REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Mozilla'
disclosed a bug submitted by
b'adilnbabras'
b"User Can Delete Other Users' Personal Access Tokens at /delete-token/{token_id}/ on Mozilla Pontoon"
10 Apr 2026
b'RubyGems'
disclosed a bug submitted by
b'mclaren650sspider'
b'Memory leak in gem decode logic can allow attacker to take down Rubygems.org application'
09 Apr 2026
b'curl'
disclosed a bug submitted by
b'adityasunny_06'
b'libcurl: Integer truncation in curl_easy_ssls_import() causes TLS sessions to never expire'
09 Apr 2026
b'Glassdoor'
disclosed a bug submitted by
b'auxilus'
b"wasResumeUsed on /api-internal/api.htm endpoint leaking other user's resume usage status"
08 Apr 2026
b'Glassdoor'
disclosed a bug submitted by
b'amakki'
b'Account Takeover'
08 Apr 2026
b'Glassdoor'
disclosed a bug submitted by
b'z3ron3'
b'Open Redirect '
08 Apr 2026
b'AWS VDP'
disclosed a bug submitted by
b'misop00p'
b'Health check errors silently dropped when channel buffer full'
07 Apr 2026
b'Nextcloud'
disclosed a bug submitted by
b'shiva2550'
b"IDOR on via direct photo URL leads to unauthorized access to deleted and other users' photos"
07 Apr 2026
b'curl'
disclosed a bug submitted by
b'mzfr'
b'no_proxy IDN mismatch: Unicode hostnames bypass proxy exclusion list'
07 Apr 2026
b'curl'
disclosed a bug submitted by
b'mzfr'
b'FTP entrypath accepts 0xFF (Telnet IAC) through incomplete ISCNTRL filter, sent on wire via CWD on connection reuse'
07 Apr 2026
b'curl'
disclosed a bug submitted by
b'cutiapretaa'
b'Improper enforcement of CURLOPT_SOCKS5_AUTH due to missing reuse key validation in libcurl'
07 Apr 2026
b'Glassdoor'
disclosed a bug submitted by
b'downgrade'
b'Cross-Site Leakage of Review Ownership via Navigation Detection'
06 Apr 2026
b'Glassdoor'
disclosed a bug submitted by
b'zorixu'
b'eflected Vulnerability in Glassdoor Blog earch'
06 Apr 2026
b'Glassdoor'
disclosed a bug submitted by
b'imtheking'
b'Full account takeover without user Interaction '
06 Apr 2026
b'Monero'
disclosed a bug submitted by
b'jehrenhofermagicgrants'
b'Reported Denial of Service'
06 Apr 2026
b'Monero'
disclosed a bug submitted by
b'jehrenhofermagicgrants'
b'Reported RPC Overflow'
06 Apr 2026
b'Glassdoor'
disclosed a bug submitted by
b'avielt'
b'Unauthorized usage of External API Key (Usage of Google Maps API Key ==> $$$'
06 Apr 2026
b'curl'
disclosed a bug submitted by
b'spiderchan26'
b'# SCURLOPT_SSH_KNOWNHOSTS and host fingerprint pins are silently bypassed when an SSH connection is reused from the connection pool'
06 Apr 2026
b'curl'
disclosed a bug submitted by
b'divsz'
b'SMTP Command Injection via CRLF in libcurl MAIL_FROM / MAIL_RCPT (lib/smtp.c)'
06 Apr 2026
b'curl'
disclosed a bug submitted by
b'spichanlio76'
b"ignoring 'options' when doing connection reuse"
05 Apr 2026
1
...
11
12
13
14
15
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM