Top Race Condition reports from HackerOne:
- Race Condition allows to redeem multiple times gift cards which leads to free "money" to Reverb.com - 274 upvotes, $0
- Race condition in performing retest allows duplicated payments to HackerOne - 204 upvotes, $0
- Client-Side Race Condition using Marketo, allows sending user to data-protocol in Safari when form without onSuccess is submitted on www.hackerone.com to HackerOne - 144 upvotes, $1250
- Race condition in activating email resulting in infinite amount of diamonds received to InnoGames - 137 upvotes, $2000
- Race Condition leads to undeletable group member to HackerOne - 126 upvotes, $0
- Race Conditions in Popular reports feature. to HackerOne - 107 upvotes, $500
- Race Condition when following a user to Staging.every.org - 93 upvotes, $0
- Race Condition : Exploiting the loyalty claim https://xxx.vendhq.com/loyalty/claim/email/xxxxx url and gain x amount of loyalty bonus/cash to Vend VDP - 90 upvotes, $0
- Race Condition in Flag Submission to HackerOne - 76 upvotes, $0
- Race condition leads to duplicate payouts to HackerOne - 66 upvotes, $0
- Race Condition of Transfer data Credits to Organization Leads to Add Extra free Data Credits to the Organization to Helium - 62 upvotes, $250
- Race condition in joining CTF group to HackerOne - 60 upvotes, $500
- Race Condition on "Get free Badoo Premium" which allows to get more days of free premium for Free. to Bumble - 52 upvotes, $0
- Race condition in faucet when using starport to Cosmos - 50 upvotes, $5000
- Race condition in claiming program credentials to HackerOne - 46 upvotes, $0
- Race Conditions in OAuth 2 API implementations to Internet Bug Bounty - 37 upvotes, $2500
- Race condition in User comments Likes to Zomato - 37 upvotes, $0
- Race conditions can be used to bypass invitation limit to Keybase - 36 upvotes, $350
- Race condition while removing the love react in community files. to Figma - 34 upvotes, $150
- Race Condition in Redeeming Coupons to Instacart - 33 upvotes, $0
- Race condition на market.games.mail.ru to Mail.ru - 31 upvotes, $1000
- JSBeautifier BApp: Race condition leads to memory disclosure to PortSwigger Web Security - 31 upvotes, $0
- Race condition via project team member invitation system. to Enjin - 27 upvotes, $0
- Race condition at create new Location to Shopify - 24 upvotes, $500
- Race condition leads to Inflation of coins when bought via Google Play Store at endpoint https://oauth.reddit.com/api/v2/gold/android/verify_purchase to Reddit - 24 upvotes, $0
- CVE-2023-32001: fopen race condition to curl - 23 upvotes, $0
- Race Condition in account survey to Slack - 22 upvotes, $0
- [api.krisp.ai] Race condition on /v2/seats endpoint allows bypassing the original seat limit to Krisp - 22 upvotes, $0
- Register multiple users using one invitation (race condition) to Keybase - 21 upvotes, $350
- Race condition in GitLab import, giving access to other people their imports due to filename collision to GitLab - 19 upvotes, $0
- Race condition vulnerability on "This Rocks" button. to Rockstar Games - 19 upvotes, $0
- Race condition in endpoint POST fetlife.com/users/invitation, allow attacker to generate unlimited invites to FetLife - 19 upvotes, $0
- Race condition on https://judge.me/people to Judge.me - 17 upvotes, $250
- Race condition on the Federalist API endpoints can lead to the Denial of Service attack to GSA Bounty - 16 upvotes, $0
- Race condition при покупке подарков на games.mail.ru to Mail.ru - 15 upvotes, $0
- [curl] CVE-2023-32001: fopen race condition to Internet Bug Bounty - 14 upvotes, $2480
- race condition in adding team members to Shopify - 14 upvotes, $0
- Race condition (TOCTOU) in NordVPN can result in local privilege escalation to Nord Security - 14 upvotes, $0
- Race Condition Vulnerability On Pornhubpremium.com to Pornhub - 13 upvotes, $520
- Issue in the implementation of captcha and race condition to VK.com - 13 upvotes, $100
- Race condition in Flash workers may cause an exploitable double free to Internet Bug Bounty - 12 upvotes, $10000
- Race Condition in Definition Votes to Urban Dictionary - 12 upvotes, $0
- Race condition на покупке призов за баллы to Mail.ru - 12 upvotes, $0
- Race Condition allows to get more free trials and get more than 100 languages and strings for free to Weblate - 12 upvotes, $0
- Bypass subdomain limits using race condition to Chaturbate - 10 upvotes, $100
- Race Condition in Article "Helpful" Indicator to Zendesk - 10 upvotes, $0
- Race condition allows to send multiple times feedback for the hacker to HackerOne - 10 upvotes, $0
- Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions to Razer - 8 upvotes, $250
- Race Conditions Exist When Accepting Invitations to HackerOne - 8 upvotes, $0
- Race condition on action: Invite members to a team to Omise - 8 upvotes, $0
- The endpoint /api/internal/graphql/requestAuthEmail on Khanacademy.or is vulnerable to Race Condition Attack. to Khan Academy - 7 upvotes, $0
- CVE-2023-28320 - siglongjmp race condition to Internet Bug Bounty - 6 upvotes, $480
- Race condition allowing user to review app multiple times to Coinbase - 6 upvotes, $0
- Race Condition Vulnerability when creating profiles to Showmax - 6 upvotes, $0
- Acronis True Image Local Privilege Escalation Due To Race Condition In Application Verification to Acronis - 6 upvotes, $0
- Race condition when redeeming coupon codes to Dropbox - 5 upvotes, $216
- Race condition on my.stripo.email at /cabinet/stripeapi/v1/projects/298427/emails/folders uri to Stripo Inc - 5 upvotes, $0
- Race condition in workers may cause an exploitable double free by abusing bytearray.compress() to Internet Bug Bounty - 3 upvotes, $10000
- Adobe Flash Player Race Condition Vulnerability to Internet Bug Bounty - 3 upvotes, $2000
- CVE-2023-28320: siglongjmp race condition to curl - 3 upvotes, $0
- Race condition with CURL_LOCK_DATA_CONNECT can cause connections to be used at the same time to curl - 1 upvotes, $0
- Data race conditions reported by helgrind when performing parallel DNS queries in libcurl to curl - 0 upvotes, $0