REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
63
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'arkadiyt-projects'
disclosed a bug submitted by
b'newby99'
b'DNS Rebinding Attack'
19 Oct 2025
b'arkadiyt-projects'
disclosed a bug submitted by
b'newby99'
b'Arbitrary File Write'
19 Oct 2025
b'Discourse'
disclosed a bug submitted by
b'theteatoast'
b'Application Level DoS - Large Markdown Payload in Reply Section Leading to Resource Exhaustion'
18 Oct 2025
b'PlayStation'
disclosed a bug submitted by
b'theflow0'
b'Blu-ray Disc Java Sandbox Escape via two vulnerabilities '
18 Oct 2025
b'curl'
disclosed a bug submitted by
b'spolu-dust'
b'SMTP Command Injection Vulnerability in libcurl 8.16.0 via RFC 3461 Suffix'
17 Oct 2025
b'Nextcloud'
disclosed a bug submitted by
b'daroo'
b'Path Traversal Vulnerability in Nextcloud Tables Enables Arbitrary File Exfiltration of Any Files Supported by PhpSpreadsheet Library'
16 Oct 2025
b'Dynatrace'
disclosed a bug submitted by
b'remiec'
b'OneAgent Unprivileged NTLM User Coercion'
15 Oct 2025
b'Brave Software'
disclosed a bug submitted by
b'mingijung'
b'SameSite restrictions are lifted, and SameSite:Strict cookie are being sent.'
15 Oct 2025
b'Tucows (VDP)'
disclosed a bug submitted by
b'1prince1'
b'Unauthenticated Access Control Bypass Private WordPress Post Disclosure (Outdated WordPress 4.9.40)'
14 Oct 2025
b'Tucows (VDP)'
disclosed a bug submitted by
b'1prince1'
b'Information Disclosure via Accessible debug.log on ExactHosting'
14 Oct 2025
b'curl'
disclosed a bug submitted by
b'nyymi'
b'Missing enforcement of SFTP quote syntax can lead to operation on wrong object'
12 Oct 2025
b'Tucows (VDP)'
disclosed a bug submitted by
b'kanon4'
b'CSRF allowing unauthorized modification of user Notes on '
10 Oct 2025
b'Tucows (VDP)'
disclosed a bug submitted by
b'emad2466'
b'Vulnerability: XML-RPC Interface Enabled and Accessible'
10 Oct 2025
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'Apple SecTrust legacy path accepts untrusted certificates on pre-10.14 macOS/iOS when built with USE_APPLE_SECTRUST'
09 Oct 2025
b'PortSwigger Web Security'
disclosed a bug submitted by
b'farmer'
b'DNS Rebinding SSRF in Burp Suite MCP Server Enables Internal Network Access via send_http1_request Tool'
08 Oct 2025
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'OpenSSL backend: X509 peer certificate not freed in ossl_get_channel_binding causes per-request memory leak (DoS risk for long-lived clients)'
08 Oct 2025
b'Omise'
disclosed a bug submitted by
b'mantu1738'
b'Pending invites remain valid even after the inviter is removed.'
08 Oct 2025
b'SingleStore'
disclosed a bug submitted by
b'4x4'
b'Exceeding the limit of Workspaces via Race Condition'
06 Oct 2025
b'curl'
disclosed a bug submitted by
b'donutshunter'
b'Unsanitized IPFS CID Allows SSRF Against Configured Gateway'
03 Oct 2025
1
2
3
...
740
BY DENIS WERNER - @NOBBD -
IMPRESSUM
