Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'0xshakib0x04' 
b'MQTT: unsigned integer underflow bypasses MAX_MQTT_MESSAGE_SIZE check'
13 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'gudyuu' 
b'integer Overflow in MQTT Protocol Handling Allows Bypassing Message Size Limit'
13 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'moha1sd' 
b'Information Disclosure in API Endpoint /users'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'l0rdv0ld3m0r7' 
b'Publicly Accessible CDN Endpoint Exposing XML Metadata (including ETag)'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'exec_iq' 
b'Create account without auth via response manipulation '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'xgoon' 
b'Information Disclosure via Publicly Accessible Debug Log'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'saqib98' 
b'Debug Info disclose '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'0xkarim_dix' 
b'Reflected XSS Vulnerability in SSL VPN Endpoint CVE-2025-0133'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'aramx4' 
b'Reflected XSS via user Parameter in /ssl-vpn/getconfig.esp'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'aramx4' 
b'Reflected XSS via user Parameter on getconfig.esp Endpoint'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'bewgsy' 
b'XSS on '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'jonasdiasrebelo' 
b'Cross-Site Scripting via URL on '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'jonasdiasrebelo' 
b"Cross-Site Scripting via 'currentImage' parameter"
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'jonasdiasrebelo' 
b"Cross-Site Scripting via 'wikitext' parameter"
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'jonasdiasrebelo' 
b'Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'jonasdiasrebelo' 
b'Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'jonasdiasrebelo' 
b'Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'jonasdiasrebelo' 
b'Cross-Site Scripting via URL on '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'jonasdiasrebelo' 
b'Cross-Site Scripting via URL on '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'jonasdiasrebelo' 
b"Cross-Site Scripting via 'RAISED_FUNDS_DESC' parameter"
12 Jan 2026 timeline
1 2 3 4 ... 751
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM