REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
117
geeknik
79
linkks
75
sp1d3rs
68
jobert
67
someonenobbd
60
jon_bottarini
49
haxta4ok00
48
netfuzzer
48
ryat
47
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
Internet Bug Bounty
disclosed a bug submitted by
haqpl
Rails ActionView sanitize helper bypass leading to XSS using SVG tag.
29 Jan 2023
U.S. Dept Of Defense
disclosed a bug submitted by
theinternetofdefcon_
[U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions
27 Jan 2023
U.S. Dept Of Defense
disclosed a bug submitted by
alishah
Reflected XSS on .mil
27 Jan 2023
U.S. Dept Of Defense
disclosed a bug submitted by
maskedpersian
reflected xss in www..gov
27 Jan 2023
U.S. Dept Of Defense
disclosed a bug submitted by
notajax
XSS on ( .gov ) Via URL path
27 Jan 2023
TikTok
disclosed a bug submitted by
mrhavit
IDOR for changing privacy settings on any memories
27 Jan 2023
TikTok
disclosed a bug submitted by
s3c
XSS at TikTok Ads Endpoint
27 Jan 2023
EXNESS
disclosed a bug submitted by
siddharthamx
Verification process done using different documents without corresponding to user information / User information can be changed after verification
27 Jan 2023
8x8
disclosed a bug submitted by
xdopa
wavecell.com: Broken Link Hijacking / Instagram Takeover @
27 Jan 2023
TikTok
disclosed a bug submitted by
mrhavit
Any user can vote on `Friend Only` video pull
27 Jan 2023
GitHub
disclosed a bug submitted by
ahacker1
Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to User's Projects in Project V2 GraphQL api
26 Jan 2023
Cloudflare Public Bug Bounty
disclosed a bug submitted by
albertspedersen
Using special IPv4-mapped IPv6 addresses to bypass local IP ban
24 Jan 2023
Linktree
disclosed a bug submitted by
0xshdax
[song.link] Open Redirect
23 Jan 2023
Slack
disclosed a bug submitted by
pisarenko
XSS on link and window.opener
23 Jan 2023
LocalTapiola
disclosed a bug submitted by
voiddy
Cookie exfiltration through XSS on the main search request of www.lahitapiola.fi
19 Jan 2023
Yelp
disclosed a bug submitted by
rac_fckscty
PURGE is not authenticated
19 Jan 2023
KAYAK
disclosed a bug submitted by
retr02332
1 click Account takeover via deeplink in [com.kayak.android]
19 Jan 2023
HackerOne
disclosed a bug submitted by
reigertje
Private information exposed through GraphQL search endpoints aggregates
19 Jan 2023
Adobe
disclosed a bug submitted by
dreamer_eh
HTML INJECTION on https://adobedocs.github.io/JourneyAPI/ due to outdated SWAGGER UI
17 Jan 2023
Adobe
disclosed a bug submitted by
dreamer_eh
DOM XSS at `https://adobedocs.github.io/indesign-api-docs/?configUrl={site}` due to outdated Swagger UI
17 Jan 2023
1
2
3
4
...
644
BY DENIS WERNER - @NOBBD -
IMPRESSUM