Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Consensys' disclosed a bug submitted by b'aszx87410' 
b'Authorization Bypass in Starknet Snap via enableAuthorize parameter leads to unauthorized transaction signing'
13 Mar 2026 timeline
b'IBM' disclosed a bug submitted by b'cr3ckerxploit' 
b'SQL Injection vulnerability found on ibm.com endpoint'
12 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'henriqueg' 
b'Curl_compareheader() fails to match multi-value HTTP headers'
12 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'otiscui' 
b'urlapi: off-by-one in custom scheme validation skips last character'
12 Mar 2026 timeline
b'Lovable VDP' disclosed a bug submitted by b'marioniangi' 
b'Bypass of Open Redirect Fix on lovable.dev via /..// Path Traversal in redirect parameter'
12 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'm777m0' 
b'NULL Pointer Dereference (DoS) in libcurl SFTP QUOTE command parsing due to missing return statement'
11 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'rat5ak' 
b'CVE-2026-3805: use after free in SMB connection reuse'
11 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'nobcoder' 
b'CVE-2026-3784: wrong proxy connection reuse with credentials'
11 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'spectreglobalsec' 
b'CVE-2026-3783: token leak with redirect and netrc'
11 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'sabari_n' 
b'Connection Reuse Ignores OAuth Bearer Token Mismatch'
10 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'sabari_n' 
b'CURLOPT_UNRESTRICTED_AUTH Dangerous Default Documentation Gap'
10 Mar 2026 timeline
b'AWS VDP' disclosed a bug submitted by b'locus-x64' 
b'Arbitrary Code Execution via Scanner Bypass in **aws-diagram-mcp-server** `exec()` Namespace'
09 Mar 2026 timeline
b'Lovable VDP' disclosed a bug submitted by b'hossam25' 
b'Users can change project visibility which requires high subscription by just changing request body'
09 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'brewm4ster' 
b'LM Challenge-Response Hash Always Sent in SMB Authentication'
09 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'y_security' 
b"In curl's SASL OAUTHBEARER authentication, including the SOH character (0x01) in the username corrupts the message structure."
08 Mar 2026 timeline
b'Kubernetes' disclosed a bug submitted by b'fisjkars' 
b'Injection in path parameter of Ingress-nginx'
07 Mar 2026 timeline
b'LinkedIn' disclosed a bug submitted by b'safehacker_2715' 
b'IDOR to make someone attend or leave an event'
06 Mar 2026 timeline
b'LinkedIn' disclosed a bug submitted by b'riadalrashed' 
b'Blocking a company page admin prevents him from delete paid media admin or edit his roles'
05 Mar 2026 timeline
b'Lovable VDP' disclosed a bug submitted by b'jdc94' 
b'Open Redirect on lovable.dev via redirect parameter leads to phishing attacks'
05 Mar 2026 timeline
1 2 3 ... 754
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM