REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
117
geeknik
78
linkks
75
sp1d3rs
68
jobert
64
someonenobbd
58
jon_bottarini
49
haxta4ok00
48
netfuzzer
48
ryat
47
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
8x8
disclosed a bug submitted by
bugkill3r
Exposed kubernetes dashboard
09 Dec 2021
U.S. General Services Administration
disclosed a bug submitted by
alexandrio
[Transportation Management Services Solution 2.0] Improper authorization at tmss.gsa.gov leads to data exposure of all registered users
08 Dec 2021
Semrush
disclosed a bug submitted by
rivalsec
php info file and sql backup at vendor's subdomain
08 Dec 2021
QIWI
disclosed a bug submitted by
avolume
Account Takeover through registration to the same email address
08 Dec 2021
Mail.ru
disclosed a bug submitted by
0xd0ff9
[allods.mail.ru] - WebCache Poisoning Host Header lead to Potential Stored XSS
08 Dec 2021
UPchieve
disclosed a bug submitted by
jupiter-47
CORS origin validation failure
07 Dec 2021
UPchieve
disclosed a bug submitted by
anas_44
Authentication Bypass - Email Verification code bypass in account registration process.
07 Dec 2021
Shopify
disclosed a bug submitted by
scaramouche31
Bypass a fix for report #708013
07 Dec 2021
Open-Xchange
disclosed a bug submitted by
afewgoats
Guard WKS lookup: Evil WKS server forces connections to last forever
07 Dec 2021
Rocket.Chat
disclosed a bug submitted by
cyberasset
Blind XSS
07 Dec 2021
Evernote
disclosed a bug submitted by
neolexsecurity
Full read SSRF in www.evernote.com that can leak aws metadata and local file inclusion
06 Dec 2021
Affirm
disclosed a bug submitted by
xfiltrer
IDOR to view order information of users and personal information
06 Dec 2021
Shopify
disclosed a bug submitted by
jaka_tingkir
xss is triggered on your web
06 Dec 2021
Shopify
disclosed a bug submitted by
rhynorater
[h1-2102] Wholesale - CSRF to Generate Invitation Token for a Customer and Move Customer to Invited Status
06 Dec 2021
Paragon Initiative Enterprises
disclosed a bug submitted by
kashifinfo90
Recaptcha Secret key Leaked
04 Dec 2021
Kubernetes
disclosed a bug submitted by
libio
Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces
04 Dec 2021
Shopify
disclosed a bug submitted by
yinvi777
Staff can use BULK_OPERATIONS_FINISH webhook topic using Graphql without permissions all
04 Dec 2021
TikTok
disclosed a bug submitted by
semsem123
reflected xss on the path m.tiktok.com
03 Dec 2021
TikTok
disclosed a bug submitted by
lewaperbb
IDOR the ability to view support tickets of any user on seller platform
03 Dec 2021
Shopify
disclosed a bug submitted by
c0rv4x
[h1-2102] [Yaworski's Broskis] Suspected overcharge and chargebacks in PoS
03 Dec 2021
1
...
7
8
9
10
11
...
590
BY DENIS WERNER - @NOBBD -
IMPRESSUM
