REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
52
b'haxta4ok00'
49
b'jon_bottarini'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'PlayStation'
disclosed a bug submitted by
b'theflow0'
b'sys_fsc2h_ctrl kernel stack free'
18 Apr 2025
b'Autodesk'
disclosed a bug submitted by
b'ahmednasr1'
b'Reflected XSS Vulnerability in SVG File at area-resources-stg.autodesk.com'
17 Apr 2025
b'WakaTime'
disclosed a bug submitted by
b'0x_matrix'
b'Leaked credentials ( emails and passwords , etc...)'
16 Apr 2025
b'Shopify'
disclosed a bug submitted by
b'raymond_lind'
b'Reflected XSS In Marketing Reports Page On *.myshopify.com/admin'
15 Apr 2025
b'Monero'
disclosed a bug submitted by
b'padillac'
b'low-level p2p ping + tcp flooding leads to a remote crash in monerod'
14 Apr 2025
b'WakaTime'
disclosed a bug submitted by
b'parthabishwas'
b'Login Information and Credentials Have Been Leaked on wakatime.com'
13 Apr 2025
b'1Password - Enterprise Password Manager'
disclosed a bug submitted by
b'stomper4'
b'#**CSV Injection in shared passwords leads to complete Private Vault Exfiltration**'
12 Apr 2025
b'Lichess'
disclosed a bug submitted by
b'ryomenshuvro'
b'Direct IP Access to Website'
11 Apr 2025
b'Ruby on Rails'
disclosed a bug submitted by
b'leonsirio'
b'1-Click Cross-Site Scripting via Custom Configuration in SafeListSanitizer'
09 Apr 2025
b'AWS VDP'
disclosed a bug submitted by
b'nick_frichette_dd'
b'(Part 2) Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration'
08 Apr 2025
b'Autodesk'
disclosed a bug submitted by
b'0xsom3a'
b'HTML Injection in Business Name Parameter in Payapps'
07 Apr 2025
b'KHealth'
disclosed a bug submitted by
b'eneri'
b'Information disclouser from URL parameter "access" lead to Account Takeover'
07 Apr 2025
b'Adobe'
disclosed a bug submitted by
b'jf0x0r'
b'Disclosure of git metadata and springboot actuator information'
07 Apr 2025
b'HackerOne'
disclosed a bug submitted by
b'avinash_'
b'The /reports/:id.json endpoint discloses potentially sensitive user attributes when reporter summary is present'
01 Apr 2025
b'Informatica'
disclosed a bug submitted by
b'growler09'
b'No rate limiting on form[register]'
28 Mar 2025
b'Hemi VDP'
disclosed a bug submitted by
b'aaravhex'
b'Cloudflare WAF Bypass - Origin IP Exposure'
27 Mar 2025
b'Shopify'
disclosed a bug submitted by
b'ooooooo_q'
b'HTTP Response Header Injection in shopify/pitchfork + Rack 3'
27 Mar 2025
b'Brave Software'
disclosed a bug submitted by
b'canalun'
b'Null Pointer Dereference by Crafted Response from AI Model'
26 Mar 2025
b'AWS VDP'
disclosed a bug submitted by
b'nick_frichette_dd'
b'Non-Production API Endpoints for the Forecast Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration'
24 Mar 2025
1
2
3
...
724
BY DENIS WERNER - @NOBBD -
IMPRESSUM