Top10 publishers:
bobrov117 
geeknik79 
linkks75 
sp1d3rs68 
jobert66 
someonenobbd60 
jon_bottarini49 
netfuzzer48 
haxta4ok0048 
ryat47 

the unofficial HackerOne disclosure timeline.

X
Kubernetes disclosed a bug submitted by amlweems 
Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
13 Aug 2022 timeline
Showmax disclosed a bug submitted by miron666 
Reflected XSS at https://stories.showmax.com/wp-content/themes/theme-internal_ss/blocks/ajax/a.php via `ss_country_filter` param
12 Aug 2022 timeline
Internet Bug Bounty disclosed a bug submitted by s1r1u5 
Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame.
11 Aug 2022 timeline
Shopify disclosed a bug submitted by 0x50d 
Admin panel Exposure without credential at https://plus-website.shopifycloud.com/admin.php
11 Aug 2022 timeline
Top Echelon Software disclosed a bug submitted by hammodmt 
Wordpress Users Disclosure (/wp-json/wp/v2/users/)
11 Aug 2022 timeline
Hyperledger disclosed a bug submitted by bhaskar_ram 
fix(security):Path Traversal Bug
11 Aug 2022 timeline
Top Echelon Software disclosed a bug submitted by sohelahmed786 
Disable xmlrpc.php file
11 Aug 2022 timeline
PortSwigger Web Security disclosed a bug submitted by mr_vrush 
Redirection in Repeater & Intruder Tab
11 Aug 2022 timeline
Hyperledger disclosed a bug submitted by cet2000 
many commands can be manipulated to delete identities or affiliations
10 Aug 2022 timeline
Acronis disclosed a bug submitted by mega7 
Read-only administrator can change agent update settings
10 Aug 2022 timeline
Glassdoor disclosed a bug submitted by emanelyazji 
[CRITICAL] Full account takeover without user interaction on sign with Apple flow
09 Aug 2022 timeline
HackerOne disclosed a bug submitted by jobert 
Ability to escape database transaction through SQL injection, leading to arbitrary code execution
09 Aug 2022 timeline
Top Echelon Software disclosed a bug submitted by anonymmert12 
xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)
08 Aug 2022 timeline
Nextcloud disclosed a bug submitted by error2001 
Lack of Rate limit while joining video call in talk section which is password protected
08 Aug 2022 timeline
RATELIMITED disclosed a bug submitted by codeslayer137 
HTTP PUT method is enabled downloader.ratelimited.me
07 Aug 2022 timeline
Omise disclosed a bug submitted by codeslayer137 
Anonymous access control - Payments Status
07 Aug 2022 timeline
Hyperledger disclosed a bug submitted by freskimo 
RCE vulnerability in Hyperledger Fabric SDK for Java
06 Aug 2022 timeline
Hyperledger disclosed a bug submitted by mttrbrts 
Enrolling to a CA that returns an empty response crashes the node process
06 Aug 2022 timeline
Hyperledger disclosed a bug submitted by xiaoc 
Brute Force of fabric-ca server admin account
06 Aug 2022 timeline
1 2 3 ... 620
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM