bug-bounty448
google354
xss341
microsoft283
facebook246
apple171
exploit163
rce160
malware102
account-takeover95
cve91
bragging-post84
csrf83
browser77
writeup76
privilege-escalation68
react60
authentication-bypass57
cloudflare54
dos53
node52
ssrf51
docker51
phishing50
aws48
access-control47
oauth45
smart-contract45
supply-chain44
ethereum43
defi42
web342
sql-injection41
lfi37
idor35
smart-contract-vulnerability32
vulnerability-disclosure32
web-application31
burp-suite31
reverse-engineering31
clickjacking31
race-condition31
info-disclosure31
wordpress30
cloud29
input-validation29
information-disclosure29
web-security27
solidity27
cors26
0
4/10
bug-bounty
A critical DoS vulnerability in the Stacks Clarity virtual machine was exploited via unhandled exceptions in smart contract execution, causing node crashes. The researcher 'Catchme' reported this flaw and received a $76,011 bounty; the fix involved proper error handling instead of relying on `.expect()`.
dos
denial-of-service
smart-contract
clarity
stacks
bitcoin
layer-2
virtual-machine
exception-handling
crash
bug-bounty
web3
Stacks
Catchme
Immunefi
Clarity
Bitcoin
PoX
0
6/10
vulnerability
A misconfigured CORS policy on a Bitcoin site's third-party contact form API allowed arbitrary origins with credentials enabled, enabling attackers to extract sensitive user data (name, email, phone, account ID) via a malicious webpage using XMLHttpRequest.
cors
misconfiguration
cross-origin-request-forgery
acah
credential-exposure
web-api
bitcoin
third-party-integration
client-side-exploitation
Arbaz Hussain
HackerOne
api.thirdparty.com