Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'58 
b'ooooooo_q'52 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'MTN Group' disclosed a bug submitted by b'aliyugombe' 
b'Remote code execution due to unvalidated file upload'
01 Sep 2022 timeline
b'Adobe' disclosed a bug submitted by b'aneeeketh' 
b'API Key reported in #1465145 not rotated and thus is still valid and can be used by anyone'
01 Sep 2022 timeline
b'Hyperledger' disclosed a bug submitted by b'fatal0' 
b'Remote denial of service in HyperLedger Fabric'
01 Sep 2022 timeline
b'Acronis' disclosed a bug submitted by b'mrccrqr' 
b'Any expired reset password link can still be used to reset the password'
01 Sep 2022 timeline
b'Snapchat' disclosed a bug submitted by b'mahfujwhh' 
b'Password reset tokens sent to CSP reporting endpoints'
31 Aug 2022 timeline
b'Cloudflare Public Bug Bounty' disclosed a bug submitted by b'motu-vai' 
b'Enable 2Fa verification without verifying email leads account takeover'
31 Aug 2022 timeline
b'curl' disclosed a bug submitted by b'haxatron1' 
b'CVE-2022-35252: control code in cookie denial of service'
31 Aug 2022 timeline
b'Cloudflare Public Bug Bounty' disclosed a bug submitted by b'lohigowda' 
b'Blind SSRF on platform.dash.cloudflare.com Due to Sentry misconfiguration'
31 Aug 2022 timeline
b'TikTok' disclosed a bug submitted by b'fransrosen' 
b"TikTok's pixel/sdk.js leaks current URL from websites using postMessage"
30 Aug 2022 timeline
b'Palo Alto Software' disclosed a bug submitted by b'zer0code' 
b'weak protection against brute-forcing on login api leads to account takeover '
29 Aug 2022 timeline
b'LinkedIn' disclosed a bug submitted by b'naaash' 
b'Privilege Escalation - "Analyst" Role Can View Email Domains of a Company - [GET /voyager/api/voyagerOrganizationDashEmailDomainMappings]'
26 Aug 2022 timeline
b'GitLab' disclosed a bug submitted by b'mega7' 
b'Unauthorized access'
25 Aug 2022 timeline
b'Stripo Inc' disclosed a bug submitted by b'deb0con' 
b'Non-revoked API Key Information disclosure via Stripo_report()'
25 Aug 2022 timeline
b'MTN Group' disclosed a bug submitted by b'theranger' 
b'Default Login Credentials on https://broadbandmaps.mtn.com.gh/ '
25 Aug 2022 timeline
b'Internet Bug Bounty' disclosed a bug submitted by b'albinowax' 
b'Pause-based desync in Apache HTTPD'
25 Aug 2022 timeline
b'Nord Security' disclosed a bug submitted by b'bashketchum' 
b'NordVPN Linux Client - Unsafe service file permissions leads to Local Privilege Escalation'
24 Aug 2022 timeline
b'Sony' disclosed a bug submitted by b'leo_rac' 
b'Reflected XSS on pages.email.sel.sony.com/page.aspx via jobid parameter'
24 Aug 2022 timeline
b'Uber' disclosed a bug submitted by b'mustafa_farrag' 
b'Golang expvar Information Disclosure'
24 Aug 2022 timeline
b'Node.js' disclosed a bug submitted by b'nagaro' 
b'Off-by-slash vulnerability in nodejs.org and iojs.org'
24 Aug 2022 timeline
b'Invision Power Services, Inc.' disclosed a bug submitted by b'fthacker101' 
b'support.invisionpower.com takeover the subdomain with Zendesk'
24 Aug 2022 timeline
1 ... 107 108 109 110 111 ... 730
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM