Daily Bug Bounty Writeups by @Piyush Kumawat
This repository contains Bug Bounty writeups
-
💯June 18, 2026 - BugTraceAI: More Autonomy, More Context, and a Better Workflow for Bug Bounty and Pentesting
-
💯June 18, 2026 - Thousands of Publicly Exposed MLflow Instances — A Hidden Risk in MLOps Infrastructure
-
💯June 18, 2026 - The Password They Deleted But Never Erased
-
💯June 18, 2026 - A Premium Feature Bypass Hidden Behind a Single Boolean Parameter
-
💯June 18, 2026 - From Subdomain Takeovers to a Critical Race Condition on Shopify
-
💯June 18, 2026 - How I Solved My First Reflected XSS Lab on PortSwigger
-
💯June 18, 2026 - HSTS and Cross-Domain Policy Misconfigurations
-
💯June 18, 2026 - Building a Practical CTI RAG Assistant: An AI-Powered Threat Intelligence Workflow
-
💯June 18, 2026 - Authentication Bypass via Insecure redirect_url Parameter Leading to Account Takeover
-
💯June 18, 2026 - The MFA Bypass That Wasn’t an MFA Problem: A Lesson in Broken API Authorization