REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
117
geeknik
79
linkks
75
sp1d3rs
68
jobert
64
someonenobbd
60
jon_bottarini
49
netfuzzer
48
haxta4ok00
48
ryat
47
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
GitLab
disclosed a bug submitted by
thypon
Bypass for Domain-level redirects (Unvalidated Redirects and Forwar)
22 Jun 2022
Reddit
disclosed a bug submitted by
bisesh
Able to approve admin approval and change effective status without adding payment details .
22 Jun 2022
Alohi
disclosed a bug submitted by
zeesozee
Weak rate limit for SIGN.PLUS email verification
21 Jun 2022
Krisp
disclosed a bug submitted by
yassineaboukir
Authentication CSRF resulting in unauthorized account access on Krisp app
20 Jun 2022
Krisp
disclosed a bug submitted by
life__001
Add more seats by paying less via PUT /v2/seats request manipulation
20 Jun 2022
UPS VDP
disclosed a bug submitted by
7odamo
Admin Authentication Bypass Lead to Admin Account Takeover
20 Jun 2022
Enjin
disclosed a bug submitted by
whiteshadow201
Authentication token and CSRF token bypass
19 Jun 2022
Nextcloud
disclosed a bug submitted by
michag86
bypass forced password protection via circles app
19 Jun 2022
UPS VDP
disclosed a bug submitted by
nayefhamouda
Broken access control
18 Jun 2022
IBM
disclosed a bug submitted by
exploitmsf
sql injection via https://setup.p2p.ihost.com/
17 Jun 2022
Enjin
disclosed a bug submitted by
er_salil
CSRF Bypassed on Logout Endpoint
17 Jun 2022
Enjin
disclosed a bug submitted by
akashhamal0x01
Race condition via project team member invitation system.
17 Jun 2022
Yelp
disclosed a bug submitted by
happykira0x1
xmlrpc file enabled
16 Jun 2022
curl
disclosed a bug submitted by
iylz
curl "globbing" can lead to denial of service attacks
16 Jun 2022
Reddit
disclosed a bug submitted by
marvelmaniac
CSRF (protection bypassed) to force a below 18 user into viewing an nsfw subreddit !
16 Jun 2022
TikTok
disclosed a bug submitted by
aidilarf_2000
Stored XSS on TikTok Live Form
16 Jun 2022
LinkedIn
disclosed a bug submitted by
sachinrajput
Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact)
15 Jun 2022
Twitter
disclosed a bug submitted by
saiful6601
Delete direct message history without access the proper conversation_id
15 Jun 2022
Twitter
disclosed a bug submitted by
max2x
Remote 0click exfiltration of Safari user's IP address
15 Jun 2022
1
2
3
...
613
BY DENIS WERNER - @NOBBD -
IMPRESSUM