10 replies

0day rce popular software, no bug bounty, many targets.

i recently found an rce for a somewhat popular software, but they offer no bounties. however, said vulnerability is exploitable on hundreds of servers owned by many different companies. any advice?

guninvalid? more like stupidvali•6/17/25, 11:11 PM

i mean if all you care about is getting paid you could go to the black market... there's a thousand different very good reasons why you shouldn't, but you could...

Ccontact i recently found an rce for a somewhat popular software, but they offer no bount...

guninvalid? more like stupidvali•6/17/25, 11:12 PM

standard procedure is to disclose it to the company anyway

guninvalid? more like stupidvali•6/17/25, 11:13 PM

try all you can to make sure they're aware of the vulnerability, email their support line, call their phone number, add people on linkedin if you have to. that's partly to cover your ass legally