bug-bounty449
google357
microsoft315
facebook267
xss239
apple181
malware175
rce149
exploit128
bragging-post101
cve100
account-takeover93
phishing83
csrf79
privilege-escalation77
stored-xss65
supply-chain65
authentication-bypass62
dos60
browser59
reflected-xss57
react51
cloudflare49
reverse-engineering48
cross-site-scripting48
input-validation48
access-control47
docker46
smart-contract45
node45
aws45
web343
ethereum43
defi42
sql-injection42
web-application41
web-security40
ssrf38
burp-suite35
vulnerability-disclosure34
info-disclosure34
idor34
race-condition33
buffer-overflow33
cloud33
html-injection33
writeup32
oauth32
smart-contract-vulnerability32
pentest30
0
5/10
A P1 RCE vulnerability discovered in a misconfigured Jenkins instance via Shodan reconnaissance, exploiting open user registration and exposed script console execution capabilities.
bug-bounty
rce
jenkins
shodan
reconnaissance
authentication-bypass
misconfig
security-by-obscurity
p1-vulnerability
Shodan
Jenkins
sw33tLie
0
7/10
bug-bounty
A researcher discovered a P1 account takeover vulnerability by bypassing CSRF protections on a password change endpoint through server-side validation bypass—using a random email address format instead of the victim's actual email allowed successful password changes without requiring the victim's email in the CSRF payload.
csrf
cross-site-request-forgery
account-takeover
password-change
server-side-validation
input-validation
bug-bounty
p1-vulnerability
Lady Secspeare
Bugcrowd