REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
81
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
52
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'curl'
disclosed a bug submitted by
b'catenacyber'
b'Use after free (read) in curl_multi_perform with DoH and Proxy options, and resolve timeouts'
06 Mar 2025
b'AWS VDP'
disclosed a bug submitted by
b'xendaviour'
b'Session Timeout Does Not Enforce Re-Authentication on AWS Access Portal'
05 Mar 2025
b'Autodesk'
disclosed a bug submitted by
b'khoof'
b'CVE-2023-5561 on Payapps.com'
05 Mar 2025
b'AWS VDP'
disclosed a bug submitted by
b'nick_frichette_dd'
b'Non-Production API Endpoints for the Device Farm Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration'
04 Mar 2025
b'AWS VDP'
disclosed a bug submitted by
b'hemant1'
b'Sensitive API Key Leakage'
04 Mar 2025
b'MTN Group'
disclosed a bug submitted by
b'trev0ck'
b'Ability to Add and Verify Uncontrolled Mobile Numbers Leading to Account Takeover (ATO)'
04 Mar 2025
b'MTN Group'
disclosed a bug submitted by
b'hafiz-ng'
b'Broken Access Control leads to disclosure of transaction history via /v2/rechargeTransactionHistory endpoint'
02 Mar 2025
b'MTN Group'
disclosed a bug submitted by
b'tinopreter'
b'Admin Dashboard Access Leads to Updating Merchant Info'
02 Mar 2025
b'Autodesk'
disclosed a bug submitted by
b'the-white-evil'
b'Stored XSS via Post Tittle Enabling Non-Privileged User to Privileged User Exploitation on https://forums.autodesk.com/'
26 Feb 2025
b'AWS VDP'
disclosed a bug submitted by
b'nick_frichette_dd'
b'Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration'
26 Feb 2025
b'PortSwigger Web Security'
disclosed a bug submitted by
b'iamunixtz'
b'Burp Suite extensions can execute arbitrary code'
26 Feb 2025
b'Sorare'
disclosed a bug submitted by
b'tinine'
b'Unsufficent input verification leads to DoS and resource consumption'
26 Feb 2025
b'GitLab'
disclosed a bug submitted by
b'asterion04'
b'Account Takeover via Password Reset without user interactions'
26 Feb 2025
b'AWS VDP'
disclosed a bug submitted by
b'nick_frichette_dd'
b'Amazon Comprehend Medical Service Reporting "AWS Internal" for CloudTrail Events Generated from FIPS Endpoints'
25 Feb 2025
b'Hemi VDP'
disclosed a bug submitted by
b'muralidharan_1530'
b'Broken X (Twitter) link on hemi.xyz/about'
25 Feb 2025
b'Reddit'
disclosed a bug submitted by
b'la_revoltage'
b'Exposed proxy allows to access internal reddit domains'
24 Feb 2025
b'MTN Group'
disclosed a bug submitted by
b'offensiveops'
b'Information disclosure due to debug mode enabled at Laravel instance https://mpos.mtn.co.sz/ '
23 Feb 2025
b'MTN Group'
disclosed a bug submitted by
b'h0w'
b'CVE-2023-41763 Business Elevation of Privilege vulnerability on [.mtn.com]'
22 Feb 2025
b'MTN Group'
disclosed a bug submitted by
b'h0w'
b'Unauthorized access to PII leads to Administrator account Takeover'
22 Feb 2025
b'WakaTime'
disclosed a bug submitted by
b'm_kamal'
b'User Email Disclosure via ID-Based Invitation'
22 Feb 2025
1
...
8
9
10
11
12
...
731
BY DENIS WERNER - @NOBBD -
IMPRESSUM