Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Rocket.Chat' disclosed a bug submitted by b'soohyun' 
b'Open Redirect in Rocket.Chat'
10 Apr 2026 timeline
b'Mozilla' disclosed a bug submitted by b'adilnbabras' 
b'[Vertical Privilege Escalation] User can Unapproved any Approved Translation at [/translations/unapprove/]'
10 Apr 2026 timeline
b'Mozilla' disclosed a bug submitted by b'adilnbabras' 
b"User Can Delete Other Users' Personal Access Tokens at /delete-token/{token_id}/ on Mozilla Pontoon"
10 Apr 2026 timeline
b'RubyGems' disclosed a bug submitted by b'mclaren650sspider' 
b'Memory leak in gem decode logic can allow attacker to take down Rubygems.org application'
09 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'adityasunny_06' 
b'libcurl: Integer truncation in curl_easy_ssls_import() causes TLS sessions to never expire'
09 Apr 2026 timeline
b'Glassdoor' disclosed a bug submitted by b'auxilus' 
b"wasResumeUsed on /api-internal/api.htm endpoint leaking other user's resume usage status"
08 Apr 2026 timeline
b'Glassdoor' disclosed a bug submitted by b'amakki' 
b'Account Takeover'
08 Apr 2026 timeline
b'Glassdoor' disclosed a bug submitted by b'z3ron3' 
b'Open Redirect '
08 Apr 2026 timeline
b'AWS VDP' disclosed a bug submitted by b'misop00p' 
b'Health check errors silently dropped when channel buffer full'
07 Apr 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'shiva2550' 
b"IDOR on via direct photo URL leads to unauthorized access to deleted and other users' photos"
07 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'mzfr' 
b'no_proxy IDN mismatch: Unicode hostnames bypass proxy exclusion list'
07 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'mzfr' 
b'FTP entrypath accepts 0xFF (Telnet IAC) through incomplete ISCNTRL filter, sent on wire via CWD on connection reuse'
07 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'cutiapretaa' 
b'Improper enforcement of CURLOPT_SOCKS5_AUTH due to missing reuse key validation in libcurl'
07 Apr 2026 timeline
b'Glassdoor' disclosed a bug submitted by b'downgrade' 
b'Cross-Site Leakage of Review Ownership via Navigation Detection'
06 Apr 2026 timeline
b'Glassdoor' disclosed a bug submitted by b'zorixu' 
b'eflected Vulnerability in Glassdoor Blog earch'
06 Apr 2026 timeline
b'Glassdoor' disclosed a bug submitted by b'imtheking' 
b'Full account takeover without user Interaction '
06 Apr 2026 timeline
b'Monero' disclosed a bug submitted by b'jehrenhofermagicgrants' 
b'Reported Denial of Service'
06 Apr 2026 timeline
b'Monero' disclosed a bug submitted by b'jehrenhofermagicgrants' 
b'Reported RPC Overflow'
06 Apr 2026 timeline
b'Glassdoor' disclosed a bug submitted by b'avielt' 
b'Unauthorized usage of External API Key (Usage of Google Maps API Key ==> $$$'
06 Apr 2026 timeline
1 2 3 ... 758
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM