on a DoD website	Privilege Escalation	fransrosen	Medium	2017-04-27
Reflected XSS vulnerability in a DoD website	Cross-site Scripting (XSS) - Generic	rashedhasan007	No rating	2017-04-27
Remote Code Execution (RCE) in a DoD website	Code Injection	joaomatosf	Critical	2017-04-13
Remote Command Execution on a DoD website	Code Injection	t-pwn	No rating	2017-04-07
Cross-site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	juliocesar	No rating	2017-04-07
Reflected cross-site scripting vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	konduru-jashwanth	Low	2017-04-07
Bypass file access control vulnerability on a DoD website	Improper Authentication - Generic	generaleg	Low	2017-04-07
XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	swissky	Low	2017-03-16
File upload vulnerability on a DoD website	None supplied	korprit	Medium	2017-03-16
HTML Injection/Load Images vulnerability on a DoD website	Violation of Secure Design Principles	jon_bottarini	Medium	2017-03-16
Stored cross-site scripting (XSS) on a DoD website	Cross-site Scripting (XSS) - Generic	jon_bottarini	No rating	2017-03-16
Misconfigured user account settings on DoD website	Improper Authentication - Generic	mantis	No rating	2017-03-16
Potentially sensitive information disclosure on a DoD website	Information Disclosure	scraps	No rating	2017-03-16
Arbitrary Script Injection (Mail) in a DoD Website	Cross-site Scripting (XSS) - Generic	ahsan	Low	2017-03-16
Remote command execution (RCE) vulnerability on a DoD website	Code Injection	japp1	Critical	2017-03-16
Information disclosure on a DoD website	Information Disclosure	babayaga_	Low	2017-03-16
Password reset vulnerability on a DoD website	Improper Authentication - Generic	sp1d3rs	High	2017-03-16
Cross-site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	r0p3	Low	2017-03-16
Information disclosure on a DoD website	Information Disclosure	r0p3	Low	2017-03-16
Cross-site scripting vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	r0p3	Low	2017-03-16
Cross-site request forgery vulnerability on a DoD website	Cross-Site Request Forgery (CSRF)	korprit	No rating	2017-03-16
Reflected XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	yaworsk	Low	2017-03-16
SQL injection vulnerability on a DoD website	SQL Injection	vag_mour	High	2017-03-16
SQL injection vulnerability on a DoD website	SQL Injection	mthirup	Medium	2017-02-17
Personal information disclosure on a DoD website	Information Disclosure	spam404	Medium	2017-02-16
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-02-16
Authentication bypass vulnerability on a DoD website	Improper Authentication - Generic	spam404	Critical	2017-02-15
Privilege Escalation on a DoD Website	Privilege Escalation	vag_mour	Critical	2017-02-15
Exposed Access Control Data Backup Files on DoD Website	Improper Authentication - Generic	mazen160	Medium	2017-02-15
QuickTime Promotion on a DoD website	Violation of Secure Design Principles	spam404	Low	2017-02-15
Misconfigured password reset vulnerability on a DoD website	Improper Authentication - Generic	mthirup	Critical	2017-02-15
Open Redirect in a DoD website	Open Redirect	adrianomarcmont	Low	2017-02-14
Persistent XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	korprit	Low	2017-02-14
Remote code execution on an Army website	Code Injection	meals	Critical	2017-01-12
Reflected XSS on a Department of Defense website	Cross-site Scripting (XSS) - Generic	juliocesar	No rating	2017-01-12
DOM Based XSS on an Army website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-01-12
Reflected XSS on an Army website	Cross-site Scripting (XSS) - Generic	juliocesar	No rating	2017-01-12
Information leakage on a Department of Defense website	Improper Authentication - Generic	korprit	Medium	2017-01-12
XSS vulnerability on an Army website	Cross-site Scripting (XSS) - Generic	spam404	Low	2017-01-11
SQL Injection vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	korprit	High	2017-01-11
Unrestricted File Download / Path Traversal	Information Disclosure	ziot	No rating	2017-01-11
RCE on a Department of Defense website	Code Injection	dawgyg	Critical	2017-01-11
Reflected XSS on a Navy website	Cross-site Scripting (XSS) - Generic	samux	No rating	2017-01-11
XXE on DoD web server	XML External Entities (XXE)	dawgyg	Critical	2017-01-09
Local File Inclusion vulnerability on an Army system allows downloading local files	Information Disclosure	nahamsec	High	2017-01-06
Server side information disclosure	Information Disclosure	samhax	No rating	2017-01-06
Reflected XSS in a Navy website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-01-06
Unrestricted File Upload	Command Injection - Generic	hogarth45	Critical	2016-12-22
DNS Misconfiguration	None supplied	atik-rahman	No rating	2016-12-22

You are viewing our old website

BugBountyHunter

U.S. Dept Of Defense Program Statistics

Disclosed Reports