BugCrowd Bug Bounty Disclosure: P4 - Publicly accessible phpinfo() exposes detailed server configuration - MattKingst - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-publicly-accessible-phpinfo-exposes-detailed-server-configuration/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P2 - IDOR that allows disclosing Username,Email,PIN,FirstName,LastName,UEI,FirmName,Address,PhoneNumbers etc of PROSAMS application users. - - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-idor-that-allows-disclosing-username-email-pin-firstname-lastname-uei-firmname-address-phonenumbers-etc-of-prosams-application-users/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P3 - Internal scan through SSRF in NASA Worldwind API - - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-internal-scan-through-ssrf-in-nasa-worldwind-api/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P4 - Unauthenticated Metrics Endpoint Exposes Sensitive Internal Grafana & NASA Infrastructure Data - whitebear_0one - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-unauthenticated-metrics-endpoint-exposes-sensitive-internal-grafana-nasa-infrastructure-data/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P4 - NASA NLSP API discloses internal usernames and system role mappings to unauthenticated users - c3L0Mu1d3R - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-nasa-nlsp-api-discloses-internal-usernames-and-system-role-mappings-to-unauthenticated-users/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P5 - Server-Side Request Forgery (SSRF) → Local File Read (High / Critical) - Ninadgowda - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-server-side-request-forgery-ssrf-local-file-read-high-critical/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P5 - “WAF Bypass via URL Path Normalization on https://science.nasa.gov/climate-change/multimedia/wp-login.php?action=logout” - Ninadgowda - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-waf-bypass-via-url-path-normalization-on-https-science-nasa-gov-climate-change-multimedia-wp-login-php-action-logout/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P5 - Reflected Cross Site Scripting (XSS) Via POST request on adapt-public.aetc.appdat.jsc.nasa.gov - Kent_Shane14 - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-reflected-cross-site-scripting-xss-via-post-request-on-adapt-public-aetc-appdat-jsc-nasa-gov/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P5 - Content Spoofing via Unsanitized Input | Email Injection - Asad_Ali - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-content-spoofing-via-unsanitized-input-email-injection/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P4 - Missing Secure flag in "_rapgenius_session" session cookie - - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-missing-secure-flag-in-rapgenius-session-session-cookie/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P3 - Anonymous Access to Jira Filter API Exposes Internal Usernames, Emails, and Organizational Structure - c3L0Mu1d3R - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-anonymous-access-to-jira-filter-api-exposes-internal-usernames-emails-and-organizational-structure/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
Bugcrowd boosts security resilience with new AI features #ArtificialIntelligence #Bugcrowd
https://betanews.com/2025/12/10/bugcrowd-boosts-security-resilience-with-new-ai-features/
BugCrowd Bug Bounty Disclosure: P5 - 403 Bypass Leading to Exposed WordPress Authentication Endpoint on NASA Science Domain - Ninadgowda - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-403-bypass-leading-to-exposed-wordpress-authentication-endpoint-on-nasa-science-domain/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P5 - Password Reset Token Exposed in Redirect URL — GLOBE.gov (Sensitive Token in URL, P4) - Ninadgowda - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-password-reset-token-exposed-in-redirect-url-globe-gov-sensitive-token-in-url-p4/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P5 - Exposed NGINX Status Page - oversudo - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-exposed-nginx-status-page/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P5 - TLS/SSL Weak Cipher Suites Detected (No Forward Secrecy, CBC Mode) - S44D - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-tls-ssl-weak-cipher-suites-detected-no-forward-secrecy-cbc-mode/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
AI is accelerating security workflows - but humans still own the outcomes.
David Brumley of Bugcrowd explains why guardrails, human-in-the-loop oversight, and POC validation remain essential as AI agents expand.
Full interview:
https://www.technadu.com/ai-runs-fast-but-humans-steer-discussing-the-cold-truth-about-ownership-and-leading-the-tech/614071/
BugCrowd Bug Bounty Disclosure: P5 - Confirm if UserA has Email X associated with his/her Account - - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-confirm-if-usera-has-email-x-associated-with-his-her-account/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P5 - NSPIRES login and sensitive pages lack anti-frame protections → Clickjacking (UI redress) escalated to credential capture & forced action - madhu873 - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-nspires-login-and-sensitive-pages-lack-anti-frame-protections-clickjacking-ui-redress-escalated-to-credential-capture-forced-action/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
BugCrowd Bug Bounty Disclosure: P1 - IDOR that allows disclosing Username,Email,FirstName,LastName,Address,PhoneNumbers of PROSAMS application users. - - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-idor-that-allows-disclosing-username-email-firstname-lastname-address-phonenumbers-of-prosams-application-users/
#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber
