Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Kubernetes' disclosed a bug submitted by b'thisbug' 
b'Attacker can bypass authentication build on ingress external auth (`nginx.ingress.kubernetes.io/auth-url`)'
23 Apr 2022 timeline
b'Shopify' disclosed a bug submitted by b'encryptsaan123' 
b'Bypass of fix #1370749'
22 Apr 2022 timeline
b'Shopify' disclosed a bug submitted by b'tomorrow_future' 
b'After changing the storefront password, the preview link is still valid'
21 Apr 2022 timeline
b'BlackRock' disclosed a bug submitted by b'mrccrqr' 
b'Open redirect by the parameter redirectUri in the URL'
21 Apr 2022 timeline
b'Shopify' disclosed a bug submitted by b'ngalog' 
b'[h1-2102] [Plus] User with Store Management Permission can Make changeDomainEnforcementState - that should be limited to User Management Only'
21 Apr 2022 timeline
b'Shopify' disclosed a bug submitted by b'ngalog' 
b'[h1-2102] [Plus] User with Store Management Permission can Make convertUsersFromSaml/convertUsersToSaml - that should be limited to User Management'
21 Apr 2022 timeline
b'Shopify' disclosed a bug submitted by b'ngalog' 
b'[h1-2102] [PLUS] User with Store Management Permission can Make enforceSamlOrganizationDomains call - that should be limited to User Management Only'
21 Apr 2022 timeline
b'Shopify' disclosed a bug submitted by b'ayyoub' 
b'User with no Develop apps permission can Uninstall Custom App'
21 Apr 2022 timeline
b'Shopify' disclosed a bug submitted by b'ramsexy' 
b'[h1-2102] Improper Access Control at https://shopify.plus/[id]/users/api in operation UpdateOrganizationUserRole'
21 Apr 2022 timeline
b'Shopify' disclosed a bug submitted by b'4bel' 
b'Same the Url'
21 Apr 2022 timeline
b'curl' disclosed a bug submitted by b'medianmedianstride' 
b"curl proceeds with unsafe connections when -K file can't be read"
21 Apr 2022 timeline
b'Zivver' disclosed a bug submitted by b'martinvw' 
b'Timing difference exposes existence of accounts'
21 Apr 2022 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'whoisbinit' 
b'Open Akamai ARL XSS at '
20 Apr 2022 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'takester' 
b'Full account takeover in due lack of rate limiting in forgot password'
20 Apr 2022 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'null_bytes' 
b' vulnerable to CVE-2022-22954'
20 Apr 2022 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'shirshak' 
b'CORS Misconfiguration'
20 Apr 2022 timeline
b'Evernote' disclosed a bug submitted by b'sarka' 
b'Reflected XSS in the shared note view on https://evernote.com'
20 Apr 2022 timeline
b'Mattermost' disclosed a bug submitted by b'mr_anksec' 
b'Invitation Email is resent as a Reminder after invalidating pending email invites'
19 Apr 2022 timeline
b'MTN Group' disclosed a bug submitted by b'pisarenko' 
b'xss on [developers.mtn.com]'
19 Apr 2022 timeline
b'HackerOne' disclosed a bug submitted by b'ahacker1' 
b'An attacker can archive and unarchive any structured scope object on HackerOne'
18 Apr 2022 timeline
1 ... 134 135 136 137 138 ... 738
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM