bug-bounty498
google355
xss301
microsoft298
facebook263
rce211
exploit200
malware171
apple164
cve136
account-takeover115
bragging-post102
privilege-escalation95
csrf90
phishing86
browser75
writeup74
authentication-bypass69
supply-chain68
dos66
stored-xss65
reflected-xss57
ssrf56
reverse-engineering55
react52
access-control51
input-validation49
cross-site-scripting48
aws47
cloudflare47
docker46
web-security46
lfi46
sql-injection45
smart-contract45
ethereum44
web-application44
web343
defi43
ctf43
oauth43
node43
pentest40
race-condition39
idor37
open-source37
cloud37
burp-suite36
info-disclosure36
auth-bypass35
0
3/10
vulnerability-research
Merkle Bonsai's blog aggregates multiple smart contract vulnerability case studies, including findings in Oasys (an Ethereum L2 for gaming), Eco's lockup contracts, and Ocean Protocol's hybrid NFT implementation, demonstrating design flaws where on-chain data reliance creates exploitable attack surfaces.
Oasys
Ethereum
Bandai Namco
DoubleJump.japan
Immunefi
Eco
Ocean Protocol
Merkle Bonsai
0
6/10
bug-bounty
A reflected XSS vulnerability discovered in eBay's search parameter (LH_SpecificSeller) that bypassed character filters (<, >, comma) by leveraging CSS expression payloads in Internet Explorer. The exploit worked despite the vulnerable code being inside a display:none span by using style="xss:expression()" to execute arbitrary JavaScript.
eBay
Sukhmeet Singh
Internet Explorer