Dashboard



Recent Scopes (30 days or less)

Target: OKG
  • Asset type: OTHER
  • Asset identifier: OKX Wallet Safari Extension
  • Max severity: critical
  • Updated at: June 21, 2024, 7:30 a.m.
  • Instructions:

    https://apps.apple.com/us/app/okx-wallet/id6463797825

Target: Crowdstrike
  • Asset type: WILDCARD
  • Asset identifier: *.flowsecurity.app
  • Max severity: critical
  • Updated at: June 20, 2024, 7:12 p.m.
  • Instructions:

    Excluding 3rd party maintained targets

Target: Compass
  • Asset type: APPLE_STORE_APP_ID
  • Asset identifier: https://apps.apple.com/us/app/compass-real-estate-homes/id692766504
  • Max severity: critical
  • Updated at: June 20, 2024, 6 p.m.
Target: Compass
  • Asset type: GOOGLE_PLAY_APP_ID
  • Asset identifier: com.compass.compass
  • Max severity: critical
  • Updated at: June 20, 2024, 5:58 p.m.
Target: Booking.com
  • Asset type: WILDCARD
  • Asset identifier: *.fareharbor.com
  • Max severity: critical
  • Updated at: June 18, 2024, 2:52 p.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.dropmix.com
  • Max severity: critical
  • Updated at: June 17, 2024, 10:16 a.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.dancecentral.com
  • Max severity: critical
  • Updated at: June 17, 2024, 9:52 a.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.audicagame.com
  • Max severity: critical
  • Updated at: June 17, 2024, 9:52 a.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.amplitude-game.com
  • Max severity: critical
  • Updated at: June 17, 2024, 9:51 a.m.
Target: Nextcloud
  • Asset type: SOURCE_CODE
  • Asset identifier: https://github.com/nextcloud/collectives
  • Max severity: critical
  • Updated at: June 17, 2024, 9:03 a.m.
  • Instructions:

    Code from [https://github.com/nextcloud/collectives](https://github.com/nextcloud/collectives) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

Target: Slack
  • Asset type: OTHER
  • Asset identifier: Slack Desktop Application
  • Max severity: critical
  • Updated at: June 13, 2024, 11:16 a.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadopago.com.uy
  • Max severity: critical
  • Updated at: June 11, 2024, 8:28 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadopago.com.pe
  • Max severity: critical
  • Updated at: June 11, 2024, 8:27 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadopago.com.mx
  • Max severity: critical
  • Updated at: June 11, 2024, 8:27 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadopago.com.co
  • Max severity: critical
  • Updated at: June 11, 2024, 8:27 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadopago.com.br
  • Max severity: critical
  • Updated at: June 11, 2024, 8:27 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadopago.com.ar
  • Max severity: critical
  • Updated at: June 11, 2024, 8:27 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: api.mercadopago.com
  • Max severity: critical
  • Updated at: June 11, 2024, 8:26 p.m.
  • Instructions:

    See Mercado Pago API [documentation here](https://www.mercadopago.com.ar/developers/en/reference)

Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadopago.cl
  • Max severity: critical
  • Updated at: June 11, 2024, 8:26 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadolivre.com.br
  • Max severity: critical
  • Updated at: June 11, 2024, 8:26 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadolibre.com.uy
  • Max severity: critical
  • Updated at: June 11, 2024, 8:25 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadolibre.com.pe
  • Max severity: critical
  • Updated at: June 11, 2024, 8:25 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadolibre.com.mx
  • Max severity: critical
  • Updated at: June 11, 2024, 8:25 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadolibre.com.co
  • Max severity: critical
  • Updated at: June 11, 2024, 8:25 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadolibre.com.ar
  • Max severity: critical
  • Updated at: June 11, 2024, 8:24 p.m.
Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: api.mercadolibre.com
  • Max severity: critical
  • Updated at: June 11, 2024, 8:24 p.m.
  • Instructions:

    https://developers.mercadolibre.com.ar/es_ar/api-docs-es

Target: MercadoLibre
  • Asset type: GOOGLE_PLAY_APP_ID
  • Asset identifier: com.mercadopago.wallet
  • Max severity: critical
  • Updated at: June 11, 2024, 8:24 p.m.
  • Instructions:

    Mercado Pago Android:
    https://play.google.com/store/apps/details?id=com.mercadopago.wallet

Target: MercadoLibre
  • Asset type: APPLE_STORE_APP_ID
  • Asset identifier: com.mercadopago.MercadoPago
  • Max severity: critical
  • Updated at: June 11, 2024, 8:23 p.m.
  • Instructions:

    Mercado Pago iOS
    https://itunes.apple.com/ar/app/mercado-pago-recargar-celular/id925436649

Target: MercadoLibre
  • Asset type: GOOGLE_PLAY_APP_ID
  • Asset identifier: com.mercadolibre
  • Max severity: critical
  • Updated at: June 11, 2024, 8:23 p.m.
  • Instructions:

    Mercado Libre Android: https://play.google.com/store/apps/details?id=com.mercadolibre

Target: MercadoLibre
  • Asset type: GOOGLE_PLAY_APP_ID
  • Asset identifier: com.mercadoenvios.driver
  • Max severity: critical
  • Updated at: June 11, 2024, 8:23 p.m.
  • Instructions:

    Mercado Envíos Flex: https://play.google.com/store/apps/details?id=com.mercadoenvios.driver

Target: MercadoLibre
  • Asset type: GOOGLE_PLAY_APP_ID
  • Asset identifier: com.mercadoenvios.crowdsourcing
  • Max severity: critical
  • Updated at: June 11, 2024, 8:23 p.m.
  • Instructions:

    Mercado Envíos Extra: https://play.google.com/store/apps/details?id=com.mercadoenvios.crowdsourcing

Target: MercadoLibre
  • Asset type: APPLE_STORE_APP_ID
  • Asset identifier: com.3mosquitos.MercadoLibre
  • Max severity: critical
  • Updated at: June 11, 2024, 8:23 p.m.
  • Instructions:

    Mercado Libres iOS: https://apps.apple.com/ar/app/mercado-libre/id463624852

Target: MercadoLibre
  • Asset type: HARDWARE
  • Asset identifier: Point Smart
  • Max severity: critical
  • Updated at: June 11, 2024, 8:21 p.m.
  • Instructions:

    (MLA) - https://www.mercadopago.com.ar/point-smart
    (MLB) - https://www.mercadopago.com.br/point-smart

Target: MercadoLibre
  • Asset type: OTHER
  • Asset identifier: Other
  • Max severity: high
  • Updated at: June 11, 2024, 8:21 p.m.
  • Instructions:

    Choose this scope if the submission is related to scope defined but not listed before.

    Eligibility for a reward will be determined based on one or more of the following criteria:
    * Asset belonging to our company infrastructure/code or third-party
    * Vulnerability already addressed as part of another internal strategy towards third-party assets
    * End-customer data compromised buyer/sellers

    As a rule of thumb, vulnerabilities in third party infrastructure will mostly be inelegible for full bounty compared with vulnerabilities which fits the program detailed scope and belongs to mercadolibre infrastructure and code.

Target: MercadoLibre
  • Asset type: OTHER
  • Asset identifier: Mercado Pago Apps Endpoints
  • Max severity: critical
  • Updated at: June 11, 2024, 8:19 p.m.
  • Instructions:

    The **endpoints in scope** at this point in time are **just only those consumed by the Mercado Pago Mobile Apps** (Android & iOS). Domains and subdomains consumed through a webview/web browser inside app are out of scope. Third party sites also are out of scope.

Target: MercadoLibre
  • Asset type: URL
  • Asset identifier: www.mercadolibre.cl
  • Max severity: critical
  • Updated at: June 11, 2024, 8:17 p.m.
Target: Hyperledger
  • Asset type: SOURCE_CODE
  • Asset identifier: https://github.com/hyperledger/besu-verkle-trie
  • Max severity: critical
  • Updated at: June 11, 2024, 3:52 p.m.
Target: Hyperledger
  • Asset type: SOURCE_CODE
  • Asset identifier: https://github.com/hyperledger/besu-native
  • Max severity: critical
  • Updated at: June 11, 2024, 3:51 p.m.
Target: Hyperledger
  • Asset type: SOURCE_CODE
  • Asset identifier: https://github.com/hyperledger/besu-errorprone-checks
  • Max severity: critical
  • Updated at: June 11, 2024, 3:51 p.m.
Target: Hyperledger
  • Asset type: SOURCE_CODE
  • Asset identifier: https://github.com/hyperledger/fabric-admin-sdk
  • Max severity: critical
  • Updated at: June 11, 2024, 3:47 p.m.
Target: Hyperledger
  • Asset type: SOURCE_CODE
  • Asset identifier: https://github.com/hyperledger/besu
  • Max severity: critical
  • Updated at: June 11, 2024, 3:42 p.m.
Target: Enjin
  • Asset type: URL
  • Asset identifier: platform.enjin.io
  • Max severity: critical
  • Updated at: June 11, 2024, 10:15 a.m.
  • Instructions:

    You can also test, for free, on [platform.canary.enjin.io](https://platform.canary.enjin.io).

    The Enjin Platform is open-source. You can access the code on our [GitHub Organization](https://github.com/enjin). All related repositories start with the `platform-` prefix.

Target: Enjin
  • Asset type: OTHER
  • Asset identifier: Enjin Blockchain
  • Max severity: critical
  • Updated at: June 11, 2024, 10:10 a.m.
  • Instructions:

    The Enjin Blockchain refers to either the Enjin Relaychain or the Enjin Matrixchain. It does not refer to other (community-operated) Matrixchains.

    Issues originating from Substrate are notifiable but ineligible for a bounty as Enjin Blockchain will automatically work towards scheduling upgrades from Substrate, which includes new features; bug fixes; and security fixes.

Target: Enjin
  • Asset type: OTHER
  • Asset identifier: Enjin Coin - Ethereum ERC-20 Contract
  • Max severity: critical
  • Updated at: June 11, 2024, 10:02 a.m.
  • Instructions:

    Mainnet Contract: `0xF629cBd94d3791C9250152BD8dfBDF380E2a3B9c`

    **Background**
    Enjin Coin (ENJ) is an Ethereum-based cryptocurrency used to directly back the value of next-generation blockchain assets. It is the gold standard for digital assets.

    **Additional Conditions**
    All testing must be conducted on the Goerli (testnet) contract. The deployed contract is identical to that of the Mainnet contract.

Target: Enjin
  • Asset type: OTHER
  • Asset identifier: Enjin - Ethereum ERC-1155 Contract
  • Max severity: critical
  • Updated at: June 11, 2024, 10:02 a.m.
  • Instructions:

    Mainnet Contract: `0xfaaFDc07907ff5120a76b34b731b278c38d6043C`

    **Background**
    This contract is the official ERC-1155 contract, used by Enjin, for the creation of assets within the Enjin ecosystem.

    **Additional Conditions**
    All testing must be conducted on the Goerli (testnet) contract. The deployed contract is identical to that of the Mainnet contract.

Target: Slack
  • Asset type: URL
  • Asset identifier: *.quip.com
  • Max severity: critical
  • Updated at: June 11, 2024, 9:50 a.m.
  • Instructions:

    Only accepting Critical reports 2023-12-01 to 2025-02-01

Target: Slack
  • Asset type: URL
  • Asset identifier: www.quip.com
  • Max severity: critical
  • Updated at: June 11, 2024, 9:50 a.m.
  • Instructions:

    Only accepting Critical reports 2023-12-01 to 2025-02-01.

Target: Slack
  • Asset type: GOOGLE_PLAY_APP_ID
  • Asset identifier: com.quip.quip
  • Max severity: critical
  • Updated at: June 11, 2024, 9:49 a.m.
  • Instructions:

    Only accepting Critical reports 2023-12-01 to 2025-02-01.

Target: Nextcloud
  • Asset type: SOURCE_CODE
  • Asset identifier: https://github.com/nextcloud/files_confidential
  • Max severity: critical
  • Updated at: June 7, 2024, 7:57 a.m.
  • Instructions:

    Code from [https://github.com/nextcloud/files_confidential](https://github.com/nextcloud/files_confidential) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

Target: Nextcloud
  • Asset type: SOURCE_CODE
  • Asset identifier: https://github.com/nextcloud/tables
  • Max severity: critical
  • Updated at: June 7, 2024, 7:56 a.m.
  • Instructions:

    Code from [https://github.com/nextcloud/tables](https://github.com/nextcloud/tables) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

Target: MetaMask
  • Asset type: OTHER
  • Asset identifier: MetaMask Message Signing Snap
  • Max severity: critical
  • Updated at: June 6, 2024, 1:30 p.m.
  • Instructions:

    This Snap provides automatic message signing using a pseudo randomly generated snap private key

    **Supporting Documentation and source code:**

    - https://github.com/MetaMask/message-signing-snap

Target: Kolesa Group
  • Asset type: APPLE_STORE_APP_ID
  • Asset identifier: 1431768824
  • Max severity: critical
  • Updated at: May 30, 2024, 5:43 a.m.
Target: Kolesa Group
  • Asset type: OTHER_APK
  • Asset identifier: uz.avtoelon
  • Max severity: critical
  • Updated at: May 30, 2024, 5:43 a.m.
Target: Kolesa Group
  • Asset type: URL
  • Asset identifier: id.avtoelon.uz
  • Max severity: critical
  • Updated at: May 30, 2024, 5:43 a.m.
Target: Kolesa Group
  • Asset type: URL
  • Asset identifier: app.avtoelon.uz
  • Max severity: critical
  • Updated at: May 30, 2024, 5:43 a.m.
Target: Kolesa Group
  • Asset type: URL
  • Asset identifier: api.avtoelon.uz
  • Max severity: critical
  • Updated at: May 30, 2024, 5:43 a.m.
Target: Kolesa Group
  • Asset type: URL
  • Asset identifier: m.avtoelon.uz
  • Max severity: critical
  • Updated at: May 30, 2024, 5:43 a.m.
Target: Kolesa Group
  • Asset type: URL
  • Asset identifier: avtoelon.uz
  • Max severity: critical
  • Updated at: May 30, 2024, 5:43 a.m.
Target: OKG
  • Asset type: OTHER
  • Asset identifier: Okcoin iOS App
  • Max severity: medium
  • Updated at: May 29, 2024, 9:19 a.m.
  • Instructions:

    https://apps.apple.com/us/app/okcoin-buy-bitcoin-crypto/id867444712

Target: Remitly
  • Asset type: URL
  • Asset identifier: ablink.info.remitly.com
  • Max severity: high
  • Updated at: May 28, 2024, 2:26 p.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: horizonchaseturbo.com
  • Max severity: low
  • Updated at: May 28, 2024, 12:15 p.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: horizonchase.com.br
  • Max severity: low
  • Updated at: May 28, 2024, 12:15 p.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: horizonchase.com
  • Max severity: low
  • Updated at: May 28, 2024, 12:15 p.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: aquiris.com.br
  • Max severity: low
  • Updated at: May 28, 2024, 12:14 p.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.fallguys.com
  • Max severity: low
  • Updated at: May 28, 2024, 12:08 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: ballistic.com.br
  • Max severity: low
  • Updated at: May 28, 2024, 12:08 p.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: ballistic.com
  • Max severity: low
  • Updated at: May 28, 2024, 12:07 p.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: aquiris.studio
  • Max severity: low
  • Updated at: May 28, 2024, 11:08 a.m.
Target: Booking.com
  • Asset type: URL
  • Asset identifier: fareharborsites.com
  • Max severity: critical
  • Updated at: May 28, 2024, 9:29 a.m.
Target: Remitly
  • Asset type: URL
  • Asset identifier: partner-webhook.remitly.io
  • Max severity: high
  • Updated at: May 24, 2024, 9:03 p.m.
Target: Remitly
  • Asset type: URL
  • Asset identifier: cardpayments.remitly.io
  • Max severity: critical
  • Updated at: May 24, 2024, 9:01 p.m.
Target: Remitly
  • Asset type: API
  • Asset identifier: hub-api-sandbox.remitly.io
  • Max severity: medium
  • Updated at: May 24, 2024, 8:59 p.m.
Target: Remitly
  • Asset type: URL
  • Asset identifier: media.remitly.io
  • Max severity: high
  • Updated at: May 24, 2024, 8:59 p.m.
Target: Remitly
  • Asset type: API
  • Asset identifier: funding-webhooks.remitly.io
  • Max severity: high
  • Updated at: May 24, 2024, 4:32 p.m.
  • Asset type: URL
  • Asset identifier: cms.wsop.com
  • Max severity: critical
  • Updated at: May 23, 2024, 8:36 p.m.
Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.artstation.com
  • Max severity: critical
  • Updated at: May 23, 2024, 7:38 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.epicgames.com
  • Max severity: critical
  • Updated at: May 23, 2024, 7:38 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.epicgames.dev
  • Max severity: critical
  • Updated at: May 23, 2024, 7:38 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.unrealengine.com
  • Max severity: critical
  • Updated at: May 23, 2024, 7:37 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.rocketleague.com
  • Max severity: critical
  • Updated at: May 23, 2024, 7:37 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

    **==The white hat is no longer offered as a reward for Rocket League findings.==**

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.cubicmotion.com
  • Max severity: critical
  • Updated at: May 23, 2024, 7:36 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.3lateral.com
  • Max severity: critical
  • Updated at: May 23, 2024, 7:36 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.oncatapult.com
  • Max severity: critical
  • Updated at: May 23, 2024, 7:36 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.unrealtournament.com
  • Max severity: critical
  • Updated at: May 23, 2024, 7:36 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.easy.ac
  • Max severity: critical
  • Updated at: May 23, 2024, 7:35 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.fortnite.com
  • Max severity: critical
  • Updated at: May 23, 2024, 7:35 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.psynet.gg
  • Max severity: critical
  • Updated at: May 23, 2024, 7:33 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Epic Games
  • Asset type: URL
  • Asset identifier: *.psyonix.com
  • Max severity: critical
  • Updated at: May 23, 2024, 7:33 p.m.
  • Instructions:

    ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
    If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.

Target: Circle BBP
  • Asset type: SMART_CONTRACT
  • Asset identifier: https://github.com/circlefin/solana-cctp-contracts
  • Max severity: critical
  • Updated at: May 23, 2024, 5:12 p.m.
Target: Circle BBP
  • Asset type: SMART_CONTRACT
  • Asset identifier: http://github.com/circlefin/noble-cctp
  • Max severity: critical
  • Updated at: May 23, 2024, 5:10 p.m.
Target: Circle BBP
  • Asset type: SMART_CONTRACT
  • Asset identifier: https://github.com/circlefin/evm-cctp-contracts
  • Max severity: critical
  • Updated at: May 23, 2024, 5:10 p.m.
Target: Circle BBP
  • Asset type: URL
  • Asset identifier: app.circle.com
  • Max severity: critical
  • Updated at: May 23, 2024, 5:10 p.m.
Target: Circle BBP
  • Asset type: URL
  • Asset identifier: api.circle.com
  • Max severity: critical
  • Updated at: May 23, 2024, 5:10 p.m.
  • Asset type: URL
  • Asset identifier: www.wsop.com
  • Max severity: critical
  • Updated at: May 23, 2024, 1:15 p.m.
  • Asset type: URL
  • Asset identifier: wsop.com
  • Max severity: critical
  • Updated at: May 23, 2024, 1:09 p.m.
Target: Discourse
  • Asset type: SOURCE_CODE
  • Asset identifier: https://github.com/discourse/discourse
  • Max severity: critical
  • Updated at: May 23, 2024, 6:08 a.m.