REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Shopify'
disclosed a bug submitted by
b'ssilvass'
b'Reflected XSS on help.shopify.com'
25 Jan 2024
b'Enjin'
disclosed a bug submitted by
b'tushar_rec0n'
b'Lack of Tenant Scoping Enables Limited Cross-Tenant Data Querying and Mutation'
25 Jan 2024
b'Sony'
disclosed a bug submitted by
b'testingforbugs'
b'SQL injection at '
24 Jan 2024
b'CS Money'
disclosed a bug submitted by
b'benjamin-mauss'
b'Html injection on subscription email'
23 Jan 2024
b'Shopify'
disclosed a bug submitted by
b'callmed0_4'
b'Staff without Manage Themes permissions can update themes'
23 Jan 2024
b'A.S. Watson Group '
disclosed a bug submitted by
b'alp'
b'PII Disclosure At `theperfumeshop.com/register/forOrder`'
23 Jan 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'cxshakal'
b'curl HSTS long file name clears contents '
20 Jan 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'marshallofsound'
b'ASAR Integrity bypass via filetype confusion'
20 Jan 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'ranjit_p'
b'Cookie headers are not cleared in cross-domain redirect in undici-fetch'
20 Jan 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'tniessen'
b'Path traversal through path stored in Uint8Array in Node.js 20'
20 Jan 2024
b'Mozilla Critical Services'
disclosed a bug submitted by
b'0x90security'
b'Remote code execution and exfiltration of secret tokens by poisoning the mozilla/fxa CI build cache'
20 Jan 2024
b'HackerOne'
disclosed a bug submitted by
b'aleklebio7'
b'Some limited confidential information can still be accessed after a user exits a private program'
19 Jan 2024
b'Enjin'
disclosed a bug submitted by
b'alpernae'
b'Weak Email Verification: Newly Registered Users Can Bypass Email Verification Step and Log In'
19 Jan 2024
b'Enjin'
disclosed a bug submitted by
b'alpernae'
b'Revocation API Token by Bypassing The XSRF Token'
19 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'ryotak'
b'Authentication bypass in Global Site Selector allows an attacker to log in as any user'
18 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'ryotak'
b'Improper handling of request URLs in nextcloud/guests allows guest users to bypass app allowlist'
18 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'ryotak'
b'Non-admin users can reset app allowlist to the default'
18 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'ryotak'
b'Open redirect in user_saml via RelayState parameter'
18 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'hackit_bharat'
b'Self XSS when sending HTML as a comment in the Deck app'
18 Jan 2024
b'LY Corporation'
disclosed a bug submitted by
b'mheranco'
b'Reflected XSS on https://travel.line.me'
18 Jan 2024
1
...
53
54
55
56
57
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM
