Top10 publishers:
bobrov117 
geeknik79 
linkks75 
sp1d3rs68 
jobert66 
someonenobbd60 
jon_bottarini49 
netfuzzer48 
haxta4ok0048 
ryat47 

the unofficial HackerOne disclosure timeline.

X
Adobe disclosed a bug submitted by gdattacker 
Main Domain Takeover at https://www.marketo.net/
26 Sep 2022 timeline
MTN Group disclosed a bug submitted by possowski 
Reflected xss on videostore.mtnonline.com
25 Sep 2022 timeline
Internet Bug Bounty disclosed a bug submitted by haxatron1 
[CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname
23 Sep 2022 timeline
Internet Bug Bounty disclosed a bug submitted by happyhacking123 
CVE-2022-35948: CRLF Injection in Nodejs undici via Content-Type
23 Sep 2022 timeline
Internet Bug Bounty disclosed a bug submitted by happyhacking123 
CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag
23 Sep 2022 timeline
Basecamp disclosed a bug submitted by fr4via 
com.basecamp.bc3 Webview Javascript Injection and JS bridge takeover
23 Sep 2022 timeline
Reddit disclosed a bug submitted by lu3ky-13 
Open Redirect on www.redditinc.com via `failed` query param
22 Sep 2022 timeline
GitLab disclosed a bug submitted by joaxcar 
Content injection in Jira issue title enabling sending arbitrary POST request as victim
22 Sep 2022 timeline
GitLab disclosed a bug submitted by joaxcar 
Unauthenticated IP allowlist bypass when accessing job artifacts through gitlab pages at `{group_id}.gitlab.io`
22 Sep 2022 timeline
Rocket.Chat disclosed a bug submitted by gronke 
getUsersOfRoom discloses users in private channels
22 Sep 2022 timeline
Rocket.Chat disclosed a bug submitted by mikolajczak 
Rocket.chat user info security issue
22 Sep 2022 timeline
Rocket.Chat disclosed a bug submitted by gronke 
Message ID Enumeration with Regular Expression in getReadReceipts Meteor method
22 Sep 2022 timeline
Rocket.Chat disclosed a bug submitted by gronke 
API route chat.getThreadsList leaks private message content
22 Sep 2022 timeline
Rocket.Chat disclosed a bug submitted by gronke 
NoSQL-Injection discloses S3 File Upload URLs
22 Sep 2022 timeline
Rocket.Chat disclosed a bug submitted by gronke 
getRoomRoles Method leaks Channel Owner
22 Sep 2022 timeline
Rocket.Chat disclosed a bug submitted by gronke 
TOTP 2 Factor Authentication Bypass
22 Sep 2022 timeline
Rocket.Chat disclosed a bug submitted by gronke 
Message ID Enumeration with Action Link Handler
22 Sep 2022 timeline
Rocket.Chat disclosed a bug submitted by paulocsanz 
REST API gets `query` as parameter and executes it
22 Sep 2022 timeline
Rocket.Chat disclosed a bug submitted by rolfzur 
Unintended information disclosure in the Hubot Log files
22 Sep 2022 timeline
Rocket.Chat disclosed a bug submitted by dago_669 
Bypass local authentication (PIN code)
22 Sep 2022 timeline
1 2 3 4 ... 628
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM