REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
52
b'haxta4ok00'
49
b'jon_bottarini'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'SHEIN'
disclosed a bug submitted by
b'x1337loser'
b'RCE via npm misconfig -- installing internal libraries from the public registry'
08 Jul 2023
b'MetaMask'
disclosed a bug submitted by
b'hackerontwowheels'
b'Arbitrary file write triggered by deeplink abuse - MetaMask Android'
07 Jul 2023
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'mega7'
b'Basic XSS [WAF Bypasses]'
07 Jul 2023
b'HackerOne'
disclosed a bug submitted by
b'light3r'
b'Banned user still able to invited to reports as a collabrator and reset the password'
06 Jul 2023
b'Rockstar Games'
disclosed a bug submitted by
b'0xshivam'
b'Improper Authentication inside the Rockstar Games Launcher which leads to Account takeover to some extend'
05 Jul 2023
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'Internal machine learning API endpoint for CWE classification is vulnerable to path traversal'
05 Jul 2023
b'inDrive'
disclosed a bug submitted by
b'mikejohnson_1'
b'inDriver Job - Admin Approval Bypass'
05 Jul 2023
b'Newegg'
disclosed a bug submitted by
b'team_tsk'
b'Endpoint disclosing user password'
05 Jul 2023
b'MetaMask'
disclosed a bug submitted by
b'renekroka'
b'MetaMask Browser URL and Transaction Origin Spoofing - Metamask wallet Android & Metamask wallet iOS'
04 Jul 2023
b'HackerOne'
disclosed a bug submitted by
b'0xrayan1996'
b'An attacker can can view any hacker email via /SaveCollaboratorsMutation operation name '
04 Jul 2023
b'Python Cryptographic Authority'
disclosed a bug submitted by
b'skin'
b'Error Page Content Spoofing or Text Injection'
03 Jul 2023
b'Stripe'
disclosed a bug submitted by
b'peterldowns'
b"The `stripe/veneur` GitHub repository links to a domain `veneur.org`, which is not under stripe's control"
03 Jul 2023
b'WordPress'
disclosed a bug submitted by
b'zoczus'
b'wp-embed XSS on Safari'
01 Jul 2023
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'codeslayer137'
b'Blind Sql Injection https:/'
30 Jun 2023
b'Internet Bug Bounty'
disclosed a bug submitted by
b'bensmyth'
b"DiffieHellman doesn't generate keys after setting a key"
30 Jun 2023
b'inDrive'
disclosed a bug submitted by
b'bogdantcaciuc'
b'Full access to InDrive jira panel via exposed API token '
28 Jun 2023
b'inDrive'
disclosed a bug submitted by
b'spongebhav'
b"Rider can forcefully get passenger's order accepted resulting in multiple impacts including PII reveal and more mentioned in the report."
28 Jun 2023
b'Ruby on Rails'
disclosed a bug submitted by
b'vairelt'
b'Escape Sequence Injection vulnerability in Rack'
28 Jun 2023
b'Ruby on Rails'
disclosed a bug submitted by
b'ghiculescu'
b'Possible DOS in app with crashing `exceptions_app`'
28 Jun 2023
b'Nextcloud'
disclosed a bug submitted by
b'bhmth'
b'User scoped external storage can be used to gather credentials of other users '
27 Jun 2023
1
...
60
61
62
63
64
...
724
BY DENIS WERNER - @NOBBD -
IMPRESSUM
