REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
67
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Radancy'
disclosed a bug submitted by
b'kalendra456'
b'Cross-origin resource sharing: arbitrary origin trusted'
22 Aug 2023
b'Radancy'
disclosed a bug submitted by
b'h03'
b'insecure storage of information, you can view any file uploaded to the server without authentication and only with a single link'
21 Aug 2023
b'Rockstar Games'
disclosed a bug submitted by
b'floorball'
b'Insecure Direct Object Reference allows Crew Invite deletion'
17 Aug 2023
b'Nintendo'
disclosed a bug submitted by
b'crazy_man123'
b'[MK8DX] Improper metadata validation 2'
17 Aug 2023
b'Nintendo'
disclosed a bug submitted by
b'crazy_man123'
b'[MK8DX] Improper metadata parsing'
17 Aug 2023
b'Node.js'
disclosed a bug submitted by
b'mattaustin'
b'Permissions policies can be bypassed via Module._load.'
16 Aug 2023
b'Ruby on Rails'
disclosed a bug submitted by
b'ooooooo_q'
b'Unexpected deserialization in Kredis'
16 Aug 2023
b'TikTok'
disclosed a bug submitted by
b'ashrafabdelrazik'
b'CRLF to XSS & Open Redirection'
16 Aug 2023
b'Internet Bug Bounty'
disclosed a bug submitted by
b'ooooooo_q'
b'CVE-2023-36617: ReDoS vulnerability in URI (Ruby)'
15 Aug 2023
b'Internet Bug Bounty'
disclosed a bug submitted by
b'ooooooo_q'
b'[CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON'
15 Aug 2023
b'Internet Bug Bounty'
disclosed a bug submitted by
b'ooooooo_q'
b'[CVE-2023-27539] Possible Denial of Service Vulnerability in Racks header parsing'
15 Aug 2023
b'Internet Bug Bounty'
disclosed a bug submitted by
b'addisoncrump'
b' Cargo not respecting umask when extracting crate archives'
15 Aug 2023
b'Node.js'
disclosed a bug submitted by
b'tniessen'
b'Renaming/aliasing relative symbolic links potentially redirects them to supposedly inaccessible locations'
15 Aug 2023
b'Yelp'
disclosed a bug submitted by
b'lil_endian'
b'yelp.com XSS ATO (via login keylogger, link Google account)'
15 Aug 2023
b'Snapchat'
disclosed a bug submitted by
b'jotita3'
b'HTML injection on newsroom.snap.com/* via search?q=1'
14 Aug 2023
b'Nextcloud'
disclosed a bug submitted by
b'fr4via'
b"Path traversal allows tricking the Talk Android app into writing files into it's root directory "
14 Aug 2023
b'ImpressCMS'
disclosed a bug submitted by
b'cyberinsane'
b'SQL Injection in version 1.4.3 and below'
12 Aug 2023
b'Node.js'
disclosed a bug submitted by
b'haxatron1'
b'fs.mkdtemp() and fs.mkdtempSync() are missing getValidatedPath() checks.'
11 Aug 2023
b'Node.js'
disclosed a bug submitted by
b'haxatron1'
b'Permission model bypass by specifying a path traversal sequence in a buffer, '
11 Aug 2023
b'Node.js'
disclosed a bug submitted by
b'haxatron1'
b'Policy-restricted modules can escalate to higher privileges by impersonating other modules in a policy list using module.constructor.createRequire()'
11 Aug 2023
1
...
83
84
85
86
87
...
752
BY DENIS WERNER - @NOBBD -
IMPRESSUM
