2018Bugcrowd PrivateOpen Redirect
2018HackerOne PrivateOpen Redirect
2018Qiwi***
2018HackerOne PrivateOpen Redirect
2018HackerOne PrivateSource Code Disclosure
2018HackerOne PrivateSubdomain Takeover
2018Starbucks***
2018HackerOne PrivateCRLF Injection
2018Bugcrowd PrivateOpen Redirect
2018Bugcrowd PrivateXSS
2018Bugcrowd PrivateCSRF
2018Bugcrowd PrivateXSS
2018Bugcrowd PrivateXSS
2018Bugcrowd PrivateCSRF
2018Bugcrowd PrivateCRLF Injection
2018HackerOne PrivateSubdomain Takeover
2018HackerOne PrivateXSS
2018HackerOne PrivateXSS
2018Discourse***
2018Mastercard***
2018HackerOne PrivateCRLF Injection
2018Upserve***
2018Yandex***
2018Yandex***
2018Yandex***
2018Yandex***
2018HackerOne PrivateCRLF Injection
2018Qiwi***
2018HackerOne PrivateSource Code Disclosure
2018TTS***
2018Yandex***
2018Yandex***
2018Vanilla***
2018Netflix***
2018Bitdefender***
2018Yandex***
2018Yandex***
2018Yandex***
2018Bugcrowd PrivateCRLF Injection, XSS
2018HackerOne PrivateXSS
2018Gatecoin***
2018BitMEX***
2018Deribit***
2018HackerOne PrivateXXE
2018HackerOne PrivateXXE
2018HackerOne PrivateArbitrary File Reading
2018HackerOne PrivateRemote Code Execution
2018HackerOne PrivateDoS
2018HackerOne PrivateBusiness Logic Error
2018HackerOne PrivateRemote Code Execution
2018Bugcrowd PrivateAuthentication Bypass
2018Bugcrowd PrivateXSS
2018Bugcrowd PrivateXSS
2018Bugcrowd PrivateCRLF Injection
2018Plaid***
2018Bugcrowd PrivateOpen Redirect
2018HackerOne PrivateOpen Redirect
2018HackerOne PrivateOpen Redirect
2018HackerOne PrivateOpen Redirect
2018Qiwi***
2018Bugcrowd PrivateCRLF Injection
2018Detectify CS***
2018Tesla***
2018Yandex[geointernal.mob.maps.yandex.net] Source Code Disclosure
2018HackerOne PrivateOpen Redirect
2018HackerOne PrivateOpen Redirect
2018Yandex[canvas.yandex.ru] Source Code Disclosure
2018HackerOne PrivateXSS
2018HackerOne PrivateXSS
2017Spotify***
2017Google[poly.google.com] XSS
2017Mail.Ru***
2017HackerOne PrivateCRLF Injection
2017WePay***
2017Bugcrowd PrivateXSS
2017Yandex[st.yandex-team.ru] XSS
2017Yandex[pc.yandex.ru] Information Leakage
2017Yandex[portal-xiva.yandex.net] Source Code Disclosure
2017Yandex[pda-test.yandex.ru] Arbitrary File Reading
2017Yandex[auto.yandex.ru] CRLF Injection
2017HackerOne PrivateCRLF Injection
2017HackerOne PrivateImproper Authentication
2017HackerOne PrivateInformation Leakage
2017HackerOne PrivateXSS
2017HackerOne PrivateXSS
2017Bugcrowd PrivateXSS
2017HackerOne PrivateInsecure CORS
2017Bugcrowd PrivateXSS
2017Twitter[dev.twitter.com] XSS, Open Redirect [2]
2017Ubiquiti Networks[dev-nightly.ubnt.com] Local File Reading
2017Spotify***
2017Bugcrowd PrivateXSS
2017HackerOne PrivateXSS
2017Bugcrowd PrivateCRLF Injection
2017HackerOne PrivateXSS
2017Tesla***
2017HackerOne PrivateInformation Leakage
2017HackerOne PrivateXSS
2017HackerOne PrivateCRLF Injection
2017HackerOne PrivateXSS
2017HackerOne PrivateXSS
2017HackerOne PrivateXSS
2017HackerOne PrivateOpen Redirect
2017HackerOne PrivateXSS
2017HackerOne PrivateXSS
2017HackerOne PrivateOpen Redirect
2017HackerOne PrivateOpen Redirect
2017Yandex[forms.yandex.ru] Open Redirect
2017Ubiquiti Networks[dev-unifi-go.ubnt.com] Insecure CORS
2017StatusPage***
2017Twitter***
2017Google***
2017Detectify CS***
2017Detectify CS***
2017Detectify CS***
2017Ubiquiti Networks[nutty.ubnt.com] DOM Based XSS
2017Algolia[github.algolia.com] DOM Based XSS
2017Postmates***
2017LocalTapiola[www.lahitapiola.fi] Blacklist Bypass
2017Airbnb[m.airbnb.com] CRLF Injection and [airbnb.com] XSS
2017HackerOne PrivateOpen Redirect
2017HackerOne PrivateCRLF Injection
2016Bugcrowd PrivateXSS
2016HackerOne PrivateCRLF Injection
2016Bugcrowd PrivateInformation Leakage
2016Bugcrowd PrivateXSS
2016Bugcrowd PrivateXSS
2016Bugcrowd PrivateCookie Injection
2016LocalTapiola***
2016LocalTapiola[www.lahitapiola.fi] Cookie Injection
2016Yandex[awaps.yandex.ru] Information Leakage
2016Dropbox***
2016Qiwi[qiwi.com] Information Leakage
2016Quora[Android] XSS
2016Quora[*.quora.com] XSS
2016HackerOne PrivateXSS
2016HackerOne PrivateCRLF Injection
2016HackerOne PrivateSource Code Disclosure
2016Bugcrowd PrivateInformation Leakage
2016LocalTapiola[viestinta.lahitapiola.fi] XSS
2016LocalTapiola[viestinta.lahitapiola.fi] SQL Injection
2016LocalTapiola[viestinta.lahitapiola.fi] Email HTML Injection
2016LocalTapiola[viestinta.lahitapiola.fi] SQL Injection
2016HackerOne PrivateXSS
2016HackerOne PrivateXSS
2016LocalTapiola[verkkopalvelu.lahitapiola.fi] Open Redirect
2016Qiwi***
2016Brave Software***
2016Bugcrowd PrivateXSS
2016Automattic[*.wordpress.com] XSS
2016HackerOne PrivateOpen Redirect
2016HackerOne PrivateOpen Redirect
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Yahoo[fb.member.yahoo.com] ***
2016Qiwi[qiwi.com] Information Disclosure
2016Qiwi[ibank.qiwi.ru] UI Redressing
2016Qiwi***
2016Imgur***
2016Shopify[apps.shopify.com] Open Redirect
2016FoxyCart[foxycart.com] ***
2016Android[Android] Elevation of privilege vulnerability in Android Launcher
2016HackerOne PrivateXSS
2016HackerOne PrivateCRLF Injection, XSS
2016HackerOne PrivateXSS
2016HackerOne PrivateOpen Redirect
2016Yandex[*.yandex.ru] XSS
2016HackerOne PrivateInformation Leakage
2016HackerOne PrivateXSS
2016HackerOne PrivateXSS
2016HackerOne PrivateXSS
2016HackerOne PrivateXSS
2016Apache httpd[httpd mod_userdir] CRLF Injection
2016Yahoo[analytics.help.yahoo.com] ***
2016Ubiquiti Networks[account-global.ubnt.com] CRLF Injection
2016HackerOne PrivateOpen Redirect
2016Sucuri[support.sucuri.net] CRLF Injection
2016Google[*.vendortest.ext.google.com] CRLF Injection
2016Mozilla[mozilla.com] CRLF Injection
2016Mail.Ru[upload-*.my.mail.ru] Insecure Direct Object References
2016Mail.Ru[my.mail.ru] HTML Injection
2016Yandex[yandex.ru] Open Redirect
2016Yandex[yandex.ru] XSS
2016Yandex[yandex.ru] Open Redirect
2016Yandex[developer.store.yandex.ru] XSS
2016HackerOne PrivateXSS
2016Uber[riders.uber.com] ***
2016Uber[m.uber.com] Open Redirect
2016Yandex[fx.yandex.ru] Open Redirect
2016Yandex[pogoda.yandex.ru] Open Redirect
2016Yahoo[*.yql.yahoo.com] ***
2016HackerOne PrivateCRLF Injection, XSS
2016Romit[app.romit.io] ***
2016Yandex[api.lbs.yandex.ru] CRLF Injection, XSS
2016Yandex[events.yandex.ru] XSS
2015Yandex[developer.store.yandex.ru] CSRF
2015Zopim[status.zopim.com] Open Redirect
2015Mozilla[mozilla.com] ***
2015Yandex[delivery.yandex.ru] Open Redirect
2015Yandex[api.browser.yandex.ru] XSS, CRLF Injection, Open Redirect
2015Yandex[api.browser.yandex.ru] XSS
2015Yandex[api.browser.yandex.ru] Information Leakage
2015Yandex[mail.yandex.ru] Information Leakage
2015Yandex[yandex.ru] XSS
2015Keybase[keybase.io] Open Redirect
2015Yandex[api.direct.yandex.com] XSS
2015Yandex[m.afisha.yandex.ru] CRLF Injection
2015Yandex[mbo.market.yandex.ru] Insufficient Authorization
2015Mail.Ru[my.mail.ru] CRLF Injection
2015Gratipay[gratipay.com] CRLF Injection
2015Yandex[bnbym.yandex.com.tr] Open Redirect
2015Yahoo[login.yahoo.com] ***
2015Shopify[www.*.myshopify.com] CRLF Injection
2015Mail.Ru[s.mail.ru] CRLF Injection
2015Yandex[partner.yandex.ru] CSRF
2015Yandex[rabota.yandex.ru] Information Leakage
2015Yandex[rabota.yandex.ru] CSRF
2015Yandex[money.yandex.ru] XSS
2015Yandex[adtune.yandex.ru] Open Redirect
2015Yandex[maps.wiki.yandex.ru] UI Redressing
2015Yandex[*.yandex.ru] Information Leakage
2015Yandex[pdd.yandex.ru] XSS
2015Yandex[pdd.yandex.ru] XSS
2015Yandex[awaps.yandex.ru] Information Leakage
2015Yandex[mail.yandex.ru] XSS
2015Yandex[mtquality.maps.yandex.ru] Information Leakage, CSRF, SSRF
2015Yandex[partner.*.yandex.ru] Information Leakage
2015Yandex[mail.yandex.ru] XSS
2015Yandex[mail.yandex.ru] XSS
2015Yandex[browser.export.yandex.com] Information Leakage
2015Yandex[xml.yandex.ru] XSS
2015Yandex[tech.yandex.ru] XSS
2015Trello[blog.trello.com] CRLF Injection
2015Trello[trello.com] Open Redirect
2015Yandex[mail.yandex.ru] Information Leakage
2014Yandex[*.yandex.ru] Information Leakage
2014Yandex[balance.yandex.ru] XSS, Information Leakage
2014Yandex[address.yandex.ru] Open Redirect
2014Yandex[abo.uslugi.yandex.ru] Information Leakage
2014Yandex[tech.yandex.ru] Open Redirect
2014Yandex[abo.market.yandex.ru] XSS
2014Yandex[abo.market.yandex.ru] Information Leakage
2014Yandex[bo.uslugi.yandex.ru] Open Redirect
2014Yandex[mbo.market.yandex.ru] SQL Injection
2014Yandex[www.*.ya.ru] CRLF Injection
2014Indeed[*.indeed.com] ***
2014Square[account.squareup.com] ***
2014Heroku[*.heroku.com] ***
2014Vimeo[vimeopro.com] CRLF Injection
2014Sunrise Calendar[*.sunrise.am] Open Redirect
2014Yandex[company.yandex.com] UI Redress Attack
2014Yandex[pda.yaca.yandex.ru] Cookie Injection
2014Mail.Ru[connect.mail.ru] Memory Disclosure / IE XSS
2014Facebook[facebook.com] XSS
2014Qiwi[qiwi.com] ***
2014Qiwi[sms.qiwi.ru] ***
2014Qiwi[sms.qiwi.ru] ***
2014Qiwi[qiwi.com] Open Redirect
2014Yandex[company.yandex.com] Open Redirect
2014Yandex[company.yandex.com] XSS
2014Yandex[push.yandex.ru] Cross-Site WebSocket Hijacking
2014Yandex[mail.yandex.ru] Open Redirect
2014Yandex[mail.yandex.ru] XSS
2014Yandex[mail.yandex.ru] XSS
2014Yandex[mail.yandex.ru] Stored XSS
2014Yandex[mail.yandex.ru] XSS
2014Yandex[mail.yandex.ru] Content Spoofing
2014Yandex[mail.yandex.ru] XSS
2014Yandex[music.yandex.ru] Stored XSS
2014Django[Django] Cookie Injection [2]
2014Yandex[mail.yandex.ru] XSS
2014Yahoo[answers.yahoo.com] ***
2014Yandex[subs.yandex.ru] XSS
2014Yandex[news.yandex.ru] DOM-Based XSS
2014Qiwi[ishop.qiwi.com] CRLF Injection
2014Yandex[Yandex Direct] XSS
2014Yandex[fotki.yandex.ru] CSRF
2014Yandex[www.yandex.ru] XSS
2014Yandex[market.yandex.ru] Source Code Disclosure
2014Yandex[android-us.apps.yandex.ru] Cookie Injection
2014Yandex[*.yandex.ru] CRLF Injection
2014Google[Google Analytics] Cookie Injection [2]
2014Yandex[widgets.yandex.ru] XSS
2014Yandex[mail.yandex.ru] CSRF
2014Yandex[www.yandex.ru] Stored XSS
2014Yandex[mail.yandex.ru] CSRF
2014Yandex[api-lenta.yandex.ru] XSS
2014Yandex[market.yandex.ru] Cookie Injection
2014Yandex[market.yandex.ru] XSS
2014Yandex[m.afisha.yandex.ru] SSRF
2014Yandex[streaming.video.yandex.ru] CRLF Injection
2014Yandex[partner.news.yandex.ru] XSS
2014Yandex[advq.yandex.ru] Server-Side JavaScript Injection (RCE?)
2014Yandex[balance-slb.yandex.ru] Open Redirect
2014Yandex[wdgt.yandex.ru] Information Leakage
2014Yandex[www.yandex.com.tr] Information Leakage
2014Yandex[my.ya.ru] Open Redirect
2014Yandex[passport.yandex.ru] XSS
2014Yandex[passport.yandex.ru] Open Redirect
2014Yandex[wdgt.yandex.ru] Information Leakage
2014Yandex[www.yandex.com.tr] Information Leakage
2014Yandex[m.tv.yandex.ru] Cookie Injection
2014Yandex[m.tv.yandex.ru] CSRF
2014Yandex[tv.yandex.ru] CSRF
2014Yandex[m.pogoda.yandex.ru] DOM-Based XSS
2014Yahoo[answers.yahoo.com] ***
2014Yandex[*.yandex.ru] Cookie Injection
2014Yandex[api-yaru.yandex.ru] XSS
2013Yandex[*.yandex.ru] Open Redirect
2013Yandex[zakladki.yandex.ru] CRLF Injection
2013Yandex[oauth.yandex.ru] CRLF Injection
2013Yandex[welcome.advertising.yandex.ru] XSS
2013Yandex[m.market.yandex.ru] LFI
2013Yandex[my.ya.ru] DOM-Based XSS
2013Yandex[my.ya.ru] DOM-Based XSS
2013Yandex[company.yandex.ru] DOM Based XSS
2013Google[Google Analytics] Cookie Injection [2]
2013Yahoo[screen.yahoo.com] ***
2013Yandex[site.yandex.ru] XSS
2013Yandex[webmaster.yandex.ru] Open Redirect
2013Yandex[api.yandex.ru] Information Leakage
2013Yandex[bookmarks.yandex.ru] Information Leakage
2013Yandex[bookmarks.yandex.ru] CSRF
2013Yandex[cards.yandex.ru] Information Leakage
2013Yandex[*.yandex.ru] Open Redirect
2013Yandex[balance.yandex.ru] XSS
2013Yandex[balance.yandex.ru] XSS
2013Yandex[bayan.yandex.ru] Information Leakage
2013Yandex[ba.yandex.ru] XSS
2013Yandex[api.yandex.ru] XSS
2013Yandex[api.yandex.ru] XSS
2013Yandex[mail.yandex.ru] Open Redirect
2013Yandex[yaca.yandex.ru] XSS
2013Yandex[cards.yandex.ru] Information Leakage
2013Yandex[cards.yandex.ru] Open Redirect
2013Yandex[cards.yandex.ru] CSRF
2013Yahoo[ru.yahoo.com] ***
2013Yandex[Yandex Direct] XSS
2013Yandex[images.yandex.ru] Information Leakage
2013Yandex[market.yandex.ru] Open Redirect
2013Yandex[flv.video.yandex.ru] SWF XSS
2013Yandex[flv.video.yandex.ru] SWF XSS
2013Yandex[www.yandex.ru] Stored XSS
2013Yandex[www.yandex.ru] XSS
2013Yandex[moikrug.ru] XSS
2013Bugcrowd PrivateXSS
2013Yandex[site.yandex.ru] DOM Based XSS
2013Yandex[rabota.yandex.ru] DOM Based XSS
2013Yandex[*.yandex.ru] Open Redirect
2013Yandex[flv.video.yandex.ru] SWF XSS
2013Yandex[flv.video.yandex.ru] SWF XSS
2013Yandex[bar-widgets.yandex.ru] SWF XSS
2013Yandex[bs.yandex.ru] SWF XSS
2013Yandex[img.yandex.ru] SWF XSS
2013Yandex[fotki.yandex.ru] SWF XSS
2013Yandex[maps.yandex.ru] SWF XSS
2013Yandex[mail.yandex.ru] Open Redirect
2013Yandex[*.yandex.ru] Information Leakage
2013Yandex[xml.yandex.ru] Source Code Disclosure
2013Yandex[disk.yandex.ru] Open Redirect
2013Yandex[taxi.yandex.ru] Open Redirect
2013Yandex[company.yandex.ru] Information Leakage
2013Yandex[feedback.yandex.ru] Information Leakage
2013Yandex[www.yandex.ru] Open Redirect
2013Yandex[api.mobile.maps.yandex.net] CRLF Injection
2013Yandex[yaca.yandex.ru] XSS
2013Yandex[music.yandex.ru] Open Redirect
2013Yandex[mail.yandex.ru] XSS
2013Bugcrowd PrivateSQL Injection
2013Etsy[etsy.com] XSS
2012Yandex[money.yandex] UI redressing
2012Yandex[www.yandex.ru] XSS
2012Yandex[pass.yandex.ru] Memory disclosure
2012Yandex[api.yandex.ru] Information Leakage
2012Yandex[api.yandex.ru] Information Leakage
2012Yandex[mail.yandex.ru] XSS
2012Yandex[mail.yandex.ru] CRLF Injection. Open Redirect
2012Yandex[cards.yandex.ru] Information Leakage
2012Yandex[calendar.yandex.ru] SSRF
2012Yandex[zakladki.yandex.ru] Open Redirect
2012Yandex[pass.yandex.ru] Open Redirect
2012Yandex[*.yandex.ru] DOM Based XSS
2012Yandex[calendar.yandex.ru] Open Redirect
2012Yandex[feedback.yandex] Open Redirect
2012Yandex[www.yandex.ru] XSS
2012Yandex[mail.yandex.ru] HTTP Parameter Pollution
2012Yandex[mail.yandex.ru] Open Redirect
2012Yandex[mail.yandex.ru] CSRF
2012Yandex[pass.moikrug.ru] CRLF Injection
2012Yandex[pass.moikrug.ru] Memory disclosure
2012Yandex[pass.yandex.ru] Open Redirect
2011Facebook[facebook.com] Open Redirect
2011Google[m.youtube.com] XSS
2011Google[m.youtube.com] XSS