bug-bounty520
xss287
rce157
google122
bragging-post119
exploit109
account-takeover107
open-source92
microsoft89
privilege-escalation87
csrf86
facebook84
authentication-bypass83
cve78
stored-xss75
malware68
access-control66
ai-agents64
writeup64
reflected-xss63
web-security63
ssrf54
input-validation52
phishing50
smart-contract49
defi48
sql-injection47
cross-site-scripting47
ethereum46
tool46
privacy45
information-disclosure44
apple42
api-security40
cloudflare39
lfi39
reverse-engineering39
dos38
web-application37
vulnerability-disclosure37
llm37
browser37
oauth36
burp-suite36
opinion36
idor34
automation34
web334
smart-contract-vulnerability33
race-condition33
0
5/10
A reflected XSS vulnerability was discovered in Bugcrowd's main domain through a secret 'locale' parameter that controlled error page rendering, with the underlying issue traced to Locomotive CMS framework and affecting multiple websites using that platform. The vulnerability could enable CSRF attacks and data theft from the main domain where user submissions are hosted.
Bugcrowd
Locomotive CMS
WitCoat Security Blog
0
3/10
An unauthenticated SQL injection vulnerability in the Elementor Ally WordPress plugin (400k+ installations) allows attackers to steal sensitive data without requiring authentication.
Elementor
Ally
WordPress