REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
67
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'Trailing-dot IPv4 URL bypasses IP-address guard, allows wildcard DNS SAN match'
17 May 2026
b'curl'
disclosed a bug submitted by
b'mulan_dh'
b'NULL pointer dereference in libcurl URL API redirect_url() with CURLU_DEFAULT_SCHEME'
17 May 2026
b'Nextcloud'
disclosed a bug submitted by
b'suul'
b'SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution'
15 May 2026
b'Yuga Labs'
disclosed a bug submitted by
b'r00tsid'
b'Origin IP Exposed waf bypass'
14 May 2026
b'curl'
disclosed a bug submitted by
b'rootofpi_ramesh'
b'Kerberos/SPNEGO Connection Reuse Vulnerability'
14 May 2026
b'AWS VDP'
disclosed a bug submitted by
b'jcow'
b'QuickSight Authorization Bypass: Chat Agents Accessible Despite Custom Permissions Denial'
12 May 2026
b'Liberapay'
disclosed a bug submitted by
b'rox-11'
b'another liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link'
09 May 2026
b'Liberapay'
disclosed a bug submitted by
b'rox-11'
b'Liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link'
09 May 2026
b'Nextcloud'
disclosed a bug submitted by
b'vidang04'
b'Private circle can be added to another circle via API despite visibility restriction'
08 May 2026
b'Nextcloud'
disclosed a bug submitted by
b'0x0doteth'
b'Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner '
08 May 2026
b'Nextcloud'
disclosed a bug submitted by
b'yoyomiski'
b'View-only guests could see deleted Collectives pages in the trashbin'
08 May 2026
b'curl'
disclosed a bug submitted by
b'shecantcode2'
b'mbedTLS private-key blob null-termination asymmetry in lib/vtls/mbedtls.c (mbed_load_privkey)'
07 May 2026
b'Ruby on Rails'
disclosed a bug submitted by
b'ksw9722'
b'ActiveStorage Disk Service Path Traversal via Custom Blob Key Injection'
07 May 2026
b'Monero'
disclosed a bug submitted by
b'rorkh'
b'Critical Deadlock Vulnerability in Monero RPC Leading to Complete Node Paralysis'
06 May 2026
b'Monero'
disclosed a bug submitted by
b'yulge'
b'Connection Count Bug in Monero Node Enables Outbound Peer Reset Attack'
06 May 2026
b'curl'
disclosed a bug submitted by
b'p4p3r_hak'
b'wcurl treats some URL operands after -- as curl options'
06 May 2026
b'PortSwigger Web Security'
disclosed a bug submitted by
b'bereza4321'
b'Out of scope: Improper Input Validation Order on /api-internal/login via password field leads to unnecessary resource consumption'
05 May 2026
b'curl'
disclosed a bug submitted by
b'ravindrasl2026'
b'Potential Resource Leak in tool_parsecfg.c at line 279 during fileerror'
05 May 2026
b'curl'
disclosed a bug submitted by
b'codexxxx'
b'libcurl 8.20.0 incomplete fix for CVE-2026-7168: changing only CURLOPT_PROXYPORT leaks stale Proxy Digest auth to a different proxy'
05 May 2026
1
2
3
...
761
BY DENIS WERNER - @NOBBD -
IMPRESSUM
