Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'fxv_ray_st' 
b'MQTT state machine confusion: PINGRESP/DISCONNECT with non-zero remaining_length dispatches to stale nextstate'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'nadsec42' 
b'Use-After-Free in SMB connection reuse (req->path dangling pointer after needle destruction)'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'anonymous_237' 
b'Negotiate connection reuse with wrong credentials when using CURLAUTH_ANY '
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'sdainard' 
b'Negotiate Authentication Premature on Connection Reuse'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'xkilua' 
b'CVE-2026-7168: cross-proxy Digest auth state leak'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'3lcarry' 
b'CVE-2026-7009: OCSP stapling bypass with Apple SecTrust'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'joesephdiver' 
b'CVE-2026-6253: proxy credentials leak over redirect-to proxy'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'quaccws' 
b'CVE-2026-5545: wrong reuse of HTTP Negotiate connection'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'arkss' 
b'CVE-2026-6276: stale custom cookie host causes cookie leak'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'nobcoderr' 
b'CVE-2026-6429: netrc credential leak with reused proxy connection'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'bonaire' 
b'CVE-2026-4873: connection reuse ignores TLS requirement'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'osama-hamad' 
b'CVE-2026-5773: wrong reuse of SMB connection'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'm1llie' 
b'Use-after-free in `curl_easy_ssls_export()` during callback re-entrancy'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'h3zh3z' 
b'Heap-buffer-overflow in `Curl_ssl_push_certinfo_len()` sole bounds check is `DEBUGASSERT`'
29 Apr 2026 timeline
b'curl' disclosed a bug submitted by b'wi110w' 
b'Stack exhaustion in MIME multipart reading with deeply nested subparts'
29 Apr 2026 timeline
b'PlayStation' disclosed a bug submitted by b'gezine' 
b'PS4 BD-J privilege escalation using nested JAR'
29 Apr 2026 timeline
b'IBM' disclosed a bug submitted by b'jhon1231248e' 
b'IBM Aspera HTTP Gateway stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.'
27 Apr 2026 timeline
b'Mozilla' disclosed a bug submitted by b'icecream_23' 
b'Bypass of Restricted Keyword "Mozilla" in Display Name Field via Unicode Homoglyphs on addons.allizom.org'
27 Apr 2026 timeline
b'pixiv' disclosed a bug submitted by b'aaqibhussain' 
b'Bypassing Inbox Privacy Settings and Enabling Spam on Pixiv.net'
27 Apr 2026 timeline
1 2 3 ... 760
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM