REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
51
b'haxta4ok00'
49
b'jon_bottarini'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'MTN Group'
disclosed a bug submitted by
b'hafiz-ng'
b'Broken Access Control leads to disclosure of transaction history via /v2/rechargeTransactionHistory endpoint'
02 Mar 2025
b'MTN Group'
disclosed a bug submitted by
b'tinopreter'
b'Admin Dashboard Access Leads to Updating Merchant Info'
02 Mar 2025
b'Autodesk'
disclosed a bug submitted by
b'the-white-evil'
b'Stored XSS via Post Tittle Enabling Non-Privileged User to Privileged User Exploitation on https://forums.autodesk.com/'
26 Feb 2025
b'AWS VDP'
disclosed a bug submitted by
b'nick_frichette_dd'
b'Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration'
26 Feb 2025
b'PortSwigger Web Security'
disclosed a bug submitted by
b'iamunixtz'
b'Burp Suite extensions can execute arbitrary code'
26 Feb 2025
b'Sorare'
disclosed a bug submitted by
b'tinine'
b'Unsufficent input verification leads to DoS and resource consumption'
26 Feb 2025
b'GitLab'
disclosed a bug submitted by
b'asterion04'
b'Account Takeover via Password Reset without user interactions'
26 Feb 2025
b'AWS VDP'
disclosed a bug submitted by
b'nick_frichette_dd'
b'Amazon Comprehend Medical Service Reporting "AWS Internal" for CloudTrail Events Generated from FIPS Endpoints'
25 Feb 2025
b'Hemi VDP'
disclosed a bug submitted by
b'muralidharan_1530'
b'Broken X (Twitter) link on hemi.xyz/about'
25 Feb 2025
b'Reddit'
disclosed a bug submitted by
b'la_revoltage'
b'Exposed proxy allows to access internal reddit domains'
24 Feb 2025
b'MTN Group'
disclosed a bug submitted by
b'offensiveops'
b'Information disclosure due to debug mode enabled at Laravel instance https://mpos.mtn.co.sz/ '
23 Feb 2025
b'MTN Group'
disclosed a bug submitted by
b'h0w'
b'CVE-2023-41763 Business Elevation of Privilege vulnerability on [.mtn.com]'
22 Feb 2025
b'MTN Group'
disclosed a bug submitted by
b'h0w'
b'Unauthorized access to PII leads to Administrator account Takeover'
22 Feb 2025
b'WakaTime'
disclosed a bug submitted by
b'm_kamal'
b'User Email Disclosure via ID-Based Invitation'
22 Feb 2025
b'Autodesk'
disclosed a bug submitted by
b'alphahacks'
b'Insecure Direct Object Reference (IDOR) in GraphQL deleteProfileImages Mutation'
21 Feb 2025
b'Hemi VDP'
disclosed a bug submitted by
b'ahmednasr1'
b'Sensitive launch.json File Exposed on Public Server'
21 Feb 2025
b'Nextcloud'
disclosed a bug submitted by
b'lukasreschke'
b'Possible to enumerate valid files in password protected shares/files drop shares as well as spam folder with files'
21 Feb 2025
b'TikTok'
disclosed a bug submitted by
b'p_oria'
b'IDOR on ads.tiktok.com Allows Unauthorized Product Addition'
20 Feb 2025
b'Ruby'
disclosed a bug submitted by
b'l33thaxor'
b'Uncontrolled Resource Consumption when parsing maliciously crafted XML with REXML'
20 Feb 2025
b'MTN Group'
disclosed a bug submitted by
b'offensiveops'
b'Unauthenticated phpinfo()files could lead to ability file read at h2f54.n1.ips.mtn.co.ug [/dashboard/]'
20 Feb 2025
1
2
3
4
...
723
BY DENIS WERNER - @NOBBD -
IMPRESSUM