REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
81
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
52
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'KHealth'
disclosed a bug submitted by
b'eneri'
b'Information disclouser from URL parameter "access" lead to Account Takeover'
07 Apr 2025
b'Adobe'
disclosed a bug submitted by
b'jf0x0r'
b'Disclosure of git metadata and springboot actuator information'
07 Apr 2025
b'HackerOne'
disclosed a bug submitted by
b'avinash_'
b'The /reports/:id.json endpoint discloses potentially sensitive user attributes when reporter summary is present'
01 Apr 2025
b'Informatica'
disclosed a bug submitted by
b'growler09'
b'No rate limiting on form[register]'
28 Mar 2025
b'Hemi VDP'
disclosed a bug submitted by
b'aaravhex'
b'Cloudflare WAF Bypass - Origin IP Exposure'
27 Mar 2025
b'Shopify'
disclosed a bug submitted by
b'ooooooo_q'
b'HTTP Response Header Injection in shopify/pitchfork + Rack 3'
27 Mar 2025
b'Brave Software'
disclosed a bug submitted by
b'canalun'
b'Null Pointer Dereference by Crafted Response from AI Model'
26 Mar 2025
b'AWS VDP'
disclosed a bug submitted by
b'nick_frichette_dd'
b'Non-Production API Endpoints for the Forecast Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration'
24 Mar 2025
b'Autodesk'
disclosed a bug submitted by
b'yunxohang'
b'Twitter broken link hijacking in thewild.com'
24 Mar 2025
b'Trendyol'
disclosed a bug submitted by
b'samark19'
b'Cache Poisoning Allows Zero Interaction Store XSS'
22 Mar 2025
b'Shopify'
disclosed a bug submitted by
b'samux'
b'Limited Privilege User Can Create Unauthorized Referrals on partners.shopify.com'
20 Mar 2025
b'Autodesk'
disclosed a bug submitted by
b'metereorpreter'
b'SSRF in Autodesk Rendering leading to account takeover'
18 Mar 2025
b'Autodesk'
disclosed a bug submitted by
b'khoof'
b'Django Debug Mode Enabled - Information Disclosure on api.wwm-dev.autodesk.com'
18 Mar 2025
b'Nextcloud'
disclosed a bug submitted by
b'vulnerability_is_here'
b'Sensitive Information Disclosure via Back Button Post Logout on https://apps.nextcloud.com/account/'
16 Mar 2025
b'Drugs.com'
disclosed a bug submitted by
b'dedoxd2'
b'2FA Bypass leads to impersonation of legimate users'
14 Mar 2025
b'Autodesk'
disclosed a bug submitted by
b'the-white-evil'
b'Stored Cross-Site Scripting found in custom integration app on https://admin.b360.autodesk.com.'
14 Mar 2025
b'MercadoLibre'
disclosed a bug submitted by
b'elmago'
b'Stored Cross-Site Scripting in mercadopago.com.ar'
13 Mar 2025
b'HackerOne'
disclosed a bug submitted by
b'sarthakbhingare015'
b'Domain highlighting on External link warning is not working on Chrome & Microsoft Edge browsers on Mobile'
13 Mar 2025
b'PortSwigger Web Security'
disclosed a bug submitted by
b'floyd'
b'cgi scripts wordlist entry for windmail.exe has payload that sends arbitrary file read result to third-party'
13 Mar 2025
b'AWS VDP'
disclosed a bug submitted by
b'nick_frichette_dd'
b'Non-Production API Endpoints for the DocumentDB Elastic Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration'
11 Mar 2025
1
...
7
8
9
10
11
...
732
BY DENIS WERNER - @NOBBD -
IMPRESSUM
