REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
64
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'curl'
disclosed a bug submitted by
b'rootsecret3'
b'Silent TLS Trust Model Hijacking via `CURL_CA_BUNDLE` Environment Variable Leads to MITM'
11 Nov 2025
b'curl'
disclosed a bug submitted by
b'rootsecret3'
b'Arbitrary Configuration File Inclusion: via External Control of File Name or Path'
10 Nov 2025
b'curl'
disclosed a bug submitted by
b'haider790h'
b'SMTP CRLF Injection in curl/libcurl via MAIL FROM/RCPT TO parameters'
10 Nov 2025
b'curl'
disclosed a bug submitted by
b'jiyong'
b'libcurl MQTT `CURLOPT_POSTFIELDSIZE_LARGE` overflow leads to immediate DoS'
10 Nov 2025
b'curl'
disclosed a bug submitted by
b'biswarup_das'
b'Unsafe use of strcpy in Curl_ldap_err2string (packages/OS400/os400sys.c) stack-buffer-overflow (PoC + ASan)'
10 Nov 2025
b'curl'
disclosed a bug submitted by
b'bau1u'
b'SMTP CRLF Command Injection in CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT'
10 Nov 2025
b'lemlist'
disclosed a bug submitted by
b'mcdave'
b'Unauthorized Password Reset Allows Account Takeover Across Tenant Boundaries'
07 Nov 2025
b'Lovable VDP'
disclosed a bug submitted by
b'anxioussick'
b'Low-privileged user can enable or disable Lovable AI for new projects in workspace'
07 Nov 2025
b'Django'
disclosed a bug submitted by
b'cyberstan'
b'SQL Injection in Django ORM via Unvalidated `_connector` in Q Objects'
06 Nov 2025
b'curl'
disclosed a bug submitted by
b'giant_anteater'
b'CVE-2025-10966: missing SFTP host verification with wolfSSH'
05 Nov 2025
b'Lovable VDP'
disclosed a bug submitted by
b'd0maxploit'
b'Improper Authorization Leads to Editor can toggle admin-only workspace features (Lovable AI)'
04 Nov 2025
b'Lovable VDP'
disclosed a bug submitted by
b'd0maxploit'
b'Improper Authorization Leads to Editor can toggle admin-only workspace features (Lovable Cloud)'
04 Nov 2025
b'Mozilla'
disclosed a bug submitted by
b'xhacking_z'
b'Microsoft `x-apikey` Exposed in Mozilla CI Public Logs'
03 Nov 2025
b'curl'
disclosed a bug submitted by
b'hackerpllim'
b'HackerOne'
03 Nov 2025
b'curl'
disclosed a bug submitted by
b'hackerpllim'
b'Hi Hacker'
03 Nov 2025
b'curl'
disclosed a bug submitted by
b'oliverkremer'
b'Directory Traversal Vulnerability in cURL via Content-Disposition Header Processing'
01 Nov 2025
b'Hiro'
disclosed a bug submitted by
b'craxermgr'
b'No Confirmation Email For Email Change'
31 Oct 2025
b'Hiro'
disclosed a bug submitted by
b'craxermgr'
b'Information Disclosure'
31 Oct 2025
b'Hiro'
disclosed a bug submitted by
b'vyshnav_nk'
b'REDIRECTION VULNERABILITY/HOST HEADER INJECTION VULNERABILITY'
31 Oct 2025
b'Hiro'
disclosed a bug submitted by
b'myskar'
b'Missing restriction on string size of Full Name at browser.blockstack.org'
31 Oct 2025
1
2
3
4
5
...
744
BY DENIS WERNER - @NOBBD -
IMPRESSUM
