HackerOne
**Summary:** The `users.list` API endpoint is vulnerable to NoSQL injection attacks. It can be used to take over accounts by leaking password reset tokens and 2FA secrets. Taking over an admin...| HackerOne
**Summary:** The `users.list` API endpoint is vulnerable to NoSQL injection attacks. It can be used to take over accounts by leaking password reset tokens and 2FA secrets. Taking over an admin...| HackerOne
## Summary: (Note: AI created the PoC, not the report.) In the `krb5_read_data()` function [here](https://github.com/curl/curl/blob/af7d67d3c03329116e593d999851d2cc3ebbf119/lib/krb5.c#L526-L551),...| HackerOne
## Summary I discovered a critical stack-based buffer overflow vulnerability in cURL's cookie parsing mechanism that can lead to remote code execution. The vulnerability occurs when processing...| HackerOne
The curl Bug Bounty Program enlists the help of the hacker community at HackerOne to make curl more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.| HackerOne
The Starbucks Bug Bounty Program enlists the help of the hacker community at HackerOne to make Starbucks more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.| HackerOne
TURN server allowed proxying of TCP connections and UDP packets to internal Slack network and meta-data services on AWS.| HackerOne
