bug-bounty500
xss244
rce151
google143
bragging-post120
malware118
microsoft115
facebook95
open-source91
account-takeover90
cve88
exploit87
privilege-escalation86
authentication-bypass76
csrf75
stored-xss72
access-control65
phishing64
ai-agents63
reflected-xss61
web-security53
input-validation53
apple52
sql-injection49
cross-site-scripting48
reverse-engineering48
smart-contract46
tool46
defi45
ethereum45
privacy44
supply-chain44
web-application43
ssrf41
dos41
web341
information-disclosure39
llm37
responsible-disclosure37
cloudflare36
api-security36
burp-suite35
opinion35
automation34
vulnerability-disclosure34
idor32
machine-learning32
infrastructure31
writeup31
denial-of-service31
0
8/10
vulnerability
A researcher discovered an SSRF vulnerability in Vimeo's API Playground by chaining path traversal, HTTP redirects, and an open redirect to reach internal Google Cloud metadata endpoints, ultimately extracting service account tokens and demonstrating potential RCE capability through SSH key injection.
ssrf
code-execution
api-security
path-traversal
open-redirect
google-cloud
metadata-api
gcp
service-account-token
api-playground
url-parsing
Vimeo
Google Cloud
André Baptista
Brett
Ben
Harsh Jaiswal
HackerOne