Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'56 
b'ooooooo_q'50 
b'jon_bottarini'49 
b'haxta4ok00'48 

the unofficial HackerOne disclosure timeline.

X
b'Linktree' disclosed a bug submitted by b'dewcode91' 
b'A malicious admin can be able to permanently disable a Owner(Admin) to access his account'
25 Oct 2022 timeline
b'TikTok' disclosed a bug submitted by b'tw4v3sx' 
b'Remotely Accessible Container Advisor exposed performance metrics and resource usage'
24 Oct 2022 timeline
b'Lark Technologies' disclosed a bug submitted by b'snapsec' 
b"IDOR Allows Viewer to Delete Bin's Files"
24 Oct 2022 timeline
b'Lark Technologies' disclosed a bug submitted by b'snapsec' 
b'Viewer is able to leak the previous versions of the file'
24 Oct 2022 timeline
b'Yelp' disclosed a bug submitted by b'whitehacker18' 
b'installed.json sensitive file was publicly accessible on your web application which discloses information about authors and admins '
22 Oct 2022 timeline
b'U.S. General Services Administration' disclosed a bug submitted by b'ahmed0x0mahmoud' 
b'access nagios dashboard using default credentials in ** omon1.fpki.gov, 3.220.248.203**'
21 Oct 2022 timeline
b'Krisp' disclosed a bug submitted by b'n0_m3rcy' 
b'Full payment bypass to use premium subscription.'
21 Oct 2022 timeline
b'Hyperledger' disclosed a bug submitted by b'shakedreiner' 
b'POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network. '
20 Oct 2022 timeline
b'Lark Technologies' disclosed a bug submitted by b'imran_nisar' 
b'Removed user can still view comments on the file/documents.'
20 Oct 2022 timeline
b'Lark Technologies' disclosed a bug submitted by b'imran_nisar' 
b'Ability to View Non-Permitted Admin Log'
20 Oct 2022 timeline
b'Lark Technologies' disclosed a bug submitted by b'imran_nisar' 
b'[CSRF] No Csrf protection against sending invitation to join the team.'
20 Oct 2022 timeline
b'Stripe' disclosed a bug submitted by b'mr_asg' 
b'Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/ '
19 Oct 2022 timeline
b'Stripe' disclosed a bug submitted by b'gregxsunday' 
b"Local applications from user's computer can listen for webhooks via insecure gRPC server from stripe-cli"
19 Oct 2022 timeline
b'U.S. General Services Administration' disclosed a bug submitted by b'toormund' 
b'User information disclosed via API'
19 Oct 2022 timeline
b'Stripe' disclosed a bug submitted by b'sim4n6' 
b'Bypassing domain deny_list rule in Smokescreen via double brackets [[]] which leads to SSRF'
19 Oct 2022 timeline
b'Stripe' disclosed a bug submitted by b'mustafa_farrag' 
b'Tomcat Servlet Examples accessible at https://44.240.33.83:38443 and https://52.36.56.155:38443'
19 Oct 2022 timeline
b'Stripe' disclosed a bug submitted by b'mr_asg' 
b'Fully TaxJar account control and ability to disclose and modify business account settings Due to Broken Access Control in /current_user_data'
19 Oct 2022 timeline
b'Automattic' disclosed a bug submitted by b'ug0x01' 
b'IDOR able to buy a plan with lesser fee'
19 Oct 2022 timeline
b'Adobe' disclosed a bug submitted by b'dreamer_eh' 
b'DOM XSS at `https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site}` due to outdated Swagger UI'
19 Oct 2022 timeline
b'Lark Technologies' disclosed a bug submitted by b'imran_nisar' 
b'Users Without Permission Can Download Restricted Files'
18 Oct 2022 timeline
1 ... 85 86 87 88 89 ... 717
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM