REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'OpenSSL backend: X509 peer certificate not freed in ossl_get_channel_binding causes per-request memory leak (DoS risk for long-lived clients)'
08 Oct 2025
b'Omise'
disclosed a bug submitted by
b'mantu1738'
b'Pending invites remain valid even after the inviter is removed.'
08 Oct 2025
b'SingleStore'
disclosed a bug submitted by
b'4x4'
b'Exceeding the limit of Workspaces via Race Condition'
06 Oct 2025
b'curl'
disclosed a bug submitted by
b'donutshunter'
b'Unsanitized IPFS CID Allows SSRF Against Configured Gateway'
03 Oct 2025
b'Rockstar Games'
disclosed a bug submitted by
b'gavinmartinwv'
b'Access to the personal emails of Rockstar Support agents through the support platform'
02 Oct 2025
b'curl'
disclosed a bug submitted by
b'leftyha'
b'AWS SigV4 Signature Disclosure via Verbose Logging in libcurl'
01 Oct 2025
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'null_smashmaster0045'
b"`use-mcp`'s oauth2 process uses a window.open call with untrusted mcp server provided data allowing for code execution under the page using it"
30 Sep 2025
b'Nextcloud'
disclosed a bug submitted by
b'farhad0x1'
b'Information Exposure Through Directory Listing'
29 Sep 2025
b'Nextcloud'
disclosed a bug submitted by
b'farhad0x1'
b'Email not verified when changing afterwards on apps.nextcloud.com'
29 Sep 2025
b'Nextcloud'
disclosed a bug submitted by
b'farhad0x1'
b' Exposing debug.log file leads to server full path disclosure'
29 Sep 2025
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'SMTP Command Injection Vulnerabilities in curl'
26 Sep 2025
b'curl'
disclosed a bug submitted by
b'z3r0yu'
b'Inconsistent URL Parsing in curl Leading to Potential SSRF and Access Control Bypass'
26 Sep 2025
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'Race condition on global `gss_context` during SOCKS5 GSS-API negotiation in libcurl'
26 Sep 2025
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'Use-after-free when POST body buffer is freed before transfer'
26 Sep 2025
b'Informatica'
disclosed a bug submitted by
b'admin097'
b'XSS1'
24 Sep 2025
b'GitHub'
disclosed a bug submitted by
b'furbreeze'
b'Arbitrary Read of Another Users private repository without Authorization'
23 Sep 2025
b'Insightly'
disclosed a bug submitted by
b'xploiterr'
b'Stored XSS via LINK Name.'
23 Sep 2025
b'Kubernetes'
disclosed a bug submitted by
b'ian'
b'elections.k8s.io uses weak session secret key, may place elections at risk'
19 Sep 2025
b'Insightly'
disclosed a bug submitted by
b'khaledx'
b'Stored XSS in Email Notifcation '
19 Sep 2025
1
2
3
...
739
BY DENIS WERNER - @NOBBD -
IMPRESSUM