REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
67
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Nintendo'
disclosed a bug submitted by
b'hana2736'
b'Splatoon 3 Anticheat Seed Randomization Weakness'
19 Feb 2026
b'Nintendo'
disclosed a bug submitted by
b'kinnay'
b'ASLR leak in Mario Kart World through LAN mode'
19 Feb 2026
b'Automattic'
disclosed a bug submitted by
b'georgestephanis'
b'XSS Vulnerability on Pressable/Atomic Hosting Platform via unescaped admin notices leads to code execution'
18 Feb 2026
b'Sony'
disclosed a bug submitted by
b'vortekx'
b'Improper State Validation on Sony WH-CH520 via BLE Command Service leads to unauthorized Bluetooth pairing and audio hijacking'
17 Feb 2026
b'Node.js'
disclosed a bug submitted by
b'0xmaxhax'
b'TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak'
12 Feb 2026
b'Node.js'
disclosed a bug submitted by
b'winfunc'
b'Node.js permission model bypass via unchecked Unix Domain Socket connections (UDS)'
12 Feb 2026
b'Node.js'
disclosed a bug submitted by
b'aaron_vercel'
b'Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers'
12 Feb 2026
b'Node.js'
disclosed a bug submitted by
b'giant_anteater'
b'Memory leak that enables remote Denial of Service against applications processing TLS client certificates'
12 Feb 2026
b'Node.js'
disclosed a bug submitted by
b'chalker'
b'Timeout-based race conditions make Uint8Array/Buffer.alloc non-zerofilled'
12 Feb 2026
b'Node.js'
disclosed a bug submitted by
b'natann'
b'FS Permissions Bypass'
12 Feb 2026
b'Nextcloud'
disclosed a bug submitted by
b'se1en'
b'Mail stored HTML injection in subject text'
12 Feb 2026
b'Omise'
disclosed a bug submitted by
b'alitoni224'
b'Cache Pollution via Unkeyed GET Parameters on www.omise.co'
11 Feb 2026
b'AWS VDP'
disclosed a bug submitted by
b'aneeeketh'
b'Unlimited Reuse of Coupon Code Allows Free Shipping on All Orders on '
09 Feb 2026
b'Django'
disclosed a bug submitted by
b'sy2n0'
b'ASGIRequest header concatenation quadratic CPU DoS on Django via repeated headers leads to worker exhaustion'
09 Feb 2026
b'Nextcloud'
disclosed a bug submitted by
b'se1en'
b'WebAuthn app was updated based on public key'
06 Feb 2026
b'curl'
disclosed a bug submitted by
b'pajarori'
b'MQTT Protocol Packet Injection via Unchecked CONNACK Remaining Length'
05 Feb 2026
b'Django'
disclosed a bug submitted by
b'stackered'
b'User enumeration via timing attack in Django mod_wsgi authentication backend leads to account discovery'
04 Feb 2026
b'GoCD'
disclosed a bug submitted by
b'aigirl'
b'Information Disclosure via Logback Configuration Injection in GoCD Agent'
04 Feb 2026
b'LinkedIn'
disclosed a bug submitted by
b'allenjo'
b'Previous commentor on post can still comment even after comment permission is changed to disabled'
03 Feb 2026
1
2
3
...
752
BY DENIS WERNER - @NOBBD -
IMPRESSUM
