Top DoS reports from HackerOne:
- DoS on PayPal via web cache poisoning to PayPal - 818 upvotes, $9700
- profile-picture name parameter with large value lead to DoS for other users and programs on the platform to HackerOne - 464 upvotes, $0
- Denial of service to WP-JSON API by cache poisoning the CORS allow origin header to Automattic - 389 upvotes, $0
- Denial of service via cache poisoning to HackerOne - 233 upvotes, $2500
- Ability to DOS any organization's SSO and open up the door to account takeovers to Grammarly - 225 upvotes, $10500
- Uploading large payload on domain instructions causes server-side DoS to HackerOne - 196 upvotes, $2500
- Node disk DOS by writing to container /etc/hosts to Kubernetes - 159 upvotes, $0
- xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS) to Nord Security - 153 upvotes, $0
- DoS on the Issue page by exploiting Mermaid. to GitLab - 138 upvotes, $3000
- character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error to X (Formerly Twitter) - 138 upvotes, $0
- Permanent DoS with one click. to Automattic - 126 upvotes, $0
- a very long name in hey.com can prevent anyone from accessing their contacts and probably can cause denial of service to Basecamp - 121 upvotes, $1000
- HTML Injection in Swing can disclose netNTLM hash or cause DoS to PortSwigger Web Security - 113 upvotes, $1000
- ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages to HackerOne - 110 upvotes, $0
- Denial of Service via Hyperlinks in Posts to Slack - 103 upvotes, $1500
- Cache Poisoning DoS on downloads.exodus.com to Exodus - 96 upvotes, $2500
- Attacker with an Old account might still be able to DoS ctf.hacker101.com by sending a Crafted request to HackerOne - 93 upvotes, $0
- Denial of Service | twitter.com & mobile.twitter.com to X (Formerly Twitter) - 86 upvotes, $1120
- Denial Of Service (Out Of Memory) on Updating Bounty Table [Urgent] to HackerOne - 83 upvotes, $0
- DoS attack via comment on Issue to GitLab - 79 upvotes, $1000
- [mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation to Radancy - 79 upvotes, $0
- https://themes.shopify.com::: Host header web cache poisoning lead to DoS to Shopify - 73 upvotes, $2900
- Cache Poisoning DoS on updates.rockstargames.com to Rockstar Games - 73 upvotes, $500
- Cache poisoning Denial of Service affecting assets.gitlab-static.net to GitLab - 72 upvotes, $4850
- DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation to Nord Security - 71 upvotes, $0
- [www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service. to Radancy - 67 upvotes, $0
- Denial of Service [Chrome] to X (Formerly Twitter) - 66 upvotes, $560
- Authenticated path traversal to Stored XSS and Denial-of-Service to phpBB - 66 upvotes, $0
- Authorization issue in Google G Suite allows DoS through HTTP redirect to Uber - 61 upvotes, $0
- DoS: type confusion in mrb_no_method_error to shopify-scripts - 60 upvotes, $0
- Web Cache Poisoning leads to XSS and DoS to Glassdoor - 59 upvotes, $0
- [api.tumblr.com] Denial of Service by cookies manipulation to Automattic - 51 upvotes, $0
- DoS via markdown API from unauthenticated user to GitHub - 50 upvotes, $4000
- DoS through PeerExplorer to Rootstock Labs - 49 upvotes, $4000
- Potential DoS vulnerability in Django in multipart parser to Internet Bug Bounty - 47 upvotes, $2400
- DOS in stream filters to Internet Bug Bounty - 44 upvotes, $0
- Google Maps API key stored as plain text leading to DOS and financial damage to Zenly - 42 upvotes, $750
- Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client to Valve - 41 upvotes, $1250
- DOS via cache poisoning on [developer.mozilla.org] to Mozilla - 41 upvotes, $0
- http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks to Internet Bug Bounty - 40 upvotes, $3495
- DoS attacks utilizing camo.stream.highwebmedia.com to Chaturbate - 40 upvotes, $400
- Memory Leak in OCUtil.dll library in Desktop client can lead to DoS to Nextcloud - 40 upvotes, $100
- Hash-Collision Denial-of-Service Vulnerability in Markdown Parser to Reddit - 40 upvotes, $0
- iOS group chat denial of service to LY Corporation - 38 upvotes, $300
- Application DOS via specially crafted payload on 3d.cs.money to CS Money - 35 upvotes, $0
- %0A (New line) and limitness URL leads to DoS at all system [Main adress (https://www.acronis.com/)] to Acronis - 35 upvotes, $0
- Regular expression denial of service in ActiveRecord's PostgreSQL Money type to Ruby on Rails - 33 upvotes, $0
- Remote denial of service in HyperLedger Fabric to Hyperledger - 32 upvotes, $0
- Chrome Extension is vulnerable to the self-DOS issues in case it process the security.txt with a big size to Ed - 31 upvotes, $0
- Cookie poisoning leads to DOS and Privacy Violation to CS Money - 30 upvotes, $700
- CryptoNote: remote node DoS to Monero - 30 upvotes, $0
- Use after free vulnerability in mruby Array#to_h causing DOS possible RCE to shopify-scripts - 29 upvotes, $0
- DoS on the Direct Messages to Slack - 28 upvotes, $500
- JSON RPC methods for debugging enabled by default allow DoS to Rootstock Labs - 26 upvotes, $0
- Denial of Service by resource exhaustion in fetch() brotli decoding to Node.js - 26 upvotes, $0
- No redirect_uri in the db for web-internal clientKey leads to one-click DoS on gitter.im to GitLab - 25 upvotes, $1000
- Remote Server Restart Lead to Denial of Service by only one Request. to Keybase - 25 upvotes, $250
- Fastify denial-of-service vulnerability with large JSON payloads to Node.js third-party modules - 25 upvotes, $0
- DOS via issue preview to GitLab - 24 upvotes, $7640
- CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows to Internet Bug Bounty - 24 upvotes, $2540
- cookie injection allow dos attack to periscope.tv to X (Formerly Twitter) - 24 upvotes, $560
- Cache poisoning DoS to various TTS assets to GSA Bounty - 24 upvotes, $0
- DOS attack by consuming all CPU and using all available memory to Tron Foundation - 23 upvotes, $1500
- ICQ Android APP remote DoS to Mail.ru - 23 upvotes, $1000
- xmlrpc.php FILE IS enable it will used for bruteforce attack and denial of service to LocalTapiola - 23 upvotes, $315
- DoS through cache poisoning using invalid HTTP parameters to Greenhouse.io - 23 upvotes, $0
- Cookie injection leads to complete DoS over whole domain *.mackeeper.com. Injection point accountstage.mackeeper.com/ to Clario - 22 upvotes, $50
- Bypass of request line length limit to DoS via cache poisoning to Greenhouse.io - 22 upvotes, $0
- Single User DOS by Poisoning Cookie via Get Parameter to Pornhub - 22 upvotes, $0
- XMLRPC, Enabling XPSA and Bruteforce and DOS + A file disclosing installer-logs. to MTN Group - 22 upvotes, $0
- DoS of LINE client for Android via message containing multiple unicode characters (0x0e & 0x0f) to LY Corporation - 22 upvotes, $0
- Insecure Processing of XML leads to Denial of Service through Billion Laughs Attack to Razer - 21 upvotes, $375
- Pixel Flood Attack leads to Application level DoS to CS Money - 21 upvotes, $200
- DOS validator nodes of blockchain to block external connections to Hyperledger - 20 upvotes, $1500
- scripts loader (denial of service) vulnerability to MariaDB - 20 upvotes, $0
- xmlrpc.php And /wp-json/wp/v2/users FILE IS enable it will used for bruteforce attack and denial of service to Sifchain - 19 upvotes, $50
- Comments Denial of Service in socialclub.rockstargames.com to Rockstar Games - 19 upvotes, $0
- Denial of Service by requesting to reset a password to Nextcloud - 19 upvotes, $0
- HTTP/2 PUSH_PROMISE DoS to curl - 19 upvotes, $0
- DOS via move_issue to GitLab - 18 upvotes, $2300
- lack of input validation that can lead Denial of Service (DOS) to X (Formerly Twitter) - 18 upvotes, $560
- Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON) to Ruby - 18 upvotes, $500
- Permanent Denial of Service to MS-DOS - 18 upvotes, $0
- Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS to Ruby on Rails - 17 upvotes, $0
- Race condition on the Federalist API endpoints can lead to the Denial of Service attack to GSA Bounty - 16 upvotes, $0
- WEBrick::HTTPAuth::DigestAuth authentication is vulnerable to regular expression denial of service (ReDoS) to Ruby - 16 upvotes, $0
- Possible denial of service when entering a loooong password to Nextcloud - 16 upvotes, $0
- Server-side denial of service via large payload sent to wiki.cs.money/graphql to CS Money - 16 upvotes, $0
- CVE-2023-23916: HTTP multi-header compression denial of service to curl - 16 upvotes, $0
- [Java] CWE-755: Query to detect Local Android DoS caused by NFE to GitHub Security Lab - 15 upvotes, $1800
- Single user DOS on selectedLanguage -cookie (yrityspalvelu.lahitapiola.fi) to LocalTapiola - 15 upvotes, $400
- Cookie-based client-side denial-of-service to all of the Lähitapiola domains to LocalTapiola - 15 upvotes, $0
- DoS for HTTP/2 connections by crafted requests (CVE-2018-1333) to Internet Bug Bounty - 15 upvotes, $0
- DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389 to Yelp - 15 upvotes, $0
- xmlrpc.php file is enable it will used for (Denial of Service) and bruteforce attack to BlockDev Sp. Z o.o - 15 upvotes, $0
- Attacker may be able to bounce enough emails which suspend HackerOne's SES service and cause a DoS of HackerOne's email service to HackerOne - 15 upvotes, $0
- Web Cache Poisoning leading to DoS to U.S. General Services Administration - 15 upvotes, $0
- DoS via Playbook to Mattermost - 15 upvotes, $0
- PNG compression DoS to HackerOne - 14 upvotes, $500
- xmlrpc.php FILE IS enabled it will used for Bruteforce attack and Denial of Service(DoS) to BlockDev Sp. Z o.o - 14 upvotes, $500
- Application-level DoS on image's "size" parameter. to Gratipay - 14 upvotes, $0
- Resource Consumption DOS on Edgemax v1.10.6 to Ubiquiti Inc. - 14 upvotes, $0
- xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS) to Top Echelon Software - 14 upvotes, $0
- Null target_class DoS to shopify-scripts - 13 upvotes, $8000
- Chained vulnerabilities create DOS attack against users on desafio5estrelas.com to Uber - 13 upvotes, $1000
- DoS via large console messages to Mattermost - 13 upvotes, $150
- Denial of Service with Cookie Bomb to Nord Security - 13 upvotes, $0
- CVE-2022-35252: control code in cookie denial of service to curl - 13 upvotes, $0
- DoS in bigdecimal's sqrt function due to miscalculation of loop iterations to Ruby - 13 upvotes, $0
- Possible denial of service when entering a loooong password to Nextcloud - 12 upvotes, $100
- No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service to U.S. Dept Of Defense - 12 upvotes, $0
- Cookie Bombing cause DOS - businesses.uber.com to Uber - 12 upvotes, $0
- [mtn.com.af] Multiple vulnerabilities allow to Application level DoS to MTN Group - 12 upvotes, $0
- Remote denial of service in HyperLedger Fabric to Hyperledger - 12 upvotes, $0
- WordPress application vulnerable to DoS attack via wp-cron.php to U.S. Dept Of Defense - 12 upvotes, $0
- http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks to Node.js - 12 upvotes, $0
- User input validation can lead to DOS to X (Formerly Twitter) - 11 upvotes, $560
- Pre-auth Denial-of-Service in Dovecot RPA implementation to Open-Xchange - 11 upvotes, $550
- DOS: out of memory from gif through upload api to Mattermost - 11 upvotes, $150
- Content length restriction bypass can lead to DOS by reading large files on gip.rocks to Gratipay - 11 upvotes, $0
memjs
allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage to Node.js third-party modules - 11 upvotes, $0- Application level denial of service due to shutting down the server to Node.js third-party modules - 11 upvotes, $0
- Denial Of Service in Strapi Framework using argument injection to Node.js third-party modules - 11 upvotes, $0
- Insufficient limitation of web page title leads to DoS against ICQ for Android to Mail.ru - 11 upvotes, $0
- Permanent DOS for new users! to Stripo Inc - 11 upvotes, $0
- Permanent DoS at https://happy.tools/ when inviting a user to Automattic - 11 upvotes, $0
- Denial of service via cache poisoning on https://www.data.gov/ to GSA Bounty - 11 upvotes, $0
- The parameter in the POST query allows to control size of returned page which in turn can lead to the potential DOS attack to LocalTapiola - 10 upvotes, $315
- xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php to U.S. Dept Of Defense - 10 upvotes, $0
- Denial of service due to invalid memory access in mrb_ary_concat to shopify-scripts - 9 upvotes, $8000
- Rack CVE-2022-30122: Denial of Service Vulnerability in Rack Multipart Parsing to Internet Bug Bounty - 9 upvotes, $2400
- Single User DOS on SelectedLocale -cookie (verkkopalvelu.tapiola.fi) to LocalTapiola - 9 upvotes, $400
- Single user DOS on selectedLanuage -cookie at (verkkopalvelu.tapiola.fi) to LocalTapiola - 9 upvotes, $100
- Proxy service crash DoS to Factlink - 9 upvotes, $0
- Denial of Service through set_preference.json to Keybase - 9 upvotes, $0
- Fix for self-DoS in Security-txt Chrome Extension. to Ed - 9 upvotes, $0
- XML hash collision DoS vulnerability in Python's xml.etree module to Internet Bug Bounty - 9 upvotes, $0
- DoS for remote nodes using Slow Loris attack to Monero - 9 upvotes, $0
- Cisco ASA Denial of Service & Path Traversal (CVE-2018-0296) to ok.ru - 9 upvotes, $0
- Multiple HTTP/2 DOS Issues to Node.js - 9 upvotes, $0
- load scripts DOS vulnerability to OLX - 9 upvotes, $0
- Cache Posioning leading to denial of service at
█████████
- Bypass fix from report #1198434 to U.S. Dept Of Defense - 9 upvotes, $0 - Denial of Service in mruby due to null pointer dereference to shopify-scripts - 8 upvotes, $8000
- CVE-2022-32206: HTTP compression denial of service to Internet Bug Bounty - 8 upvotes, $2400
- potential denial of service attack via the locale parameter to Internet Bug Bounty - 8 upvotes, $2400
- CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution to Internet Bug Bounty - 8 upvotes, $480
- Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests to Node.js - 8 upvotes, $250
- DoS in Brave browser for iOS to Brave Software - 8 upvotes, $80
- Возможность провести DoS атаку от имени vk.com сервера to VK.com - 8 upvotes, $0
- Denial of Service in Action Pack Exception Handling to Ruby on Rails - 8 upvotes, $0
- DoS of www.lahitapiolarahoitus.fi via CVE-2018-6389 exploitation to LocalTapiola - 8 upvotes, $0
- CVE-2017-8779 exploit on open rpcbind port could lead to remote DoS to Endless Group - 8 upvotes, $0
- scripts loader DOS vulnerability to FormAssembly - 8 upvotes, $0
- CVE-2022-35252: control code in cookie denial of service to Internet Bug Bounty - 8 upvotes, $0
- Lack of Packet Sanitation in Goflow Results in Multiple DoS Attack Vectors and Bugs to Cloudflare Public Bug Bounty - 7 upvotes, $500
- WordPress Authentication Denial of Service to Instacart - 7 upvotes, $100
- SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg to Imgur - 7 upvotes, $0
- Malformed SHA512 ticket DoS (CVE-2016-6302) to Internet Bug Bounty - 7 upvotes, $0
http-proxy-agent
passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak to Node.js third-party modules - 7 upvotes, $0- Client DoS due to large DH parameter (CVE-2018-0732) to Internet Bug Bounty - 7 upvotes, $0
- Algorithmic complexity vulnerability in ZXCVBN leads to remote denial of service attack to Dropbox - 7 upvotes, $0
- SQL Injection or Denial of Service due to a Prototype Pollution to Node.js third-party modules - 7 upvotes, $0
- [cloudron-surfer] Denial of Service via LDAP Injection to Node.js third-party modules - 7 upvotes, $0
- Denial of Service in anti_ransomware_service.exe via logs files to Acronis - 7 upvotes, $0
- Application level DOS at Login Page ( Accepts Long Password ) to Reddit - 7 upvotes, $0
- DoS at ████████ (CVE-2018-6389) to U.S. Dept Of Defense - 7 upvotes, $0
- DoS at █████(CVE-2018-6389) to U.S. Dept Of Defense - 7 upvotes, $0
- Range constructor type confusion DoS to shopify-scripts - 6 upvotes, $10000
- CVE-2022-32205: Set-Cookie denial of service to Internet Bug Bounty - 6 upvotes, $480
- [DOS] denial of service using code snippet on brave browser to Brave Software - 6 upvotes, $25
- Denial of Service any Report to HackerOne - 6 upvotes, $0
- DOS Report FILE html inside <code> in markdown to HackerOne - 6 upvotes, $0
- DoS vulnerability in mod_auth_digest CVE-2016-2161 to Internet Bug Bounty - 6 upvotes, $0
- WordPress core - Denial of Service via Cross Site Request Forgery to WordPress - 6 upvotes, $0
https-proxy-agent
passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak to Node.js third-party modules - 6 upvotes, $0- Remote P2P DoS to Monero - 6 upvotes, $0
- Lodash "difference" (possibly others) Function Denial of Service Through Unvalidated Input to Node.js third-party modules - 6 upvotes, $0
- HTTP/2 Denial of Service Vulnerability to Node.js - 6 upvotes, $0
- DoS for client-go jsonpath func to Kubernetes - 6 upvotes, $0
- Camera adoption DoS - UniFi Protect to Ubiquiti Inc. - 6 upvotes, $0
- Ruby - Regular Expression Denial of Service Vulnerability of Date Parsing Methods to Internet Bug Bounty - 6 upvotes, $0
- Regular Expression Denial of Service vulnerability to Reddit - 6 upvotes, $0
- ruby DoS https://www.mruby.science to shopify-scripts - 5 upvotes, $8000
- Potential denial of service in hackerone.com/<program>/reward_settings to HackerOne - 5 upvotes, $0
- Denial of service attack on Brave Browser. to Brave Software - 5 upvotes, $0
- [tor] control connection pre-auth DoS (infinite loop) with --enable-bufferevents to Tor - 5 upvotes, $0
- Missing back-end user input validation can lead to DOS flaw to Liberapay - 5 upvotes, $0
- monerod JSON RPC server remote DoS to Monero - 5 upvotes, $0
- DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation to Adobe - 5 upvotes, $0
- DoS via Automatic Response Message to Mattermost - 5 upvotes, $0
- Thumbor misconfiguration at blogapi.uber.com can lead to DoS to Uber - 4 upvotes, $500
- [CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID to Internet Bug Bounty - 4 upvotes, $480
- Fastify uses allErrors: true ajv configuration by default which is susceptible to DoS to Node.js third-party modules - 4 upvotes, $250
- Denial of Service to HackerOne - 4 upvotes, $100
- Arbitrary command execution in MS-DOS to MS-DOS - 4 upvotes, $0
- help.nextcloud.com: Known DoS condition (null pointer deref) in Nginx running to Nextcloud - 4 upvotes, $0
- Filename enumeration && DoS to Nextcloud - 4 upvotes, $0
- No Password Length Restriction leads to Denial of Service to Weblate - 4 upvotes, $0
- Abuse of Api that causes spamming users and possible DOS due to missing rate limit on contact form to Weblate - 4 upvotes, $0
- pngcrush double-free/segfault could result in DoS (CVE-2015-7700) to Internet Bug Bounty - 4 upvotes, $0
- Denial of service in libxml2, using malicious lzma file to consume available system memory to Internet Bug Bounty - 4 upvotes, $0
- Denial of Service: nghttp2 use of uninitialized pointer to Node.js - 4 upvotes, $0
- Application level DoS via xmlrpc.php to U.S. Dept Of Defense - 4 upvotes, $0
- DoS for GCSArtifact.RealAll to Kubernetes - 4 upvotes, $0
- DoS due to improper input validation can break the admin access into the user data will disallow him from editing that user's data. to Nextcloud - 4 upvotes, $0
- Cache Posioning leading do Denial of Service on
www.█████████
to U.S. Dept Of Defense - 4 upvotes, $0 - Slowvote and Countdown can cause Denial of Service due to recursive inclusion to Phabricator - 4 upvotes, $0
- CVE-2022-32206: HTTP compression denial of service to curl - 4 upvotes, $0
- CVE-2022-32205: Set-Cookie denial of service to curl - 4 upvotes, $0
- DoS via lua_read_body() [zhbug_httpd_94] to Internet Bug Bounty - 4 upvotes, $0
- HTTP multi-header compression denial of service to Internet Bug Bounty - 4 upvotes, $0
- Potential denial of service in hackerone.com/teams/new to HackerOne - 3 upvotes, $0
- History Disclosure of MS-Dos to MS-DOS - 3 upvotes, $0
- Apache Range Header Denial of Service Attack (Confirmed PoC) to ownCloud - 3 upvotes, $0
- DoS Attack in Controller Lookup Code to Ruby on Rails - 3 upvotes, $0
- Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval to shopify-scripts - 3 upvotes, $0
- doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) to ownCloud - 3 upvotes, $0
- ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) to Nextcloud - 3 upvotes, $0
- Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML to Ruby - 3 upvotes, $0
- CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) to Internet Bug Bounty - 3 upvotes, $0
- Dos https://iandunn.name/ via CVE-2018-6389 exploitation to Ian Dunn - 3 upvotes, $0
- load scripts DOS vulnerability to BlockDev Sp. Z o.o - 3 upvotes, $0
- HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion to Node.js - 3 upvotes, $0
- Instance Page DOS within Organization on TikTok Ads to TikTok - 3 upvotes, $0
- Denial of Service vulnerability in curl when parsing MQTT server response to curl - 3 upvotes, $0
- Self-DoS due to template injection via email field in password reset form on access.acronis.com to Acronis - 3 upvotes, $0
- Regular Expression Denial of Service in Headers to Node.js - 3 upvotes, $0
- Possible DOS in app with crashing
exceptions_app
to Ruby on Rails - 3 upvotes, $0 - moderate: mod_deflate denial of service to Internet Bug Bounty - 2 upvotes, $500
- Possible DoS Vulnerability in Multipart MIME parsing in rack to Internet Bug Bounty - 2 upvotes, $480
- [CVE-2022-44570] Possible Denial of Service Vulnerability in Rack’s Range header parsing to Internet Bug Bounty - 2 upvotes, $480
- [CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support’s underscore to Internet Bug Bounty - 2 upvotes, $480
- [CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing to Internet Bug Bounty - 2 upvotes, $480
- [CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing to Internet Bug Bounty - 2 upvotes, $480
- DNS Max Responses for DOS to Node.js - 2 upvotes, $250
- Possible SQL injection can cause denial of service attack to Dropbox - 2 upvotes, $0
- Denial of service in report view. to HackerOne - 2 upvotes, $0
- Denial of service in account statistics endpoint to Mapbox - 2 upvotes, $0
- Denial of service attack(window object) on brave browser to Brave Software - 2 upvotes, $0
- Denial of service (segfault) due to null pointer dereference in mrb_vm_exec to shopify-scripts - 2 upvotes, $0
- Abuse of Api that causes spamming users and possible DOS due to missing rate limit to Weblate - 2 upvotes, $0
- Regular Expression Denial of Service (ReDoS) to Node.js third-party modules - 2 upvotes, $0
- Server side includes in https://lgtm-com.pentesting.semmle.net/internal_api/v0.2/savePublicInformation leads to 500 server error and D-DOS to Semmle - 2 upvotes, $0
- Node.js HTTP/2 Large Settings Frame DoS to Node.js - 2 upvotes, $0
- Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS to Agoric - 2 upvotes, $0
- DoS attack against the client when entering a long password to Nextcloud - 2 upvotes, $0
- API Server DoS (crash?) if many large resources (~1MB each) are concurrently/repeatedly sent to an external Validating WebHook endpoint to Kubernetes - 2 upvotes, $0
- [play.mtn.co.za] Application level DoS via xmlrpc.php to MTN Group - 2 upvotes, $0
- 1-click DOS in fastify-static via directly passing user's input to new URL() of NodeJS without try/catch to Fastify - 2 upvotes, $0
- Inadequate input validation on API endpoint leading to self denial of service and increased system load. to IRCCloud - 1 upvotes, $500
- Dashboard panel embedded onto itself causes a denial of service to Phabricator - 1 upvotes, $0
- owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) to ownCloud - 1 upvotes, $0
- CrashPlan Backup is Vulnerable Allowing to a DoS Attack Against Uber's Backups to
backup.uber.com
to Uber - 1 upvotes, $0 - Denial of service(POP UP Recursion) on Brave browser to Brave Software - 1 upvotes, $0
- xmlrpc.php FILE IS enable it can be used for conducting a Bruteforce attack and Denial of Service(DoS) to Ian Dunn - 1 upvotes, $0
- "Self" DOS with large deployment and scaling to Kubernetes - 1 upvotes, $0
- Denial of Service when entring an Array in email at seetings to Nextcloud - 1 upvotes, $0
- [meemo-app] Denial of Service via LDAP Injection to Node.js third-party modules - 1 upvotes, $0
- [json-bigint] DoS via
__proto__
assignment to Node.js third-party modules - 1 upvotes, $0 - [http-live-simulator] Application-level DoS to Node.js third-party modules - 1 upvotes, $0
- DRb denial of service vulnerability to Ruby - 1 upvotes, $0
- Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation to Sifchain - 1 upvotes, $0
- No Password Length Restriction leads to Denial of Service to Reddit - 1 upvotes, $0
- curl "globbing" can lead to denial of service attacks to curl - 1 upvotes, $0
- DOS in browser using window.print() function to Brave Software - 0 upvotes, $0
- Possibility of DOS Through logging System to Quora - 0 upvotes, $0
- Media parsing in canvas is at least vulnerable to Denial of Service through multiple vulnerabilities to Node.js third-party modules - 0 upvotes, $0
- DoS of https://blog.makerdao.com/ via CVE-2018-6389 to BlockDev Sp. Z o.o - 0 upvotes, $0
- A specifically designed sieve script can cause a DoS in lib-sieve during sieve script compilation via NULL pointer dereference to Open-Xchange - 0 upvotes, $0