REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Django'
disclosed a bug submitted by
b'eyalsec'
b'SQL injection in JSONField KeyTransform'
12 Sep 2025
b'curl'
disclosed a bug submitted by
b'0xrey'
b'TOCTOU Race Condition in HTTP/2 Connection Reuse Leads to Certificate Validation Bypass'
11 Sep 2025
b'TikTok'
disclosed a bug submitted by
b'eneri'
b'Chained Broken Access Control in TikTok Live Backstage Enables Full Control of Public Leaderboard Activities'
11 Sep 2025
b'TikTok'
disclosed a bug submitted by
b'ahmed_xyz'
b"Stored XSS on TikTok's backend leads to the leakage of highly sensitive administrator data (Cookies, API Keys, Internal Paths, Emails, phone numbers)."
11 Sep 2025
b'Khan Academy'
disclosed a bug submitted by
b'meowsint'
b'337k users and 1 employee leaked credentials'
10 Sep 2025
b'curl'
disclosed a bug submitted by
b'bigsleep'
b'CVE-2025-9086: Out of bounds read for cookie path'
10 Sep 2025
b'curl'
disclosed a bug submitted by
b'cruocco'
b'CVE-2025-10148: predictable WebSocket mask'
10 Sep 2025
b'curl'
disclosed a bug submitted by
b'mohmed_shoukry'
b'Confirmed Security Misconfigurations on curl.se (BREACH, Missing Security Headers, ETag Info Disclosure)'
09 Sep 2025
b'Shopify'
disclosed a bug submitted by
b'naveenventure'
b'Session Persistence Designed to Keep Users Logged In Across Multiple Devices (Intended Behaviour)'
04 Sep 2025
b'curl'
disclosed a bug submitted by
b'g3nj1z'
b'libcurl: Host-Only Cookies Leak to Alternate IPv4 Forms'
04 Sep 2025
b'curl'
disclosed a bug submitted by
b'reporascal_1'
b'Heap-buffer-overflow (Out-of-Bounds Read) in DoH hostname encoding'
04 Sep 2025
b'Tucows (VDP)'
disclosed a bug submitted by
b'c0rvuz'
b'Business Logic Error Bypass of OTP Verification During Signup on hover.com'
02 Sep 2025
b'Mars'
disclosed a bug submitted by
b'kuriyama'
b'Unauthenticated Sensitive Information Disclosure on CVE-2021-38314'
02 Sep 2025
b'Mars'
disclosed a bug submitted by
b'kuriyama'
b'Bug Report #23JAN136 (subdomain takeover via shopify )'
02 Sep 2025
b'Mars'
disclosed a bug submitted by
b'kuriyama'
b'Bug Report #23JAN135 (subdomain takeover via shopify )'
02 Sep 2025
b'Mars'
disclosed a bug submitted by
b'kuriyama'
b'RXSS on stores on */visitorRegistration.pml via destination parameter'
02 Sep 2025
b'Mars'
disclosed a bug submitted by
b'blackbird_azar'
b'Order More Than Maximum Allowed Quantity'
02 Sep 2025
b'Mars'
disclosed a bug submitted by
b'egsec'
b'Account Takeover in Password Reset Function'
02 Sep 2025
b'Lichess'
disclosed a bug submitted by
b'albetisi'
b' Unauthorized Blogs Creation'
02 Sep 2025
1
2
3
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM