Bounties
Partners
Community
Info
linagora / twake
Project repository
Twake is a secure open source collaboration platform to improve organizational productivity.
Submit a report
FIRST INTERACTION
WITHIN
1 DAY
REVIEW
WITHIN
22 DAYS
FIX
WITHIN
46 DAYS
The Bearer Token still can be used after user logout
Jun 1st 2023
uonghoangminhchau
•
pending
Sensitive Cookie Without Secure Flag
Jun 1st 2023
uonghoangminhchau
•
pending
Sensitive Cookie Without HttpOnly Flag
Jun 1st 2023
uonghoangminhchau
•
pending
jwt token manupulation leads to account takeover
May 19th 2023
bikesh-yadav
•
pending
No rate limit against brute force attack on login page
May 17th 2023
cyberneticsplus
•
pending
XSS via CodeViewer Markdown
Apr 21st 2023
movptr06
•
pending
Password reset link does not expire even after changing password
Apr 13th 2023
exmachinagpt
•
pending
XSS in Integration URL and other 5 places (Bypass of patch)
Mar 30th 2023
70rpedo
•
pending
Lack of brute force protection
May 12th 2023
jeffreygaor
•
Medium
Medium
•
CVE-2023-2675
CVE-2023-2675
XSS Stored inside many user input links
Jan 27th 2023
xanhacks
•
pending
Weak and Hardcoded HMAC Secret Key
Jan 11th 2023
0xsu3ks
•
pending
No Protection Against Bruteforce Attacks on Login Page
Mar 27th 2023
0xsu3ks
•
High
High
•
CVE-2023-1665
CVE-2023-1665
Open Redirect at signup page
Jan 9th 2023
domiee13
•
pending
Open URL Redirection in Signup
Jan 5th 2023
az0mb13
•
pending
SSRF when send message with XML
Jan 4th 2023
kevinkien
•
informative
Critical
Send any message to any to any private channel
Jan 7th 2023
kevinkien
•
High
High
XSS in Integration URL
Jan 1st 2023
rezaduty
•
Medium
Medium
•
CVE-2023-0028
CVE-2023-0028
Use of GET Request Method With Sensitive Query Strings
Oct 4th 2021
0x7zed
•
pending
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
