REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'libssh SFTP initialization ignores CURLOPT_TIMEOUT, hangs indefinitely'
18 May 2026
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'rustls backend silently ignores CURLOPT_CRLFILE when native CA store is active'
18 May 2026
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'HSTS multi-trailing-dot bypass-ish: possible incomplete fix for CVE-2022-30115'
18 May 2026
b'Enjin'
disclosed a bug submitted by
b'ph0r3nsic'
b'Unauthenticated File Upload to CDN'
18 May 2026
b'Rocket.Chat'
disclosed a bug submitted by
b'josan_george'
b'IDOR: autotranslate.translateMessage Full Message Content Leak'
18 May 2026
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'Trailing-dot IPv4 URL bypasses IP-address guard, allows wildcard DNS SAN match'
17 May 2026
b'curl'
disclosed a bug submitted by
b'mulan_dh'
b'NULL pointer dereference in libcurl URL API redirect_url() with CURLU_DEFAULT_SCHEME'
17 May 2026
b'Nextcloud'
disclosed a bug submitted by
b'suul'
b'SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution'
15 May 2026
b'Yuga Labs'
disclosed a bug submitted by
b'r00tsid'
b'Origin IP Exposed waf bypass'
14 May 2026
b'curl'
disclosed a bug submitted by
b'rootofpi_ramesh'
b'Kerberos/SPNEGO Connection Reuse Vulnerability'
14 May 2026
b'AWS VDP'
disclosed a bug submitted by
b'jcow'
b'QuickSight Authorization Bypass: Chat Agents Accessible Despite Custom Permissions Denial'
12 May 2026
b'Liberapay'
disclosed a bug submitted by
b'rox-11'
b'another liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link'
09 May 2026
b'Liberapay'
disclosed a bug submitted by
b'rox-11'
b'Liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link'
09 May 2026
b'Nextcloud'
disclosed a bug submitted by
b'vidang04'
b'Private circle can be added to another circle via API despite visibility restriction'
08 May 2026
b'Nextcloud'
disclosed a bug submitted by
b'0x0doteth'
b'Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner '
08 May 2026
b'Nextcloud'
disclosed a bug submitted by
b'yoyomiski'
b'View-only guests could see deleted Collectives pages in the trashbin'
08 May 2026
b'curl'
disclosed a bug submitted by
b'shecantcode2'
b'mbedTLS private-key blob null-termination asymmetry in lib/vtls/mbedtls.c (mbed_load_privkey)'
07 May 2026
b'Ruby on Rails'
disclosed a bug submitted by
b'ksw9722'
b'ActiveStorage Disk Service Path Traversal via Custom Blob Key Injection'
07 May 2026
b'Monero'
disclosed a bug submitted by
b'rorkh'
b'Critical Deadlock Vulnerability in Monero RPC Leading to Complete Node Paralysis'
06 May 2026
b'Monero'
disclosed a bug submitted by
b'yulge'
b'Connection Count Bug in Monero Node Enables Outbound Peer Reset Attack'
06 May 2026
1
...
7
8
9
10
11
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM