REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
65
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'curl'
disclosed a bug submitted by
b'idris_0x'
b'Use of Deprecated strcpy() with User-Controlled Environment Variable in Memory Debug Initialization'
22 Oct 2025
b'curl'
disclosed a bug submitted by
b'idris_0x'
b'Use of Deprecated strcpy() with Fixed-Size Buffers in Progress Time Formatting'
22 Oct 2025
b'Revive Adserver'
disclosed a bug submitted by
b'env_bak'
b'Reflected Cross-Site Scripting (XSS) in Revive Adserver 5.5.2'
22 Oct 2025
b'SingleStore'
disclosed a bug submitted by
b'axolot23'
b'2FA bypass possible on https://authsvc.singlestore.com'
22 Oct 2025
b'curl'
disclosed a bug submitted by
b'aybanda'
b'Buffer Overflow in WebSocket Handshake (lib/ws.c:1287)'
21 Oct 2025
b'arkadiyt-projects'
disclosed a bug submitted by
b'newby99'
b'DNS Rebinding Attack'
19 Oct 2025
b'arkadiyt-projects'
disclosed a bug submitted by
b'newby99'
b'Arbitrary File Write'
19 Oct 2025
b'Discourse'
disclosed a bug submitted by
b'theteatoast'
b'Application Level DoS - Large Markdown Payload in Reply Section Leading to Resource Exhaustion'
18 Oct 2025
b'PlayStation'
disclosed a bug submitted by
b'theflow0'
b'Blu-ray Disc Java Sandbox Escape via two vulnerabilities '
18 Oct 2025
b'curl'
disclosed a bug submitted by
b'spolu-dust'
b'SMTP Command Injection Vulnerability in libcurl 8.16.0 via RFC 3461 Suffix'
17 Oct 2025
b'Nextcloud'
disclosed a bug submitted by
b'daroo'
b'Path Traversal Vulnerability in Nextcloud Tables Enables Arbitrary File Exfiltration of Any Files Supported by PhpSpreadsheet Library'
16 Oct 2025
b'Dynatrace'
disclosed a bug submitted by
b'remiec'
b'OneAgent Unprivileged NTLM User Coercion'
15 Oct 2025
b'Brave Software'
disclosed a bug submitted by
b'mingijung'
b'SameSite restrictions are lifted, and SameSite:Strict cookie are being sent.'
15 Oct 2025
b'Tucows (VDP)'
disclosed a bug submitted by
b'1prince1'
b'Unauthenticated Access Control Bypass Private WordPress Post Disclosure (Outdated WordPress 4.9.40)'
14 Oct 2025
b'Tucows (VDP)'
disclosed a bug submitted by
b'1prince1'
b'Information Disclosure via Accessible debug.log on ExactHosting'
14 Oct 2025
b'curl'
disclosed a bug submitted by
b'nyymi'
b'Missing enforcement of SFTP quote syntax can lead to operation on wrong object'
12 Oct 2025
b'Tucows (VDP)'
disclosed a bug submitted by
b'kanon4'
b'CSRF allowing unauthorized modification of user Notes on '
10 Oct 2025
b'Tucows (VDP)'
disclosed a bug submitted by
b'emad2466'
b'Vulnerability: XML-RPC Interface Enabled and Accessible'
10 Oct 2025
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'Apple SecTrust legacy path accepts untrusted certificates on pre-10.14 macOS/iOS when built with USE_APPLE_SECTRUST'
09 Oct 2025
b'PortSwigger Web Security'
disclosed a bug submitted by
b'farmer'
b'DNS Rebinding SSRF in Burp Suite MCP Server Enables Internal Network Access via send_http1_request Tool'
08 Oct 2025
1
...
4
5
6
7
8
...
745
BY DENIS WERNER - @NOBBD -
IMPRESSUM
